Commit Graph

2518 Commits

Author SHA1 Message Date
Mark Johnston 41b03932e5 tests: Add a simple regression test for an execve overflow bug
MFC after:	2 weeks
2026-05-04 17:28:02 +00:00
Ryan Libby d5728351a5 amd/int0x80 test: fix inline asm for gcc
Gcc complained about the unused %0 asm argument.

Fixes:	2c2ec6bbc9 ("tests/sys/arch/amd64: add a program to check INT $0x80 behavior on amd64")
Reviewed by:	kib, markj
Differential Revision:	https://reviews.freebsd.org/D56781
2026-05-04 09:34:41 -07:00
Mark Johnston 47ae0135d4 tests/if_lagg: Minor improvements
- Set require.kmods instead of relying on ifconfig to load if_lagg.ko,
  as this doesn't work when running within a jail.
- Simplify helper functions which create tap and lagg devices.

MFC after:	1 week
2026-05-03 21:51:50 +00:00
Mark Johnston 001cfc7b8a tests/timerfd: Serialize
At least one of these tests changes the system clock, which potentially
interferes with concurrently running tests and causes them to fail.

MFC after:	1 week
2026-05-03 21:51:49 +00:00
Mark Johnston 476805133f unix: Make sure we signal EOF on the write side when disconnecting
Add a regression test.

PR:		294014
Reported by:	diizzy
Reviewed by:	glebius
MFC after:	1 week
Fixes:		d157927807 ("unix: new implementation of unix/stream & unix/seqpacket")
Differential Revision:	https://reviews.freebsd.org/D56764
2026-05-03 21:51:49 +00:00
Zhenlei Huang 9137c66c2e tests/carp: Rework unicast_v4
For unicast tests, it is sufficient to use wait_for_carp() to verify
the setup is sane. Additional sanity checks are not necessarily
required but can serve purpose for redundancy.

For some unclear reason routed(8) is advertising route to carp BACKUP.
That makes the test flaky. Also routed(8) is marked deprecated and may
be removed from base in the future. Let's just add static route entry
manually for additional sanity checks.

Other noticeable changes:
  1. Add atf_check to configuration steps to prevent potential failure
on setup. That helps diagnosing on failure.
  2. Shorten the names of jails to improve readability.
  3. Prefer `[ifconfig|route|sysctl] -j` over `jexec [ifconfig|route|sysctl]`
to make the lines shorter.

PR:		294817
Reviewed by:	glebius (previous version), pouria, markj
Fixes:		93fbdef51a tests: carp: Update test case unicast_v4 to catch PR 284872
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D56761
2026-05-03 19:02:15 +08:00
Kyle Evans 910f78a514 tests: fix remaining test failures under _FORTIFY_SOURCE
The getgroups test is a NetBSD tests, so just apply our larger hammer
and disable the feature entirely.  The audit test can take a more
surgical approach and use __ssp_real() appropriately, since it's a local
one.

PR:		294881
Reviewed by:	markj
Differential Revision:	https://reviews.freebsd.org/D56735
2026-04-30 21:58:48 -05:00
Pouria Mousavizadeh Tehrani 23b8d16c66 tests/netlink: Add nexthop group tests for multipath
Added tests:
* Test for creating multiple routes.
* Test for merge multiple nexthops into a single nexthop group.
* Test for nexthop expirations from a nexthop group.

Reviewed by: glebius
Differential Revision: https://reviews.freebsd.org/D56190
2026-05-01 01:36:20 +03:30
Felipe Matarazzo 0e680203d5 fix typo: recieved -> received in test comment
Signed-off-by: Felipe Matarazzo <felipemps@protonmail.com>
Reviewed-by: ngie
Pull-Request: https://github.com/freebsd/freebsd-src/pull/2174
2026-04-30 09:29:19 -07:00
Kristof Provost 6f9ddb329b pf: improve SCTP validation
As per RFC5061 "4.2.  New Parameter Types" the add/delete IP address
parameters (0xc001, 0xc002) may not be present in an INIT or INIT-ACK
chunk. They are only allowed to be present in an ASCONF chunk.

This also prevents unbounded recursion while parsing an SCTP packet.

