[RFC v3 00/19] kunit: introduce KUnit, the Linux kernel unit testing framework
by Brendan Higgins
This patch set proposes KUnit, a lightweight unit testing and mocking
framework for the Linux kernel.
Unlike Autotest and kselftest, KUnit is a true unit testing framework;
it does not require installing the kernel on a test machine or in a VM
and does not require tests to be written in userspace running on a host
kernel. Additionally, KUnit is fast: From invocation to completion KUnit
can run several dozen tests in under a second. Currently, the entire
KUnit test suite for KUnit runs in under a second from the initial
invocation (build time excluded).
KUnit is heavily inspired by JUnit, Python's unittest.mock, and
Googletest/Googlemock for C++. KUnit provides facilities for defining
unit test cases, grouping related test cases into test suites, providing
common infrastructure for running tests, mocking, spying, and much more.
## What's so special about unit testing?
A unit test is supposed to test a single unit of code in isolation,
hence the name. There should be no dependencies outside the control of
the test; this means no external dependencies, which makes tests orders
of magnitudes faster. Likewise, since there are no external dependencies,
there are no hoops to jump through to run the tests. Additionally, this
makes unit tests deterministic: a failing unit test always indicates a
problem. Finally, because unit tests necessarily have finer granularity,
they are able to test all code paths easily solving the classic problem
of difficulty in exercising error handling code.
## Is KUnit trying to replace other testing frameworks for the kernel?
No. Most existing tests for the Linux kernel are end-to-end tests, which
have their place. A well tested system has lots of unit tests, a
reasonable number of integration tests, and some end-to-end tests. KUnit
is just trying to address the unit test space which is currently not
being addressed.
## More information on KUnit
There is a bunch of documentation near the end of this patch set that
describes how to use KUnit and best practices for writing unit tests.
For convenience I am hosting the compiled docs here:
https://google.github.io/kunit-docs/third_party/kernel/docs/
Additionally for convenience, I have applied these patches to a branch:
https://kunit.googlesource.com/linux/+/kunit/rfc/4.19/v3
The repo may be cloned with:
git clone https://kunit.googlesource.com/linux
This patchset is on the kunit/rfc/4.19/v3 branch.
## Changes Since Last Version
- Changed namespace prefix from `test_*` to `kunit_*` as requested by
Shuah.
- Started converting/cleaning up the device tree unittest to use KUnit.
- Started adding KUnit expectations with custom messages.
--
2.20.0.rc0.387.gc7a69e6b6c-goog
2 years, 1 month
[mm PATCH v6 0/7] Deferred page init improvements
by Alexander Duyck
This patchset is essentially a refactor of the page initialization logic
that is meant to provide for better code reuse while providing a
significant improvement in deferred page initialization performance.
In my testing on an x86_64 system with 384GB of RAM and 3TB of persistent
memory per node I have seen the following. In the case of regular memory
initialization the deferred init time was decreased from 3.75s to 1.06s on
average. For the persistent memory the initialization time dropped from
24.17s to 19.12s on average. This amounts to a 253% improvement for the
deferred memory initialization performance, and a 26% improvement in the
persistent memory initialization performance.
I have called out the improvement observed with each patch.
Note: This patch set is meant as a replacment for the v5 set that is already
in the MM tree.
I had considered just doing incremental changes but Pavel at the time
had suggested I submit it as a whole set, however that was almost 3
weeks ago so if incremental changes are preferred let me know and
I can submit the changes as incremental updates.
I appologize for the delay in submitting this follow-on set. I had been
trying to address the DAX PageReserved bit issue at the same time but
that is taking more time than I anticipated so I decided to push this
before the code sits too much longer.
Commit bf416078f1d83 ("mm/page_alloc.c: memory hotplug: free pages as
higher order") causes issues with the revert of patch 7. It was
necessary to replace all instances of __free_pages_boot_core with
__free_pages_core.
v1->v2:
Fixed build issue on PowerPC due to page struct size being 56
Added new patch that removed __SetPageReserved call for hotplug
v2->v3:
Rebased on latest linux-next
Removed patch that had removed __SetPageReserved call from init
Added patch that folded __SetPageReserved into set_page_links
Tweaked __init_pageblock to use start_pfn to get section_nr instead of pfn
v3->v4:
Updated patch description and comments for mm_zero_struct_page patch
Replaced "default" with "case 64"
Removed #ifndef mm_zero_struct_page
Fixed typo in comment that ommited "_from" in kerneldoc for iterator
Added Reviewed-by for patches reviewed by Pavel
Added Acked-by from Michal Hocko
Added deferred init times for patches that affect init performance
Swapped patches 5 & 6, pulled some code/comments from 4 into 5
v4->v5:
Updated Acks/Reviewed-by
Rebased on latest linux-next
Split core bits of zone iterator patch from MAX_ORDER_NR_PAGES init
v5->v6:
Rebased on linux-next with previous v5 reverted
Drop the "This patch" or "This change" from patch desriptions.
Cleaned up patch descriptions for patches 3 & 4
Fixed kerneldoc for __next_mem_pfn_range_in_zone
Updated several Reviewed-by, and incorporated suggestions from Pavel
Added __init_single_page_nolru to patch 5 to consolidate code
Refactored iterator in patch 7 and fixed several issues
---
Alexander Duyck (7):
mm: Use mm_zero_struct_page from SPARC on all 64b architectures
mm: Drop meminit_pfn_in_nid as it is redundant
mm: Implement new zone specific memblock iterator
mm: Initialize MAX_ORDER_NR_PAGES at a time instead of doing larger sections
mm: Move hot-plug specific memory init into separate functions and optimize
mm: Add reserved flag setting to set_page_links
mm: Use common iterator for deferred_init_pages and deferred_free_pages
arch/sparc/include/asm/pgtable_64.h | 30 --
include/linux/memblock.h | 41 +++
include/linux/mm.h | 50 +++
mm/memblock.c | 64 ++++
mm/page_alloc.c | 571 +++++++++++++++++++++--------------
5 files changed, 498 insertions(+), 258 deletions(-)
--
2 years, 7 months
[PATCH v3 1/2] nfit, mce: only handle uncorrectable machine checks
by Vishal Verma
The mce handler for 'nfit' devices is called for memory errors on a
Non-Volatile DIMM, and adds the error location to a 'badblocks' list.
