diff options
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/atf_python/ktest.py | 12 | ||||
| -rw-r--r-- | tests/sys/aio/aio_test.c | 12 | ||||
| -rw-r--r-- | tests/sys/fs/tarfs/tarfs_test.sh | 6 | ||||
| -rw-r--r-- | tests/sys/mac/ipacl/Makefile | 5 | ||||
| -rw-r--r-- | tests/sys/mac/ipacl/ipacl_test.sh | 16 | ||||
| -rw-r--r-- | tests/sys/mac/ipacl/utils.subr | 4 | ||||
| -rw-r--r-- | tests/sys/mac/portacl/Makefile | 1 | ||||
| -rw-r--r-- | tests/sys/mac/portacl/misc.sh | 12 | ||||
| -rw-r--r-- | tests/sys/mac/portacl/nobody_test.sh | 1 | ||||
| -rw-r--r-- | tests/sys/mac/portacl/root_test.sh | 1 | ||||
| -rw-r--r-- | tests/sys/netinet/Makefile | 1 | ||||
| -rw-r--r-- | tests/sys/netinet/so_reuseport_lb_test.c | 5 | ||||
| -rw-r--r-- | tests/sys/netinet/tcp_hpts_test.py | 4 | ||||
| -rw-r--r-- | tests/sys/netpfil/pf/ether.sh | 3 | ||||
| -rw-r--r-- | tests/sys/netpfil/pf/nat.sh | 7 | ||||
| -rw-r--r-- | tests/sys/netpfil/pf/rules_counter.sh | 1 | ||||
| -rw-r--r-- | tests/sys/netpfil/pf/syncookie.sh | 3 | ||||
| -rw-r--r-- | tests/sys/vm/mmap_test.c | 31 |
18 files changed, 82 insertions, 43 deletions
diff --git a/tests/atf_python/ktest.py b/tests/atf_python/ktest.py index a18f47d1dd06..a671aaa1fd4c 100644 --- a/tests/atf_python/ktest.py +++ b/tests/atf_python/ktest.py @@ -67,6 +67,10 @@ class KtestLoader(object): def __init__(self, module_name: str, autoload: bool): self.module_name = module_name self.autoload = autoload + # Ensure the base ktest.ko module is loaded + result = libc.kldload("ktest") + if result != 0 and result != 17: # 17 is EEXIST (already loaded) + logger.debug(f"Failed to load base ktest module (error {result})") self.helper = NlHelper() self.nlsock = Nlsock(NlConst.NETLINK_GENERIC, self.helper) self.family_id = self._get_family_id() @@ -76,7 +80,9 @@ class KtestLoader(object): family_id = self.nlsock.get_genl_family_id(NETLINK_FAMILY) except ValueError: if self.autoload: - libc.kldload(self.module_name) + result = libc.kldload(self.module_name) + if result != 0 and result != 17: # 17 is EEXIST (already loaded) + raise RuntimeError(f"Failed to load kernel module '{self.module_name}' (error {result})") family_id = self.nlsock.get_genl_family_id(NETLINK_FAMILY) else: raise @@ -103,7 +109,9 @@ class KtestLoader(object): def load_ktests(self): ret = self._load_ktests() if not ret and self.autoload: - libc.kldload(self.module_name) + result = libc.kldload(self.module_name) + if result != 0 and result != 17: # 17 is EEXIST (already loaded) + raise RuntimeError(f"Failed to load kernel module '{self.module_name}' (error {result})") ret = self._load_ktests() return ret diff --git a/tests/sys/aio/aio_test.c b/tests/sys/aio/aio_test.c index b9f8e7062203..def8a9d548d6 100644 --- a/tests/sys/aio/aio_test.c +++ b/tests/sys/aio/aio_test.c @@ -775,7 +775,7 @@ ATF_TC_BODY(pipe_waitcomplete, tc) aio_pipe_test(waitcomplete, NULL); } -#define MD_LEN GLOBAL_MAX +#define DEVICE_IO_LEN GLOBAL_MAX #define MDUNIT_LINK "mdunit_link" static int @@ -794,7 +794,7 @@ aio_md_setup(void) mdio.md_version = MDIOVERSION; mdio.md_type = MD_MALLOC; mdio.md_options = MD_AUTOUNIT | MD_COMPRESS; - mdio.md_mediasize = GLOBAL_MAX; + mdio.md_mediasize = 1024 * 1024; /* 1 MB, enough for max_buf_aio up to 2047 */ mdio.md_sectorsize = 512; strlcpy(buf, __func__, sizeof(buf)); mdio.md_label = buf; @@ -856,7 +856,7 @@ aio_md_test(completion comp, struct sigevent *sev, bool vectored) int fd; fd = aio_md_setup(); - aio_context_init(&ac, fd, fd, MD_LEN); + aio_context_init(&ac, fd, fd, DEVICE_IO_LEN); if (vectored) { aio_writev_test(&ac, comp, sev); aio_readv_test(&ac, comp, sev); @@ -1846,7 +1846,9 @@ ATF_TC_BODY(vectored_big_iovcnt, tc) atf_tc_fail("aio failed: %s", strerror(errno)); if (len != buflen) - atf_tc_fail("aio short write (%jd)", (intmax_t)len); + atf_tc_fail("aio short write: got %jd, expected: %jd " + "(max_buf_aio=%d, iovcnt=%zu)", + (intmax_t)len, (intmax_t)buflen, max_buf_aio, aio.aio_iovcnt); bzero(&aio, sizeof(aio)); aio.aio_fildes = fd; @@ -1995,7 +1997,7 @@ aio_zvol_test(completion comp, struct sigevent *sev, bool vectored, int fd; fd = aio_zvol_setup(unique); - aio_context_init(&ac, fd, fd, MD_LEN); + aio_context_init(&ac, fd, fd, DEVICE_IO_LEN); if (vectored) { aio_writev_test(&ac, comp, sev); aio_readv_test(&ac, comp, sev); diff --git a/tests/sys/fs/tarfs/tarfs_test.sh b/tests/sys/fs/tarfs/tarfs_test.sh index 20baadfea5c5..d4de71271985 100644 --- a/tests/sys/fs/tarfs/tarfs_test.sh +++ b/tests/sys/fs/tarfs/tarfs_test.sh @@ -67,9 +67,9 @@ tarfs_basic_body() { mktar "${tarball}" atf_check mount -rt tarfs "${tarball}" "${mnt}" atf_check -o match:"^${tarball} on ${mnt} \(tarfs," mount - atf_check_equal "$(stat -f%d,%i "${mnt}"/sparse_file)" "$(stat -f%d,%i "${mnt}"/hard_link)" - atf_check_equal "$(stat -f%d,%i "${mnt}"/sparse_file)" "$(stat -L -f%d,%i "${mnt}"/short_link)" - atf_check_equal "$(stat -f%d,%i "${mnt}"/sparse_file)" "$(stat -L -f%d,%i "${mnt}"/long_link)" + atf_check test "${mnt}"/sparse_file -ef "${mnt}"/hard_link + atf_check test "${mnt}"/sparse_file -ef "${mnt}"/short_link + atf_check test "${mnt}"/sparse_file -ef "${mnt}"/long_link atf_check -o inline:"${sum}\n" sha256 -q "${mnt}"/sparse_file atf_check -o inline:"2,40755\n" stat -f%l,%p "${mnt}"/directory atf_check -o inline:"1,100644\n" stat -f%l,%p "${mnt}"/file diff --git a/tests/sys/mac/ipacl/Makefile b/tests/sys/mac/ipacl/Makefile index e083f6c1a69c..93b29e250ea5 100644 --- a/tests/sys/mac/ipacl/Makefile +++ b/tests/sys/mac/ipacl/Makefile @@ -6,4 +6,9 @@ ATF_TESTS_SH+= ipacl_test ${PACKAGE}FILES+= utils.subr +.for t in ${ATF_TESTS_SH} +TEST_METADATA.$t+= required_kmods="mac_ipacl" +TEST_METADATA.$t+= is_exclusive="true" +.endfor + .include <bsd.test.mk> diff --git a/tests/sys/mac/ipacl/ipacl_test.sh b/tests/sys/mac/ipacl/ipacl_test.sh index 0de1b414857b..892f4c154b66 100644 --- a/tests/sys/mac/ipacl/ipacl_test.sh +++ b/tests/sys/mac/ipacl/ipacl_test.sh @@ -40,6 +40,9 @@ ipacl_v4_body() { ipacl_test_init + prev_ipacl_ipv4="$(sysctl -n security.mac.ipacl.ipv4)" + prev_ipacl_rules="$(sysctl -n security.mac.ipacl.rules)" + epairA=$(vnet_mkepair) epairB=$(vnet_mkepair) epairC=$(vnet_mkepair) @@ -130,8 +133,9 @@ ipacl_v4_body() atf_check -s not-exit:0 -e ignore \ jexec A ifconfig ${epairA}b 203.0.113.1/24 up - # Reset rules OID. - sysctl security.mac.ipacl.rules= + # Reset sysctls. + sysctl security.mac.ipacl.rules="${prev_ipacl_rules}" + sysctl security.mac.ipacl.ipv4="${prev_ipacl_ipv4}" } ipacl_v4_cleanup() @@ -151,6 +155,9 @@ ipacl_v6_body() { ipacl_test_init + prev_ipacl_ipv6="$(sysctl -n security.mac.ipacl.ipv6)" + prev_ipacl_rules="$(sysctl -n security.mac.ipacl.rules)" + epairA=$(vnet_mkepair) epairB=$(vnet_mkepair) epairC=$(vnet_mkepair) @@ -265,8 +272,9 @@ ipacl_v6_body() atf_check -s not-exit:0 -e ignore jexec A ifconfig \ ${epairA}b inet6 2001:db8::abcd/32 up - # Reset rules OID. - sysctl security.mac.ipacl.rules= + # Reset sysctls. + sysctl security.mac.ipacl.rules="${prev_ipacl_rules}" + sysctl security.mac.ipacl.ipv6="${prev_ipacl_ipv6}" } ipacl_v6_cleanup() diff --git a/tests/sys/mac/ipacl/utils.subr b/tests/sys/mac/ipacl/utils.subr index 1d80414bafea..2fff8b1862da 100644 --- a/tests/sys/mac/ipacl/utils.subr +++ b/tests/sys/mac/ipacl/utils.subr @@ -5,10 +5,6 @@ ipacl_test_init() { vnet_init - - if ! kldstat -q -m mac_ipacl; then - atf_skip "mac_ipacl is not loaded" - fi } ipacl_test_cleanup() diff --git a/tests/sys/mac/portacl/Makefile b/tests/sys/mac/portacl/Makefile index 856a85d331d5..28c3a5cd71ce 100644 --- a/tests/sys/mac/portacl/Makefile +++ b/tests/sys/mac/portacl/Makefile @@ -8,6 +8,7 @@ TAP_TESTS_SH+= nobody_test TAP_TESTS_SH+= root_test .for t in ${TAP_TESTS_SH} +TEST_METADATA.$t+= required_kmods="mac_portacl" TEST_METADATA.$t+= required_user="root" TEST_METADATA.$t+= timeout="450" TEST_METADATA.$t+= is_exclusive="true" diff --git a/tests/sys/mac/portacl/misc.sh b/tests/sys/mac/portacl/misc.sh index a1b729c87777..4d3f18fce1c1 100644 --- a/tests/sys/mac/portacl/misc.sh +++ b/tests/sys/mac/portacl/misc.sh @@ -1,15 +1,5 @@ #!/bin/sh -sysctl security.mac.portacl >/dev/null 2>&1 -if [ $? -ne 0 ]; then - echo "1..0 # SKIP MAC_PORTACL is unavailable." - exit 0 -fi -if [ $(id -u) -ne 0 ]; then - echo "1..0 # SKIP testcases must be run as root" - exit 0 -fi - ntest=1 check_bind() { @@ -95,6 +85,7 @@ bind_test() { sysctl security.mac.portacl.rules= >/dev/null } +portacl_enabled=$(sysctl -n security.mac.portacl.enabled) reserved_high=$(sysctl -n net.inet.ip.portrange.reservedhigh) suser_exempt=$(sysctl -n security.mac.portacl.suser_exempt) port_high=$(sysctl -n security.mac.portacl.port_high) @@ -103,4 +94,5 @@ restore_settings() { sysctl -n net.inet.ip.portrange.reservedhigh=${reserved_high} >/dev/null sysctl -n security.mac.portacl.suser_exempt=${suser_exempt} >/dev/null sysctl -n security.mac.portacl.port_high=${port_high} >/dev/null + sysctl -n security.mac.portacl.enabled=${portacl_enabled} >/dev/null } diff --git a/tests/sys/mac/portacl/nobody_test.sh b/tests/sys/mac/portacl/nobody_test.sh index 7e64f68113ea..a3f2168dc81d 100644 --- a/tests/sys/mac/portacl/nobody_test.sh +++ b/tests/sys/mac/portacl/nobody_test.sh @@ -13,6 +13,7 @@ trap restore_settings EXIT INT TERM sysctl security.mac.portacl.suser_exempt=1 >/dev/null sysctl net.inet.ip.portrange.reservedhigh=78 >/dev/null +sysctl security.mac.portacl.enabled=1 >/dev/null bind_test fl fl uid nobody tcp 77 bind_test ok ok uid nobody tcp 7777 diff --git a/tests/sys/mac/portacl/root_test.sh b/tests/sys/mac/portacl/root_test.sh index daa5b147b4fa..d8898ff4f80e 100644 --- a/tests/sys/mac/portacl/root_test.sh +++ b/tests/sys/mac/portacl/root_test.sh @@ -10,6 +10,7 @@ echo "1..48" trap restore_settings EXIT INT TERM sysctl security.mac.portacl.suser_exempt=1 >/dev/null +sysctl security.mac.portacl.enabled=1 >/dev/null bind_test ok ok uid root tcp 77 bind_test ok ok uid root tcp 7777 diff --git a/tests/sys/netinet/Makefile b/tests/sys/netinet/Makefile index b742342beecb..9739221676ce 100644 --- a/tests/sys/netinet/Makefile +++ b/tests/sys/netinet/Makefile @@ -30,6 +30,7 @@ ATF_TESTS_SH= arp \ ATF_TESTS_PYTEST+= carp.py ATF_TESTS_PYTEST+= igmp.py +ATF_TESTS_PYTEST+= tcp_hpts_test.py LIBADD.so_reuseport_lb_test= pthread LIBADD.udp_bindings= pthread diff --git a/tests/sys/netinet/so_reuseport_lb_test.c b/tests/sys/netinet/so_reuseport_lb_test.c index fa9d6e425884..0479bd070ca6 100644 --- a/tests/sys/netinet/so_reuseport_lb_test.c +++ b/tests/sys/netinet/so_reuseport_lb_test.c @@ -375,6 +375,11 @@ ATF_TC_BODY(concurrent_add, tc) usleep(20000); } + + for (size_t j = nitems(threads); j > 0; j--) { + ATF_REQUIRE(pthread_cancel(threads[j - 1]) == 0); + ATF_REQUIRE(pthread_join(threads[j - 1], NULL) == 0); + } } /* diff --git a/tests/sys/netinet/tcp_hpts_test.py b/tests/sys/netinet/tcp_hpts_test.py new file mode 100644 index 000000000000..c56383fb310f --- /dev/null +++ b/tests/sys/netinet/tcp_hpts_test.py @@ -0,0 +1,4 @@ +from atf_python.ktest import BaseKernelTest + +class TestTcpHpts(BaseKernelTest): + KTEST_MODULE_NAME = "ktest_tcphpts" diff --git a/tests/sys/netpfil/pf/ether.sh b/tests/sys/netpfil/pf/ether.sh index f0fdce50a7d3..f15dff06f9cd 100644 --- a/tests/sys/netpfil/pf/ether.sh +++ b/tests/sys/netpfil/pf/ether.sh @@ -287,6 +287,7 @@ captive_body() # Run the echo server only on the gw, so we know we've redirectly # correctly if we get an echo message. jexec gw /usr/sbin/inetd -p ${PWD}/echo_inetd.pid $(atf_get_srcdir)/echo_inetd.conf + sleep 1 # Confirm that we're getting redirected atf_check -s exit:0 -o match:"^foo$" -x "echo foo | nc -N 198.51.100.2 7" @@ -305,6 +306,7 @@ captive_body() # Start a server in srv jexec srv /usr/sbin/inetd -p ${PWD}/echo_inetd.pid $(atf_get_srcdir)/echo_inetd.conf + sleep 1 # And now we can talk to that one. atf_check -s exit:0 -o match:"^foo$" -x "echo foo | nc -N 198.51.100.2 7" @@ -364,6 +366,7 @@ captive_long_body() jexec gw /usr/sbin/inetd -p ${PWD}/gw.pid $(atf_get_srcdir)/echo_inetd.conf jexec srv /usr/sbin/inetd -p ${PWD}/srv.pid $(atf_get_srcdir)/daytime_inetd.conf + sleep p1 echo foo | nc -N 198.51.100.2 13 diff --git a/tests/sys/netpfil/pf/nat.sh b/tests/sys/netpfil/pf/nat.sh index e55f46418221..1ef87cee3598 100644 --- a/tests/sys/netpfil/pf/nat.sh +++ b/tests/sys/netpfil/pf/nat.sh @@ -55,6 +55,9 @@ exhaust_body() jexec echo ifconfig ${epair_echo}b 198.51.100.2/24 up jexec echo /usr/sbin/inetd -p ${PWD}/inetd-echo.pid $(atf_get_srcdir)/echo_inetd.conf + # Disable checksum offload on one of the interfaces to ensure pf handles that + jexec nat ifconfig ${epair_nat}a -txcsum + # Enable pf! jexec nat pfctl -e pft_set_rules nat \ @@ -474,6 +477,7 @@ no_addrs_random_cleanup() pft_cleanup } +atf_test_case "nat_pass" "cleanup" nat_pass_head() { atf_set descr 'IPv4 NAT on pass rule' @@ -505,6 +509,7 @@ nat_pass_cleanup() pft_cleanup } +atf_test_case "nat_match" "cleanup" nat_match_head() { atf_set descr 'IPv4 NAT on match rule' @@ -644,6 +649,7 @@ map_e_pass_cleanup() pft_cleanup } +atf_test_case "binat_compat" "cleanup" binat_compat_head() { atf_set descr 'IPv4 BINAT with nat ruleset' @@ -710,6 +716,7 @@ binat_compat_cleanup() kill $(cat ${PWD}/inetd_tester.pid) } +atf_test_case "binat_match" "cleanup" binat_match_head() { atf_set descr 'IPv4 BINAT with nat ruleset' diff --git a/tests/sys/netpfil/pf/rules_counter.sh b/tests/sys/netpfil/pf/rules_counter.sh index 98f96a7adca1..e80a46e9d6c6 100644 --- a/tests/sys/netpfil/pf/rules_counter.sh +++ b/tests/sys/netpfil/pf/rules_counter.sh @@ -153,6 +153,7 @@ atf_test_case "4G" "cleanup" { atf_set descr 'Test keepcounter for values above 32 bits' atf_set require.user root + atf_set timeout 900 } 4G_body() diff --git a/tests/sys/netpfil/pf/syncookie.sh b/tests/sys/netpfil/pf/syncookie.sh index fad90f3b2618..598ac17c67f5 100644 --- a/tests/sys/netpfil/pf/syncookie.sh +++ b/tests/sys/netpfil/pf/syncookie.sh @@ -253,6 +253,9 @@ Creativity, no. __EOF__ nc -l $addr $port >out & + # Give the background nc time to start + sleep 1 + atf_check nc -N $addr $port < in atf_check -o file:in cat out diff --git a/tests/sys/vm/mmap_test.c b/tests/sys/vm/mmap_test.c index 6bc30f73ca95..27d02ae667fb 100644 --- a/tests/sys/vm/mmap_test.c +++ b/tests/sys/vm/mmap_test.c @@ -36,21 +36,6 @@ #include <stdio.h> #include <stdlib.h> -static const struct { - void *addr; - int ok[2]; /* Depending on security.bsd.map_at_zero {0, !=0}. */ -} map_at_zero_tests[] = { - { (void *)0, { 0, 1 } }, /* Test sysctl. */ - { (void *)1, { 0, 0 } }, - { (void *)(PAGE_SIZE - 1), { 0, 0 } }, - { (void *)PAGE_SIZE, { 1, 1 } }, - { (void *)-1, { 0, 0 } }, - { (void *)(-PAGE_SIZE), { 0, 0 } }, - { (void *)(-1 - PAGE_SIZE), { 0, 0 } }, - { (void *)(-1 - PAGE_SIZE - 1), { 0, 0 } }, - { (void *)(0x1000 * PAGE_SIZE), { 1, 1 } }, -}; - #define MAP_AT_ZERO "security.bsd.map_at_zero" #ifdef __LP64__ @@ -68,6 +53,22 @@ ATF_TC_BODY(mmap__map_at_zero, tc) int map_at_zero; bool allow_wx; int prot_flags; + size_t pgsz = getpagesize(); + + const struct { + void *addr; + int ok[2]; /* Depending on security.bsd.map_at_zero {0, !=0}. */ + } map_at_zero_tests[] = { + { (void *)0, { 0, 1 } }, /* Test sysctl. */ + { (void *)1, { 0, 0 } }, + { (void *)(pgsz - 1), { 0, 0 } }, + { (void *)pgsz, { 1, 1 } }, + { (void *)-1, { 0, 0 } }, + { (void *)(-pgsz), { 0, 0 } }, + { (void *)(-1 - pgsz), { 0, 0 } }, + { (void *)(-1 - pgsz - 1), { 0, 0 } }, + { (void *)(0x1000 * pgsz), { 1, 1 } }, + }; len = sizeof(map_at_zero); if (sysctlbyname(MAP_AT_ZERO, &map_at_zero, &len, NULL, 0) == -1) { |