Approved by:	so
Security:	FreeBSD-SA-26:14.pf
Security:	CVE-2026-7164
PR:		294799
Reported by:	Igor Gabriel Sousa e Souza
Sponsored by:	Orange Business Services
2026-04-29 14:39:28 +00:00
Konstantin Belousov 2c2ec6bbc9 tests/sys/arch/amd64: add a program to check INT $0x80 behavior on amd64
Requested and reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D56654
2026-04-29 06:49:46 +03:00
Li-Wen Hsu 41c5a4a2f8 sys.net.if_wg.wg_key_peerdev_makeshared: Add require metadata
Add require.user root and require.kmods if_wg to
wg_key_peerdev_makeshared_head(), consistent with the other wg tests.

Without if_wg.ko causes ifconfig wg create to fail with EINVAL.  The
test also needs root to create jails.

Sponsored by:	The FreeBSD Foundation
2026-04-29 01:27:26 +08:00
Zhenlei Huang afa4648b6a tests: Temporarily skip two testcases
The changes [1] and [2] made to CURRENT introduce races between ifnet
detach and vmove operations. That requires extra effort to fix. They
are not MFCed to stable branches so the latter are not affected.
Temporarily skip two affected tests on CURRENT right now.

[1] 0bf42a0a05 bpf: virtualize bpf_iflist
[2] a4d766caf7 bpf: add a crutch to support if_vmove

PR:		292993
Discussed with:	kp
2026-04-28 03:17:22 +08:00
Zhenlei Huang 0988abd523 tests/netgraph: Add a test for races between if_detach() and vnet_if_return()
A ng_eiface(4) or physical interface does not involve the cloner hence
the detaching is a bit different with epair(4). Add more tests to cover
that.

PR:		292993
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D56609
2026-04-28 03:17:22 +08:00
Zhenlei Huang f4be16983d tests/net/if_clone_test: Add a test for races between if_detach() and if_vmove_reclaim()
Ideally we shall have tests for all possible races. It is races between
if_detach(), if_vmove_loan(), if_vmove_reclaim() and vnet_if_return().
Well that requires too many tests and it appears to be less valuable to
have them all. So focus on potential in future regressions related to
recent fixes [1] and [2] only.

[1] ee9456ce37 ifnet: Fix races in if_vmove_reclaim()
[2] ba7f47d47d ifnet: if_detach(): Fix races with vmove operations

MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D56606
2026-04-28 03:17:21 +08:00
Mark Johnston a02d794f5a nullfs: Clear inotify flags during reclaim
The inotify flags are copied from the lower vnode into the nullfs vnode
so that the INOTIFY() macro will invoke VOP_INOTIFY on the nullfs vnode;
this is then bypassed to the lower vnode.  However, when a nullfs vnode
is reclaimed we should clear these flags, as the vnode is now doomed and
no longer forwards VOPs to the lower vnode.

Add regression tests.  Remove a test in vn_inotify_revoke() which is no
longer needed after this change.

PR:		292495
Reviewed by:	kib
Reported by:	Jed Laundry <jlaundry@jlaundry.com>
Fixes:		f1f230439f ("vfs: Initial revision of inotify")
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D56639
2026-04-26 01:56:14 +00:00
Mark Johnston bea1741147 tests/ipfw: Make tests run more reliably in parallel
- Don't use /dev/null as the pidfile for inetd, that doesn't work
  properly.  Create a pidfile in the per-test scratch directory.
- Use atf_check to validate results from setup commands.

MFC after:	1 week
2026-04-26 01:56:13 +00:00
Mark Johnston 75c6621840 tests/posixshm: Check for hardware support in largepage_pkru
MFC after:	3 days
Fixes:		ca87c0b8e3 ("pkru: Fix handling of 1GB largepage mappings")
2026-04-24 13:23:03 +00:00
R. Christian McDonald 4578c15ab9 pf: Document broadcast/multicast forwarding through route-to
pf_route() and pf_route6() forward broadcast and multicast traffic
when a route-to rule matches, without any check against the output
interface's broadcast domain. This is a deliberate property of the
route option code path, but it is not documented and the workaround
is non-obvious.

Document the behavior in pf.conf(5) with example block-out rules on
the target interface, scoped with the received-on qualifier so that
only forwarded traffic is dropped while the router's own broadcast
and multicast traffic continues to pass.

Add regression tests covering the full broadcast/multicast and
forwarded/local matrix on both IPv4 and IPv6.

Reviewed by:	glebius, kp
Approved by:	kp (mentor)
MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D56559
2026-04-23 15:23:59 -04:00
Siva Mahadevan 60000d94b4 tests/pf/nat: endpoint_independent: wait for tcpdump to start
This matches pflog.sh tests and fixes flaky tests found in CI[0].