This list is used by the various NVDIMM drivers to avoid consuming known
poison locations during IO.
The mce handler gets called for both corrected and uncorrectable errors.
Until now, both kinds of errors have been added to the badblocks list.
However, corrected memory errors indicate that the problem has already
been fixed by hardware, and the resulting interrupt is merely a
notification to Linux. As far as future accesses to that location are
concerned, it is perfectly fine to use, and thus doesn't need to be
included in the above badblocks list.
Add a check in the nfit mce handler to filter out corrected mce events,
and only process uncorrectable errors.
Reported-by: Omar Avelar <omar.avelar(a)intel.com>
Fixes: 6839a6d96f4e ("nfit: do an ARS scrub on hitting a latent media error")
Cc: stable(a)vger.kernel.org
Cc: Dan Williams <dan.j.williams(a)intel.com>
Cc: Tony Luck <tony.luck(a)intel.com>
Cc: Borislav Petkov <bp(a)alien8.de>
Signed-off-by: Vishal Verma <vishal.l.verma(a)intel.com>
---
arch/x86/include/asm/mce.h | 1 +
arch/x86/kernel/cpu/mcheck/mce.c | 3 ++-
drivers/acpi/nfit/mce.c | 4 ++--
3 files changed, 5 insertions(+), 3 deletions(-)
v3: Unchanged from v2
diff --git a/arch/x86/include/asm/mce.h b/arch/x86/include/asm/mce.h
index 3a17107594c8..3111b3cee2ee 100644
--- a/arch/x86/include/asm/mce.h
+++ b/arch/x86/include/asm/mce.h
@@ -216,6 +216,7 @@ static inline int umc_normaddr_to_sysaddr(u64 norm_addr, u16 nid, u8 umc, u64 *s
int mce_available(struct cpuinfo_x86 *c);
bool mce_is_memory_error(struct mce *m);
+bool mce_is_correctable(struct mce *m);
DECLARE_PER_CPU(unsigned, mce_exception_count);
DECLARE_PER_CPU(unsigned, mce_poll_count);
diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c
index 953b3ce92dcc..27015948bc41 100644
--- a/arch/x86/kernel/cpu/mcheck/mce.c
+++ b/arch/x86/kernel/cpu/mcheck/mce.c
@@ -534,7 +534,7 @@ bool mce_is_memory_error(struct mce *m)
}
EXPORT_SYMBOL_GPL(mce_is_memory_error);
-static bool mce_is_correctable(struct mce *m)
+bool mce_is_correctable(struct mce *m)
{
if (m->cpuvendor == X86_VENDOR_AMD && m->status & MCI_STATUS_DEFERRED)
return false;
@@ -544,6 +544,7 @@ static bool mce_is_correctable(struct mce *m)
return true;
}
+EXPORT_SYMBOL_GPL(mce_is_correctable);
static bool cec_add_mce(struct mce *m)
{
diff --git a/drivers/acpi/nfit/mce.c b/drivers/acpi/nfit/mce.c
index e9626bf6ca29..7a51707f87e9 100644
--- a/drivers/acpi/nfit/mce.c
+++ b/drivers/acpi/nfit/mce.c
@@ -25,8 +25,8 @@ static int nfit_handle_mce(struct notifier_block *nb, unsigned long val,
struct acpi_nfit_desc *acpi_desc;
struct nfit_spa *nfit_spa;
- /* We only care about memory errors */
- if (!mce_is_memory_error(mce))
+ /* We only care about uncorrectable memory errors */
+ if (!mce_is_memory_error(mce) || mce_is_correctable(mce))
return NOTIFY_DONE;
/*
--
2.17.1
2 years, 8 months
[driver-core PATCH v9 0/9] Add NUMA aware async_schedule calls
by Alexander Duyck
This patch set provides functionality that will help to improve the
locality of the async_schedule calls used to provide deferred
initialization.
This patch set originally started out focused on just the one call to
async_schedule_domain in the nvdimm tree that was being used to defer the
device_add call however after doing some digging I realized the scope of
this was much broader than I had originally planned. As such I went
through and reworked the underlying infrastructure down to replacing the
queue_work call itself with a function of my own and opted to try and
provide a NUMA aware solution that would work for a broader audience.
In addition I have added several tweaks and/or clean-ups to the front of the
patch set. Patches 1 through 3 address a number of issues that actually were
causing the existing async_schedule calls to not show the performance that
they could due to either not scaling on a per device basis, or due to issues
that could result in a potential race. For example, patch 3 addresses the
fact that we were calling async_schedule once per driver instead of once
per device, and as a result we would have still ended up with devices
being probed on a non-local node without addressing this first.
I have also updated the kernel module used to test async driver probing so
that it can expose the original issue I was attempting to address.
It will fail on a system of asynchronous work either takes longer than it
takes to load a single device and a single driver with a device already
added. It will also fail if the NUMA node that the driver is loaded on does
not match the NUMA node the device is associated with.
RFC->v1:
Dropped nvdimm patch to submit later.
It relies on code in libnvdimm development tree.
Simplified queue_work_near to just convert node into a CPU.
Split up drivers core and PM core patches.
v1->v2:
Renamed queue_work_near to queue_work_node
Added WARN_ON_ONCE if we use queue_work_node with per-cpu workqueue
v2->v3:
Added Acked-by for queue_work_node patch
Continued rename from _near to _node to be consistent with queue_work_node
Renamed async_schedule_near_domain to async_schedule_node_domain
Renamed async_schedule_near to async_schedule_node
Added kerneldoc for new async_schedule_XXX functions
Updated patch description for patch 4 to include data on potential gains
v3->v4
Added patch to consolidate use of need_parent_lock
Make asynchronous driver probing explicit about use of drvdata
v4->v5
Added patch to move async_synchronize_full to address deadlock
Added bit async_probe to act as mutex for probe/remove calls
Added back nvdimm patch as code it relies on is now in Linus's tree
Incorporated review comments on parent & device locking consolidation
Rebased on latest linux-next
v5->v6:
Drop the "This patch" or "This change" from start of patch descriptions.
Drop unnecessary parenthesis in first patch
Use same wording for "selecting a CPU" in comments added in first patch
Added kernel documentation for async_probe member of device
Fixed up comments for async_schedule calls in patch 2
Moved code related setting async driver out of device.h and into dd.c
Added Reviewed-by for several patches
v6->v7:
Fixed typo which had kernel doc refer to "lock" when I meant "unlock"
Dropped "bool X:1" to "u8 X:1" from patch description
Added async_driver to device_private structure to store driver
Dropped unecessary code shuffle from async_probe patch
Reordered patches to move fixes up to front
Added Reviewed-by for several patches
Updated cover page and patch descriptions throughout the set
v7->v8:
Replaced async_probe value with dead, only apply dead in device_del
Dropped Reviewed-by from patch 2 due to significant changes
Added Reviewed-by for patches reviewed by Luis Chamberlain
v8->v9:
Dropped patch 1 as it was applied, shifted remaining patches by 1
Added new patch 9 that adds test framework for NUMA and sequential init
Tweaked what is now patch 1, and added Reviewed-by from Dan Williams
---
Alexander Duyck (9):
driver core: Establish order of operations for device_add and device_del via bitflag
device core: Consolidate locking and unlocking of parent and device
driver core: Probe devices asynchronously instead of the driver
workqueue: Provide queue_work_node to queue work near a given NUMA node
async: Add support for queueing on specific NUMA node
driver core: Attach devices on CPU local to device node
PM core: Use new async_schedule_dev command
libnvdimm: Schedule device registration on node local to the device
driver core: Rewrite test_async_driver_probe to cover serialization and NUMA affinity
drivers/base/base.h | 4
drivers/base/bus.c | 46 +----
drivers/base/core.c | 11 +
drivers/base/dd.c | 160 +++++++++++++----
drivers/base/power/main.c | 12 +
drivers/base/test/test_async_driver_probe.c | 261 +++++++++++++++++++++------
drivers/nvdimm/bus.c | 11 +
include/linux/async.h | 82 ++++++++
include/linux/device.h | 5 +
include/linux/workqueue.h | 2
kernel/async.c | 53 +++--
kernel/workqueue.c | 84 +++++++++
12 files changed, 565 insertions(+), 166 deletions(-)
--
2 years, 9 months
[PATCH 0/8] Introduce a device-dax bus-based device-model
by Dan Williams
Prompted by the review of "[PATCH 0/9] Allow persistent memory to be
used like normal RAM" [1] introduce a new bus / device-driver-model
for device-dax.
Currently device-dax instances result from attaching an nvdimm namespace
device to the dax_pmem driver. These instances are registered with the
/sys/class/dax sub-system. With the expectation that platforms will
describe performance differentiated memory [2] for ranges other than
persistent memory (pmem) a new device-model is needed.
Arrange for dax_pmem to be one of potentially several drivers that know
how to discover differentiated memory and register a device instance on
the dax bus. The expectation is that, by default, this device is
consumed by the typical device-dax driver that will expose the range
through a /dev/daxX.Y character device. Optionally other drivers can
consume the dax device instance. For example, the kmem driver [1] can
attach to device-dax device instance to hot-add the related memory range
to the core page-allocator.
Going forward, provider drivers outside of dax_pmem can be created to
register other memories with unique performance properties.
Since /sys/class/dax is a released ABI, a compat driver is provided so
that distros can opt-in to the new bus based ABI. The /sys/class/dax
interface is then deprecated and scheduled to be removed.
[1]: https://lkml.org/lkml/2018/10/23/9
[2]: Section 5.2.27 Heterogeneous Memory Attribute Table (HMAT)
http://www.uefi.org/sites/default/files/resources/ACPI%206_2_A_Sept29.pdf
---
Dan Williams (8):
device-dax: Kill dax_region ida
device-dax: Kill dax_region base
device-dax: Remove multi-resource infrastructure
device-dax: Start defining a dax bus model
device-dax: Introduce bus + driver model
device-dax: Move resource pinning+mapping into the common driver
device-dax: Add support for a dax override driver
device-dax: Add /sys/class/dax backwards compatibility
Documentation/ABI/obsolete/sysfs-class-dax | 22 +
drivers/dax/Kconfig | 12 +
drivers/dax/Makefile | 5
drivers/dax/bus.c | 449 ++++++++++++++++++++++++++++
drivers/dax/bus.h | 60 ++++
drivers/dax/dax-private.h | 30 +-
drivers/dax/dax.h | 18 -
drivers/dax/device-dax.h | 25 --
drivers/dax/device.c | 365 +++++------------------
drivers/dax/pmem.c | 161 ----------
drivers/dax/pmem/Makefile | 7
drivers/dax/pmem/compat.c | 73 +++++
drivers/dax/pmem/core.c | 69 ++++
drivers/dax/pmem/pmem.c | 40 ++
drivers/dax/super.c | 41 ++-
tools/testing/nvdimm/Kbuild | 7
tools/testing/nvdimm/dax-dev.c | 16 -
17 files changed, 880 insertions(+), 520 deletions(-)
create mode 100644 Documentation/ABI/obsolete/sysfs-class-dax
create mode 100644 drivers/dax/bus.c
create mode 100644 drivers/dax/bus.h
delete mode 100644 drivers/dax/dax.h
delete mode 100644 drivers/dax/device-dax.h
delete mode 100644 drivers/dax/pmem.c
create mode 100644 drivers/dax/pmem/Makefile
create mode 100644 drivers/dax/pmem/compat.c
create mode 100644 drivers/dax/pmem/core.c
create mode 100644 drivers/dax/pmem/pmem.c
2 years, 9 months
[PATCH v15 00/16] Adding security support for nvdimm
by Dave Jiang
The following series implements security support for nvdimm based on Intel
DSM spec v1.8. The passphrase is protected by encrypted-key and managed
through the kernel key management framework. The security features
supported are security state show, passphrase enable/update, passphrase
disable, crypto erase, overwrite, and master passphrase enable/update and
erase. Instead of allowing the security DSMs being issued via ioctl, the
features are managed through a sysfs attribute that accept the relevant
keyid for the encrypted-key(s).