[0] https://ci.freebsd.org/job/FreeBSD-main-amd64-test/28126/testReport/junit/sys.netpfil.pf/nat/endpoint_independent_exhaust/

PR:	289628
Reviewed by:	glebius
Approved by:	lwhsu (mentor)
Sponsored by:	The FreeBSD Foundation
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D56145
2026-04-23 09:11:08 -04:00
Kristof Provost fb83835275 pf: fix duplicate rule detection for automatic tables
We should look at the table name for automatic tables as well. These
are different tables, so the rules using them are (or can be) different
as well.

MFC after:	3 days
Reported by:	Michael Sinatra <michael@burnttofu.net>
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2026-04-23 11:11:38 +02:00
Li-Wen Hsu 81abe47cd5 tests/sys/arch/aarch64: set TESTSDIR so Kyuafile is installed correctly
Fixes:		0ddaa4c86d ("arm64: Add arm64 SVE tests")
Sponsored by:	The FreeBSD Foundation
2026-04-23 04:15:01 +08:00
Olivier Cochard 19213b8eb3 ctl: require ctladm in addition to sg_opcodes
Each test case in opcodes.sh uses ctladm to create and remove the LUN it
exercises, but only sg_opcodes was listed in require.progs.
On systems where ctladm is not builded the tests would fail at setup instead of
being skipped cleanly.

Approved by:	asomers
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D56568
2026-04-22 16:16:15 +02:00
Olivier Cochard d865149874 tests/netinet6: fix missing require.progs
Approved by:	pouria
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D56569
2026-04-22 10:46:26 +02:00
Mark Johnston 30b7621d46 tests/sys/net: Set require.kmods where appropriate 2026-04-21 16:13:19 +00:00
Mark Johnston ca87c0b8e3 pkru: Fix handling of 1GB largepage mappings
pmap_pkru_update_range() did not handle the case where a PDPE has PG_PS
set.  More generally, the SET_PKRU and CLEAR_PKRU sysarch
implementations did not check whether the request covers a "boundary" vm
map entry.  Fix this, add the missing PG_PS test, and add some tests.

Approved by:	so
Security:	FreeBSD-SA-26:11.amd64
Security:	CVE-2026-6386
Reported by:	Nicholas Carlini <npc@anthropic.com>
Reviewed by:	kib, alc
Differential Revision:	https://reviews.freebsd.org/D56184
2026-04-21 15:41:34 +00:00
Mark Johnston 093903a8d4 tty: Avoid leaving dangling pointers in tty_drop_ctty()
The TIOCNOTTY handler detaches the calling process from its controlling
terminal.  It clears the link from the session to the tty, but not the
pointers from the tty to the session and process group.  This means that
sess_release() doesn't call tty_rel_sess(), and that pgdelete() doesn't
call tty_rel_pgrp(), so the pointers are left dangling.

Fix this by clearing pointers in tty_drop_ctty().  Add a standalone
regression test.

Approved by:	so
Security:	FreeBSD-SA-26:10.tty
Security:	CVE-2026-5398
Reported by:	Nicholas Carlini <npc@anthropic.com>
Reviewed by:	kib, kevans
Fixes:		1b50b999f9 ("tty: implement TIOCNOTTY")
Differential Revision:	https://reviews.freebsd.org/D56046
2026-04-21 15:41:34 +00:00
Mark Johnston 9592b0870c tests/aio: Avoid skipping zvol tests
The underlying bugs which caused them to be flaky are now fixed.

PR:		258766
2026-04-20 16:50:01 +00:00
Mark Johnston d3d0466cae tests/socket_afinet: Fix the bind_connected_port test
The test verifies that a socket can bind to a local address assigned by
connect(2) to a different socket.  It was however trying to bind to the
wrong address, and the check of the result was inverted, so this went
unnoticed.  It also needs to set SO_REUSEADDR for this to succeed.

Reported by:	glebius
MFC after:	1 week
2026-04-20 15:07:20 +00:00
Pouria Mousavizadeh Tehrani f6bcc0925f tests/netinet6: Add test for route information option
Test handling of receiving multiple route information options in RA.

Reviewed by: glebius
Differential Revision: https://reviews.freebsd.org/D56216
2026-04-18 02:22:26 +03:30
Pouria Mousavizadeh Tehrani c173f02045 tests/netinet6: Add SLAAC and RA validation tests to ndp
* RA hop limit validation
* RA source address validation
* Multi router RA validation
* Two hour rule RA validation
* SLAAC onlink prefix switching test

Reviewed by: glebius
Differential Revision: https://reviews.freebsd.org/D56128
2026-04-18 02:22:24 +03:30
Mark Johnston 9f6041fb57 tests/socket_afinet: Remove a conditional skip
The test runs without any unexpected results when mac_portacl is loaded.