v15:
- Fixed !SMP x86 build. (0-day)
- Misc fixes to overwrite (Dan)
- Changed NDD_SECURITY_BUSY to NDD_SECURITY_OVERWRITE and
NDD_SECURITY_OVERWRITE to NDD_WORK_PENDING. (Dan)
- Fixed shutdown path to handle work item cancellation and added bus lock. (Dan)
v14:
- Cleanup security_store input parsing. (Dan)
- Move overwrite query to system workqueue. (Dan)
- Add code to cleanup work items on nvdimm removal. (Dan)
- Add nvdimm bus locking for overwrite query. (Dan)
- Make parameter to determine passphrase type an enum. (Dan)
- Remove master passphrase states and reuse existing states. (Dan)
- Cleanup C99 initialization. (Dan)
- Fix typos and grammar errors in documentation. (Jing)
v13:
- Rebased to v4.20-rc5 and combined/squashed various patches from the two
patch series. Various cleanups from Dan. (Mimi)
- Change encrypted-key nvdimm key format to enc32 key format to make it
generic for future usages. (Dan)
- Output error code for nvdimm_setup_security_events() failure. (Robert)
- Make nfit_test output consistent. (Robert)
v12:
- Add a mutex for the cached key and remove key_get/key_put messiness (Dan)
- Move security code to its own C file and wrap under CONFIG_NVDIMM_SECURITY
in order to fix issue reported by 0-day build without CONFIG_KEYS.
v11:
- Dropped keyring usage. (David)
- Fixed up scanf handling. (David)
- Removed callout info for request_key(). (David)
- Included Dan's patches and folded in some changes from Dan. (Dan)
- Made security_show a weak function to allow test override. (Dan)
v10:
- Change usage of strcmp to sysfs_streq. (Dan)
- Lock nvdimm bus when doing secure erase. (Dan)
- Change dev_info to dev_dbg for dimm unlocked success output. (Dan)
v9:
- Addressed various misc comments. (David, Dan)
- Removed init_cred and replaced with current_cred(). (David)
- Changed NVDIMM_PREFIX to char[] constant (David)
- Moved NVDIMM_PREFIX to include/uapi/linux/ndctl.h (Dan)
- Reworked security_update to use old user key to verify against kernel
key and then update with new user key. (David)
- Added requirement of disable and erase to require old user key for
verify. (Dan)
- Updated documentation. (Dave)
v8:
- Make the keys retained by the kernel user searchable in order to find the
key that needs to be updated for key update.
v7:
- Add CONFIG_KEYS depenency for libnvdimm. (Alison)
- Export lookup_user_key(). (David)
- Modified "update" to take two key ids and and use lookup_user_key() in
order to improve security. (David)
- Use key ptrs and key_validate() for cached keys. (David)
v6:
- Fix intel DSM data structures to use defined size for passphrase (Robert)
- Fix memcpy size to use sizeof data structure member (Robert)
- Fix defined dimm id length (Robert)
- Making intel_security_ops const (Eric)
- Remove unused var in nvdimm_key_search() (Eric)
- Added wbinvd before secure erase is issued (Robert)
- Removed key_put_sync() usage (David)
- Use init_cred instead of creating own cred (David)
- Exported init_cred symbol
- Move keyring to dedicated (David)
- Use logon_key_type and friends instead of creating custom (David)
- Use key_lookup() with stored key serial (David)
- Exported key_lookup() symbol
- Mark passed in key data as const (David)
- Added comment for change_pass_phrase to explain how it works (David)
- Unlink key when it's being removed from keyring. (David)
- Removed request_key() from all security ops except update and unlock.
- Update will now update the existing key's payload with the new key's
retrieved from userspace when the new payload is accepted by nvdimm.
v5:
- Moved dimm_id initialization (Dan)
- Added a key_put_sync() in order to run key_gc_work and cleanup old key. (Dan)
- Added check to block security state changes while DIMM is active. (Dan)
v4:
- flip payload layout for update passphrase to make it easier on userland.
v3:
- Set x86 wrappers for x86 only bits. (Dan)
- Fixed up some verbiage in commit headers.
- Put in usage of sysfs_streq() for sysfs inputs.
- 0-day build fixes for non-x86 archs.
v2:
- Move inclusion of intel.h to relevant source files and not in nfit.h. (Dan)
- Moved security ring relevant code to dimm_devs.c. (Dan)
- Added dimm_id to nfit_mem to avoid recreate per sysfs show call. (Dan)
- Added routine to return security_ops based on family supplied. (Dan)
- Added nvdimm_key_data struct to wrap raw passphrase string. (Dan)
- Allocate firmware package on stack. (Dan)
- Added missing frozen state detection when retrieving security state.