PR:		238781
MFC after:	1 week
2026-04-17 12:48:39 +00:00
Kristof Provost 95fe1ba557 pf tests: test having multiple state limiters
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2026-04-17 13:55:06 +02:00
Kyle Evans 51d2c38010 tests: kqueue: improve diagnostics for our CPONFORK test
Notably, confirm in the child that our close-on-fork fd is actually
closed, and break RECV_ALL out into a table and check each bit
individually to provide a better message when the test fails.

While we're here, just switch to waitid() rather than trying to identify
the point where we have to make the switch.  This reduces maintenance
slightly, as keeping our assertion static would require still adding to
a _RECV_ALL mask *just* for that purpose.

Reviewed by:	kib, markj (both slightly earlier version)
Differential Revision:	https://reviews.freebsd.org/D56372
2026-04-16 22:57:06 -05:00
Ryan Libby 0c09c6527b tests/fusefs: appease gcc -Wcast-qual
Fix gcc build error.

Reviewed by:	asomers, kib
Fixes:	7e68af7ce2 ("fusefs: redo vnode attribute locking")
Differential Revision:	https://reviews.freebsd.org/D56370
2026-04-15 09:32:22 -07:00
Mark Johnston 18b7115cba ip_mroute: Fix a lock leak in X_ip_mforward()
If a FIB does not have a router configured, X_ip_mforward() would leak a
lock.  Plug the leak.

The IPv6 counterpart did not have such a check.  It wouldn't send an
upcall to a non-existent router anyway due to the router_ver check, but
we should verify that a router is present anyway.

Add regression test cases to exercise these code paths.

Reported by:	Claude Opus 4.6
Fixes:		0bb9c2b665 ("ip6_mroute: FIBify")
Sponsored by:	Klara, Inc.
Sponsored by:	Stormshield
2026-04-15 15:06:05 +00:00
Alan Somers 6dd86310e5 CTL: add ATF tests for REPORT SUPPORTED OPCODES
This includes a regression test for CVE-2024-42416

MFC after:	2 weeks
Sponsored by:	ConnectWise
Reviewed by:	emaste
Differential Revision: https://reviews.freebsd.org/D46613
2026-04-14 11:36:07 -06:00
Pouria Mousavizadeh Tehrani aa9f669d09 geneve: Add tests for geneve
Add tests for each combinations of geneve modes, address families
and multicast.

Differential Revision: https://reviews.freebsd.org/D55183
2026-04-13 17:45:04 +03:30
Li-Wen Hsu 8672683ec8 test/sys/arch: Fix arch without test/sys/arch/${MACHINE_ARCH}
Fixes:		0ddaa4c86d ("arm64: Add arm64 SVE tests")
Sponsored by:	The FreeBSD Foundation
2026-04-09 23:49:56 +08:00
Kyle Evans 9a8d333368 libc: fix memfd_create's HUGETLB handling
The 'simplification' commit referenced below actually broke one aspect
of MFD_HUGETLB: the caller isn't supposed to be required to specify a
size.  MFD_HUGETLB by itself without a shift mask just requests a large
page, so we revert that part of memfd_create() back.

While we're here, fix up the related parts of the manpages a little bit,
since MFD_HUGETLB is actually supported.  The manpage claims that we
would return ENOSYS if forced mappings weren't supported, but this was
actually not true.  However, that seems like a very important
distinction to make between ENOSYS and EOPNOTSUPP, so fix the
implementation to match the docs.

Fixes:	8b8cf4ece6 ("memfd_create: simplify HUGETLB support [...]")
Reviewed by:	kib, markj
Differential Revision:	https://reviews.freebsd.org/D56114
2026-04-08 21:37:11 -05:00
Kyle Evans 0c9cec8b66 tests: kqueue: add a basic test for CPONFORK
Just copy over a timer and a write-filter, be sure that we can observe
both in the child.  Maybe the timer should check for a minimum time
passed, but I don't know that we'd be likely to get that wrong.

This also adds a negative test with a kqueue that is *not* set for
CPONFORK being added to the first one, made readable, and confirming
that we don't see a knote for it in the child.

Some other improvements to the test noted in the review are planned in
the short term, but they're not particularly worth blocking adding this
as a basic sanity check.

Reviewed by:	kib, markj
Differential Revision:	https://reviews.freebsd.org/D56223
2026-04-08 21:37:11 -05:00
Andrew Turner 0ddaa4c86d arm64: Add arm64 SVE tests
Add the tests/sys/arch directory for architecture-specific tests and
use it to add arm64 SVE tests. These test the kernel is managing the
SVE state in a way we expect.

These tests require SVE hardware support to run so will skip when they
can't detect it.

Reviewed by:	markj
Sponsored by:	Arm Ltd
Differential Revision:	https://reviews.freebsd.org/D43311
2026-04-08 15:20:52 +01:00
Kristof Provost 6642ba36f1 pf tests: explicitly test zeroing counters within an anchor
While here fix the match pattern in the existing test.

Sponsored by:	Rubicon Communications, LLC ("Netgate")
2026-04-07 16:58:32 +02:00
Mark Johnston 09e702ad40 tests: Add some simple regression tests for ip_mroute
These use atf_python to create a number of hosts linked to a router.
The router runs pimd (for IPv4) or ip6_mrouter (simplistic IPv6
multicast router that I wrote since I couldn't find one in the ports
tree).  The vnet_host*_handler() methods are invoked in different VNET
jails connected to the router; they register the connected epair with a
multicast group and verify that they can send messages to each other.

The tests are synchronized by sending messages over a unix domain
socket.  The flow is something like:
1) test startup_method() is called, the unix socket is created,
2) the superclass creates jails and links them together using the
   declared topology,
3) we wait for all child jails to start up and send a message on the
   unix socket indicating that they are ready
4) we start the routing daemon in the main jail,
5) the test actually starts; starttest() kicks off the
   vnet_host*_handlers(), which mostly just verify that they can send
   messages to each other using multicast packets
6) once they finish running, they signal their completion, and
   waittest() returns once they're all done

There are two tests, repeated for v4 and v6.  One just exchanges packets
between two hosts, and the other has four hosts divided across two FIBs.

MFC after:	2 weeks
Sponsored by:	Stormshield
Sponsored by:	Klara, Inc.
Differential Revision:	https://reviews.freebsd.org/D55244
2026-03-30 16:08:21 +00:00
Pouria Mousavizadeh Tehrani 254b23eb1f routing: Retire ROUTE_MPATH compile option
The ROUTE_MPATH compile option was introduced to
test the new multipath implementation.
Since compiling it has no overhead and it's enabled
by default, remove it.

Reviewed by:	melifaro, markj
Relnotes:	yes
Differential Revision: https://reviews.freebsd.org/D55884
2026-03-27 23:55:33 +03:30
Pouria Mousavizadeh Tehrani 2371b24c22 tests: Add grand link-layer event in netinet6/ndp
Add test for ndp to verity link-layer address change event
actually triggers the grand.

Differential Revision: https://reviews.freebsd.org/D55927
2026-03-27 23:55:30 +03:30
K Rin 18ce9e2dd0 tests/netlink: Bugfix on snl_parse_errmsg_capped test
Turn off the NETLINK_EXT_ACK flag to fix bug of snl_parse_errmsg_capped.

Reviewed by:	pouria
Pull Request:	https://github.com/freebsd/freebsd-src/pull/1660
2026-03-27 15:31:06 +03:30
Jake Freeland 4b16ff49bf timerfd: Guard expected performance failure
During the timerfd__periodic_timer_performance test, only expect
failures when the expiration count is less than 400000000. This
prevents the test from being reported as a true failure in environments
where scheduling latency is high enough to delay timerfd wakeups.

Fixes:		cb692380f1 ("timerfd: Expect periodic timer ...")
MFC after:	1 week
2026-03-26 11:47:32 -05:00
Jake Freeland cb692380f1 timerfd: Expect periodic timer performance failures
The current timerfd implementation fails to correctly count events on a
nanosecond callout interval. The timerfd__periodic_timer_performance
test detects this and reports failure.

Mark this test as an expected failure so it isn't flagged by CI. A link
to the bug report is attached to the test for reference.

While we're here, clean up some minor style and Make issues.

Fixes:		834c1ba793 ("timerfd: Add tests")
MFC after:	1 week
2026-03-25 19:22:55 -05:00
Gleb Smirnoff f698988084 tests/netinet: add raw:reconnect test
It tests repetitive connect(2) on AF_INET/SOCK_RAW including connect(2)
to INADDR_ANY that puts socket back into receive-all mode.
2026-03-25 12:58:28 -07:00