---
Dan Williams (1):
acpi/nfit, libnvdimm: Add unlock of nvdimm support for Intel DIMMs
Dave Jiang (15):
acpi/nfit: Add support for Intel DSM 1.8 commands
acpi/nfit, libnvdimm: Store dimm id as a member to struct nvdimm
keys: Export lookup_user_key to external users
keys-encrypted: add nvdimm key format type to encrypted keys
acpi/nfit, libnvdimm: Introduce nvdimm_security_ops
acpi/nfit, libnvdimm: Add freeze security support to Intel nvdimm
acpi/nfit, libnvdimm: Add disable passphrase support to Intel nvdimm.
acpi/nfit, libnvdimm: Add enable/update passphrase support for Intel nvdimms
acpi/nfit, libnvdimm: Add support for issue secure erase DSM to Intel nvdimm
acpi/nfit, libnvdimm/security: Add security DSM overwrite support
acpi/nfit, libnvdimm/security: add Intel DSM 1.8 master passphrase support
tools/testing/nvdimm: Add test support for Intel nvdimm security DSMs
tools/testing/nvdimm: Add overwrite support for nfit_test
tools/testing/nvdimm: add Intel DSM 1.8 support for nfit_test
libnvdimm/security: Add documentation for nvdimm security support
Documentation/nvdimm/security.txt | 141 +++++++
Documentation/security/keys/trusted-encrypted.rst | 6
drivers/acpi/nfit/Kconfig | 11 +
drivers/acpi/nfit/Makefile | 1
drivers/acpi/nfit/core.c | 93 ++++
drivers/acpi/nfit/intel.c | 390 ++++++++++++++++++
drivers/acpi/nfit/intel.h | 76 ++++
drivers/acpi/nfit/nfit.h | 24 +
drivers/nvdimm/Kconfig | 4
drivers/nvdimm/Makefile | 1
drivers/nvdimm/bus.c | 31 +
drivers/nvdimm/dimm.c | 16 +
drivers/nvdimm/dimm_devs.c | 210 +++++++++-
drivers/nvdimm/nd-core.h | 29 +
drivers/nvdimm/nd.h | 8
drivers/nvdimm/region_devs.c | 5
drivers/nvdimm/security.c | 454 +++++++++++++++++++++
include/linux/key.h | 3
include/linux/libnvdimm.h | 76 +++-
security/keys/encrypted-keys/encrypted.c | 29 +
security/keys/internal.h | 2
security/keys/process_keys.c | 1
tools/testing/nvdimm/Kbuild | 3
tools/testing/nvdimm/dimm_devs.c | 41 ++
tools/testing/nvdimm/test/nfit.c | 321 +++++++++++++++
25 files changed, 1931 insertions(+), 45 deletions(-)
create mode 100644 Documentation/nvdimm/security.txt
create mode 100644 drivers/acpi/nfit/intel.c
create mode 100644 drivers/nvdimm/security.c
create mode 100644 tools/testing/nvdimm/dimm_devs.c
--
2 years, 9 months
[PATCH 1/4] libndctl: Use the supported_alignment attribute
by Oliver O'Halloran
Newer kernels provide the "supported_alignments" sysfs attribute that
indicates what alignments can be used with a PFN or DAX namespace. This
patch adds the plumbing inside of libndctl to allow users to query this
information through using:
ndctl_{dax|pfn}_get_supported_alignment(), and
ndctl_{dax|pfn}_get_num_alignments()
Signed-off-by: Oliver O'Halloran <oohall(a)gmail.com>
---
ndctl/lib/libndctl.c | 40 ++++++++++++++++++++++++++++++++++++++++
ndctl/lib/libndctl.sym | 7 +++++++
ndctl/libndctl.h | 6 ++++++
3 files changed, 53 insertions(+)
diff --git a/ndctl/lib/libndctl.c b/ndctl/lib/libndctl.c
index 0c3a35e5bcc9..4d0e58a22953 100644
--- a/ndctl/lib/libndctl.c
+++ b/ndctl/lib/libndctl.c
@@ -31,6 +31,7 @@
#include <ccan/build_assert/build_assert.h>
#include <ndctl.h>
+#include <util/size.h>
#include <util/sysfs.h>
#include <ndctl/libndctl.h>
#include <ndctl/namespace.h>
@@ -237,6 +238,7 @@ struct ndctl_pfn {
int buf_len;
uuid_t uuid;
int id, generation;
+ struct ndctl_lbasize alignments;
};
struct ndctl_dax {
@@ -4781,6 +4783,18 @@ static void *__add_pfn(struct ndctl_pfn *pfn, const char *pfn_base)
else
pfn->size = strtoull(buf, NULL, 0);
+ /*
+ * If the kernel doesn't provide the supported_alignments sysfs
+ * attribute then it's safe to assume that we are running on x86
+ * which will always support 2MB and 4KB alignments.
+ */
+ sprintf(path, "%s/supported_alignments", pfn_base);
+ if (sysfs_read_attr(ctx, path, buf) < 0)
+ sprintf(buf, "%d %d", SZ_4K, SZ_2M);
+
+ if (parse_lbasize_supported(ctx, pfn_base, buf, &pfn->alignments) < 0)
+ goto err_read;
+
free(path);
return pfn;
@@ -5015,6 +5029,22 @@ NDCTL_EXPORT int ndctl_pfn_set_align(struct ndctl_pfn *pfn, unsigned long align)
return 0;
}
+NDCTL_EXPORT unsigned int ndctl_pfn_get_num_alignments(struct ndctl_pfn *pfn)
+{
+ return pfn->alignments.num;
+}
+
+NDCTL_EXPORT int ndctl_pfn_get_supported_alignment(struct ndctl_pfn *pfn, int i)
+{
+ if (pfn->alignments.num == 0)
+ return 0;
+
+ if (i < 0 || i > pfn->alignments.num)
+ return UINT_MAX;
+ else
+ return pfn->alignments.supported[i];
+}
+
NDCTL_EXPORT int ndctl_pfn_set_namespace(struct ndctl_pfn *pfn,
struct ndctl_namespace *ndns)
{
@@ -5237,6 +5267,16 @@ NDCTL_EXPORT unsigned long ndctl_dax_get_align(struct ndctl_dax *dax)
return ndctl_pfn_get_align(&dax->pfn);
}
+NDCTL_EXPORT unsigned int ndctl_dax_get_num_alignments(struct ndctl_dax *dax)
+{
+ return ndctl_pfn_get_num_alignments(&dax->pfn);
+}
+
+NDCTL_EXPORT int ndctl_dax_get_supported_alignment(struct ndctl_dax *dax, int i)
+{
+ return ndctl_pfn_get_supported_alignment(&dax->pfn, i);
+}
+
NDCTL_EXPORT int ndctl_dax_has_align(struct ndctl_dax *dax)
{
return ndctl_pfn_has_align(&dax->pfn);
diff --git a/ndctl/lib/libndctl.sym b/ndctl/lib/libndctl.sym
index 6c4c8b4dfb8e..0103c1b71a1d 100644
--- a/ndctl/lib/libndctl.sym
+++ b/ndctl/lib/libndctl.sym
@@ -385,3 +385,10 @@ global:
ndctl_namespace_get_next_badblock;
ndctl_dimm_get_dirty_shutdown;
} LIBNDCTL_17;
+
+LIBNDCTL_19 {
+ ndctl_pfn_get_supported_alignment;
+ ndctl_pfn_get_num_alignments;
+ ndctl_dax_get_supported_alignment;
+ ndctl_dax_get_num_alignments;
+} LIBNDCTL_18;
diff --git a/ndctl/libndctl.h b/ndctl/libndctl.h
index 62cef9e82da3..4ff25c0a4783 100644
--- a/ndctl/libndctl.h
+++ b/ndctl/libndctl.h
@@ -681,6 +681,12 @@ enum ND_FW_STATUS ndctl_cmd_fw_xlat_firmware_status(struct ndctl_cmd *cmd);
struct ndctl_cmd *ndctl_dimm_cmd_new_ack_shutdown_count(struct ndctl_dimm *dimm);
int ndctl_dimm_fw_update_supported(struct ndctl_dimm *dimm);
+unsigned int ndctl_pfn_get_num_alignments(struct ndctl_pfn *pfn);
+int ndctl_pfn_get_supported_alignment(struct ndctl_pfn *pfn, int i);
+
+unsigned int ndctl_dax_get_num_alignments(struct ndctl_dax *dax);
+int ndctl_dax_get_supported_alignment(struct ndctl_dax *dax, int i);
+
#ifdef __cplusplus
} /* extern "C" */
#endif
--
2.17.2
2 years, 9 months
[PATCH v6 00/12] ndctl: add security support
by Dave Jiang
The following series implements mechanisms that utilize the sysfs knobs
provided by the kernel in order to support the Intel DSM v1.8 spec
that provides security to NVDIMM. The following abilities are added:
1. display security state
2. enable/update passphrase
3. disable passphrase
4. freeze security
5. secure erase
6. overwrite
7. master passphrase enable/update
v6:
- Fix spelling and grammar errors for documentation. (Jing)
- Change bool for indicate master passphrase and old passphrase to enum.
- Fix key load script master key name.
- Update to match v15 of kernel patch series.
v5:
- Updated to match latest kernel interface (encrypted keys)
- Added overwrite support
- Added support for DSM v1.8 master passphrase operations
- Removed upcall related code
- Moved security state to enum (Dan)
- Change security output "security_state" to just "security". (Dan)
- Break out enable and update passphrase operation. (Dan)
- Security build can be compiled out when keyutils does not exist. (Dan)
- Move all keyutils related operations to libndctl. (Dan)
v4:
- Updated to match latest kernel interface.
- Added unit test for all security calls
v3:
- Added support to inject keys in order to update nvdimm security.
v2:
- Fixup the upcall util to match recent kernel updates for nvdimm security.
---
Dave Jiang (12):
ndctl: add support for display security state
ndctl: add passphrase update to ndctl
ndctl: add disable security support
ndctl: add support for freeze security
ndctl: add support for sanitize dimm
ndctl: add unit test for security ops (minus overwrite)
ndctl: setup modprobe rules
ndctl: add overwrite operation support
ndctl: add overwrite-wait support
ndctl: master phassphrase management support
ndctl: add master secure erase support
ndctl: documentation for security and key management
Documentation/ndctl/Makefile.am | 8
Documentation/ndctl/intel-nvdimm-security.txt | 139 ++++++
Documentation/ndctl/ndctl-disable-passphrase.txt | 29 +
Documentation/ndctl/ndctl-enable-passphrase.txt | 44 ++
Documentation/ndctl/ndctl-freeze-security.txt | 22 +
Documentation/ndctl/ndctl-list.txt | 8
Documentation/ndctl/ndctl-sanitize-dimm.txt | 44 ++
Documentation/ndctl/ndctl-update-passphrase.txt | 40 ++
Documentation/ndctl/ndctl-wait-overwrite.txt | 31 +
Makefile.am | 10
builtin.h | 6
configure.ac | 14 +
contrib/ndctl-loadkeys.sh | 24 +
contrib/nvdimm_modprobe.conf | 1
ndctl.spec.in | 2
ndctl/Makefile.am | 3
ndctl/dimm.c | 242 ++++++++++-
ndctl/lib/Makefile.am | 8
ndctl/lib/dimm.c | 203 +++++++++
ndctl/lib/keys.c | 501 ++++++++++++++++++++++
ndctl/lib/libndctl.sym | 19 +
ndctl/libndctl.h | 76 +++
ndctl/ndctl.c | 6
test/Makefile.am | 4
test/security.sh | 191 ++++++++
util/json.c | 31 +
26 files changed, 1693 insertions(+), 13 deletions(-)
create mode 100644 Documentation/ndctl/intel-nvdimm-security.txt
create mode 100644 Documentation/ndctl/ndctl-disable-passphrase.txt
create mode 100644 Documentation/ndctl/ndctl-enable-passphrase.txt
create mode 100644 Documentation/ndctl/ndctl-freeze-security.txt
create mode 100644 Documentation/ndctl/ndctl-sanitize-dimm.txt
create mode 100644 Documentation/ndctl/ndctl-update-passphrase.txt
create mode 100644 Documentation/ndctl/ndctl-wait-overwrite.txt
create mode 100755 contrib/ndctl-loadkeys.sh
create mode 100644 contrib/nvdimm_modprobe.conf
create mode 100644 ndctl/lib/keys.c
create mode 100755 test/security.sh
--
2 years, 9 months
ndctl ver 63: Basic newbie query: Unable to destroy namespaces
by Kamal Kakri
h/w: HP ProLiant Gen10 box with 4 nvdimms (16gb each)
# uname -aLinux fox22hv.lab.netapp.com 4.19.0-1.el7.elrepo.x86_64 #1 SMP Mon Oct 22 10:40:32 EDT 2018 x86_64 x86_64 x86_64 GNU/Linux
# ndctl --version
63+
Im not sure if I have label-less namespace or not. My intention was to play around with ndctl, destroy default 16gb namespaces and create some of my own. This may be due to user error or config error but I am not able to get past this. I have dug through every bit of info available online and have exhausted my options, hence this email.
I have not been able to destroy the default 16gb namespace. I get this error:
# ndctl destroy-namespace namespace0.0destroyed 0 namespaces
# ndctl destroy-namespace -f namespace0.0 -v
libndctl: __sysfs_device_parse: base: /sys/class/nd dev: ndctl
libndctl: __sysfs_device_parse: ndctl0: processed
libndctl: __sysfs_device_parse: base: /sys/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0012:00/ndbus0 dev: region
libndctl: to_module: failed to find module for alias: nd:t2 0 list: empty
libndctl: __sysfs_device_parse: region2: processed
libndctl: to_module: failed to find module for alias: nd:t2 0 list: empty
libndctl: __sysfs_device_parse: region0: processed
libndctl: to_module: failed to find module for alias: nd:t2 0 list: empty
libndctl: __sysfs_device_parse: region3: processed
libndctl: to_module: failed to find module for alias: nd:t2 0 list: empty
libndctl: __sysfs_device_parse: region1: processed
libndctl: __sysfs_device_parse: base: /sys/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0012:00/ndbus0/region1 dev: namespace1.
libndctl: to_module: alias: nd:t4 module: nd_pmem
libndctl: __sysfs_device_parse: namespace1.0: processed
libndctl: __sysfs_device_parse: base: /sys/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0012:00/ndbus0/region3 dev: namespace3.
libndctl: to_module: alias: nd:t4 module: nd_pmem
libndctl: __sysfs_device_parse: namespace3.0: processed
libndctl: __sysfs_device_parse: base: /sys/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0012:00/ndbus0/region0 dev: namespace0.
libndctl: to_module: alias: nd:t4 module: nd_pmem
libndctl: __sysfs_device_parse: namespace0.0: processed
libndctl: __sysfs_device_parse: base: /sys/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0012:00/ndbus0/region0 dev: pfn0.
libndctl: to_module: alias: nd:t4 module: nd_pmem
libndctl: __sysfs_read_attr: failed to read /sys/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0012:00/ndbus0/region0/pfn0.0/resource: No such device or address
libndctl: __sysfs_read_attr: failed to read /sys/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0012:00/ndbus0/region0/pfn0.0/size: No such device or address
libndctl: __sysfs_device_parse: pfn0.0: processed
libndctl: __sysfs_device_parse: base: /sys/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0012:00/ndbus0/region0 dev: dax0.
libndctl: to_module: alias: nd:t7 module: dax_pmem
libndctl: __sysfs_read_attr: failed to read /sys/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0012:00/ndbus0/region0/dax0.0/resource: No such device or address
libndctl: __sysfs_read_attr: failed to read /sys/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0012:00/ndbus0/region0/dax0.0/size: No such device or address
libndctl: __sysfs_device_parse: dax0.0: processed
libndctl: __sysfs_device_parse: base: /sys/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0012:00/ndbus0/region0 dev: btt0.
libndctl: to_module: alias: nd:t4 module: nd_pmem
libndctl: parse_lbasize_supported: btt0.0: 512 520 528 4096 4104 4160 4224
libndctl: __sysfs_read_attr: failed to read /sys/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0012:00/ndbus0/region0/btt0.0/size: No such device or address
libndctl: __sysfs_device_parse: btt0.0: processed
libndctl: write_attr: failed to write to /sys/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0012:00/ndbus0/region0/namespace0.0/holder_class: No such device or address
libndctl: __sysfs_device_parse: base: /sys/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0012:00/ndbus0/region2 dev: namespace2.
libndctl: to_module: alias: nd:t4 module: nd_pmem
libndctl: __sysfs_device_parse: namespace2.0: processed
destroyed 0 namespaces
Then I tried to disable the region and see s little different error msg:# ndctl disable-region region0
disabled 1 region
# ndctl destroy-namespace namespace0.0 -v
libndctl: __sysfs_device_parse: base: /sys/class/nd dev: ndctl
libndctl: __sysfs_device_parse: ndctl0: processed
libndctl: __sysfs_device_parse: base: /sys/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0012:00/ndbus0 dev: region
libndctl: to_module: failed to find module for alias: nd:t2 0 list: empty
libndctl: __sysfs_device_parse: region2: processed
libndctl: to_module: failed to find module for alias: nd:t2 0 list: empty
libndctl: __sysfs_device_parse: region0: processed
libndctl: to_module: failed to find module for alias: nd:t2 0 list: empty
libndctl: __sysfs_device_parse: region3: processed
libndctl: to_module: failed to find module for alias: nd:t2 0 list: empty
libndctl: __sysfs_device_parse: region1: processed
libndctl: __sysfs_device_parse: base: /sys/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0012:00/ndbus0/region1 dev: namespace1.
libndctl: to_module: alias: nd:t4 module: nd_pmem
libndctl: __sysfs_device_parse: namespace1.0: processed
libndctl: __sysfs_device_parse: base: /sys/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0012:00/ndbus0/region3 dev: namespace3.
libndctl: to_module: alias: nd:t4 module: nd_pmem
libndctl: __sysfs_device_parse: namespace3.0: processed
libndctl: __sysfs_device_parse: base: /sys/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0012:00/ndbus0/region0 dev: namespace0.
libndctl: __sysfs_device_parse: base: /sys/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0012:00/ndbus0/region2 dev: namespace2.
libndctl: to_module: alias: nd:t4 module: nd_pmem
libndctl: __sysfs_device_parse: namespace2.0: processed
error destroying namespaces: No such device or address
destroyed 0 namespaces
Trying to read the labels is also not working:# ndctl read-labels nmem1 -v
libndctl: __sysfs_device_parse: base: /sys/class/nd dev: ndctl
libndctl: __sysfs_device_parse: ndctl0: processed
libndctl: __sysfs_device_parse: base: /sys/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0012:00/ndbus0 dev: nmem
libndctl: to_module: failed to find module for alias: nd:t1 0 list: empty
libndctl: parse_dimm_flags: nmem2:
libndctl: __sysfs_read_attr: failed to open /sys/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0012:00/ndbus0/nmem2/nfit/dirty_shutdown: No such file or directory
libndctl: parse_nfit_mem_flags: nmem2: smart_notify
libndctl: __sysfs_device_parse: nmem2: processed
libndctl: to_module: failed to find module for alias: nd:t1 0 list: empty
libndctl: parse_dimm_flags: nmem0:
libndctl: __sysfs_read_attr: failed to open /sys/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0012:00/ndbus0/nmem0/nfit/dirty_shutdown: No such file or directory
libndctl: parse_nfit_mem_flags: nmem0: smart_notify
libndctl: __sysfs_device_parse: nmem0: processed
libndctl: to_module: failed to find module for alias: nd:t1 0 list: empty
libndctl: parse_dimm_flags: nmem3:
libndctl: __sysfs_read_attr: failed to open /sys/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0012:00/ndbus0/nmem3/nfit/dirty_shutdown: No such file or directory
libndctl: parse_nfit_mem_flags: nmem3: smart_notify
libndctl: __sysfs_device_parse: nmem3: processed
libndctl: to_module: failed to find module for alias: nd:t1 0 list: empty
libndctl: parse_dimm_flags: nmem1:
libndctl: __sysfs_read_attr: failed to open /sys/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0012:00/ndbus0/nmem1/nfit/dirty_shutdown: No such file or directory
libndctl: parse_nfit_mem_flags: nmem1: smart_notify
libndctl: __sysfs_device_parse: nmem1: processed
libndctl: ndctl_dimm_cmd_new_cfg_size: unsupported cmd
read 0 nmem
Here are my kernel options:CONFIG_LIBNVDIMM=y
CONFIG_BLK_DEV_PMEM=m
CONFIG_ND_BLK=m
CONFIG_ND_CLAIM=y
CONFIG_ND_BTT=m
CONFIG_BTT=y
CONFIG_ND_PFN=m
CONFIG_NVDIMM_PFN=y
CONFIG_NVDIMM_DAX=y
CONFIG_DAX_DRIVER=y
CONFIG_DAX=y
CONFIG_DEV_DAX=m
CONFIG_DEV_DAX_PMEM=m
CONFIG_NVMEM=y
Would appreciate if someone can help.
Thanks,KK
2 years, 9 months
[ndctl PATCH 0/7] ndctl/monitor: Cleanups and fixes
by Dan Williams
Prompted by a need to add more commands to daxctl, and define a new
configuration file for daxctl to install, I took a look at the ndctl
monitor configuration file implementation and several fixes fell out.
An initial attempt to remove casts from the ndctl monitor uncovered
other cleanup opportunities. The motivation for some of the casts in
ndctl/monitor.c was due to the need to de-reference the 'ctx' parameter
passed to the log routines. That issue can be mitigated by teaching the
command harness to pass a typed version of the @ctx argument to the
builtin-command routines. However, looking closer, the monitor should
not be passing @ctx to the log routines, it should establish its own
log-context. That lead to the discovery of a few more cleanup
opportunities, like unnecessary usage of vaprintf().
More is possible. I am not comfortable with the fact that the log
facility dynamically changes the output and the output target based on
the priority. The monitor also has several occasions where it is
dynamically allocating memory unnecessarily.
---
Dan Williams (7):
ndctl, daxctl: Split builtin.h per-command
ndctl, daxctl: Add type-safety to command harness
ndctl/monitor: Drop 'struct ndctl_ctx *' casts
ndctl/monitor: Unify definition of default monitor configfile path
ndctl/monitor: Fix / cleanup log_file()
ndctl/monitor: Drop vasprintf usage
ndctl/monitor: Kill usage of ndctl/lib/private.h
builtin.h | 51 ----------------
configure.ac | 8 ++
daxctl/builtin.h | 8 ++
daxctl/daxctl.c | 16 ++---
daxctl/list.c | 2 -
ndctl/Makefile.am | 6 +-
ndctl/bat.c | 2 -
ndctl/builtin.h | 35 +++++++++++
ndctl/bus.c | 4 +
ndctl/create-nfit.c | 2 -
ndctl/dimm.c | 18 +++---
ndctl/inject-error.c | 3 -
ndctl/inject-smart.c | 3 -
ndctl/list.c | 2 -
ndctl/monitor.c | 163 ++++++++++++++++++++------------------------------
ndctl/namespace.c | 10 ++-
ndctl/ndctl.c | 64 ++++++++++----------
ndctl/region.c | 4 +
ndctl/test.c | 2 -
util/main.c | 13 ++--
util/main.h | 20 ++++++
21 files changed, 207 insertions(+), 229 deletions(-)
delete mode 100644 builtin.h
create mode 100644 daxctl/builtin.h
create mode 100644 ndctl/builtin.h
2 years, 9 months