Gcc complained about the unused %0 asm argument.
Fixes: 2c2ec6bbc9 ("tests/sys/arch/amd64: add a program to check INT $0x80 behavior on amd64")
Reviewed by: kib, markj
Differential Revision: https://reviews.freebsd.org/D56781
- Set require.kmods instead of relying on ifconfig to load if_lagg.ko,
as this doesn't work when running within a jail.
- Simplify helper functions which create tap and lagg devices.
MFC after: 1 week
At least one of these tests changes the system clock, which potentially
interferes with concurrently running tests and causes them to fail.
MFC after: 1 week
For unicast tests, it is sufficient to use wait_for_carp() to verify
the setup is sane. Additional sanity checks are not necessarily
required but can serve purpose for redundancy.
For some unclear reason routed(8) is advertising route to carp BACKUP.
That makes the test flaky. Also routed(8) is marked deprecated and may
be removed from base in the future. Let's just add static route entry
manually for additional sanity checks.
Other noticeable changes:
1. Add atf_check to configuration steps to prevent potential failure
on setup. That helps diagnosing on failure.
2. Shorten the names of jails to improve readability.
3. Prefer `[ifconfig|route|sysctl] -j` over `jexec [ifconfig|route|sysctl]`
to make the lines shorter.
PR: 294817
Reviewed by: glebius (previous version), pouria, markj
Fixes: 93fbdef51a tests: carp: Update test case unicast_v4 to catch PR 284872
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D56761
The getgroups test is a NetBSD tests, so just apply our larger hammer
and disable the feature entirely. The audit test can take a more
surgical approach and use __ssp_real() appropriately, since it's a local
one.
PR: 294881
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D56735
Added tests:
* Test for creating multiple routes.
* Test for merge multiple nexthops into a single nexthop group.
* Test for nexthop expirations from a nexthop group.
Reviewed by: glebius
Differential Revision: https://reviews.freebsd.org/D56190
As per RFC5061 "4.2. New Parameter Types" the add/delete IP address
parameters (0xc001, 0xc002) may not be present in an INIT or INIT-ACK
chunk. They are only allowed to be present in an ASCONF chunk.
This also prevents unbounded recursion while parsing an SCTP packet.
Approved by: so
Security: FreeBSD-SA-26:14.pf
Security: CVE-2026-7164
PR: 294799
Reported by: Igor Gabriel Sousa e Souza
Sponsored by: Orange Business Services
Add require.user root and require.kmods if_wg to
wg_key_peerdev_makeshared_head(), consistent with the other wg tests.
Without if_wg.ko causes ifconfig wg create to fail with EINVAL. The
test also needs root to create jails.
Sponsored by: The FreeBSD Foundation
The changes [1] and [2] made to CURRENT introduce races between ifnet
detach and vmove operations. That requires extra effort to fix. They
are not MFCed to stable branches so the latter are not affected.
Temporarily skip two affected tests on CURRENT right now.
[1] 0bf42a0a05 bpf: virtualize bpf_iflist
[2] a4d766caf7 bpf: add a crutch to support if_vmove
PR: 292993
Discussed with: kp
A ng_eiface(4) or physical interface does not involve the cloner hence
the detaching is a bit different with epair(4). Add more tests to cover
that.
PR: 292993
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D56609
Ideally we shall have tests for all possible races. It is races between
if_detach(), if_vmove_loan(), if_vmove_reclaim() and vnet_if_return().
Well that requires too many tests and it appears to be less valuable to
have them all. So focus on potential in future regressions related to
recent fixes [1] and [2] only.
[1] ee9456ce37 ifnet: Fix races in if_vmove_reclaim()
[2] ba7f47d47d ifnet: if_detach(): Fix races with vmove operations
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D56606
The inotify flags are copied from the lower vnode into the nullfs vnode
so that the INOTIFY() macro will invoke VOP_INOTIFY on the nullfs vnode;
this is then bypassed to the lower vnode. However, when a nullfs vnode
is reclaimed we should clear these flags, as the vnode is now doomed and
no longer forwards VOPs to the lower vnode.
Add regression tests. Remove a test in vn_inotify_revoke() which is no
longer needed after this change.
PR: 292495
Reviewed by: kib
Reported by: Jed Laundry <jlaundry@jlaundry.com>
Fixes: f1f230439f ("vfs: Initial revision of inotify")
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D56639
- Don't use /dev/null as the pidfile for inetd, that doesn't work
properly. Create a pidfile in the per-test scratch directory.
- Use atf_check to validate results from setup commands.
MFC after: 1 week
pf_route() and pf_route6() forward broadcast and multicast traffic
when a route-to rule matches, without any check against the output
interface's broadcast domain. This is a deliberate property of the
route option code path, but it is not documented and the workaround
is non-obvious.
Document the behavior in pf.conf(5) with example block-out rules on
the target interface, scoped with the received-on qualifier so that
only forwarded traffic is dropped while the router's own broadcast
and multicast traffic continues to pass.
Add regression tests covering the full broadcast/multicast and
forwarded/local matrix on both IPv4 and IPv6.
Reviewed by: glebius, kp
Approved by: kp (mentor)
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D56559
We should look at the table name for automatic tables as well. These
are different tables, so the rules using them are (or can be) different
as well.
MFC after: 3 days
Reported by: Michael Sinatra <michael@burnttofu.net>
Sponsored by: Rubicon Communications, LLC ("Netgate")
Each test case in opcodes.sh uses ctladm to create and remove the LUN it
exercises, but only sg_opcodes was listed in require.progs.
On systems where ctladm is not builded the tests would fail at setup instead of
being skipped cleanly.
Approved by: asomers
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D56568
pmap_pkru_update_range() did not handle the case where a PDPE has PG_PS
set. More generally, the SET_PKRU and CLEAR_PKRU sysarch
implementations did not check whether the request covers a "boundary" vm
map entry. Fix this, add the missing PG_PS test, and add some tests.
Approved by: so
Security: FreeBSD-SA-26:11.amd64
Security: CVE-2026-6386
Reported by: Nicholas Carlini <npc@anthropic.com>
Reviewed by: kib, alc
Differential Revision: https://reviews.freebsd.org/D56184
The TIOCNOTTY handler detaches the calling process from its controlling
terminal. It clears the link from the session to the tty, but not the
pointers from the tty to the session and process group. This means that
sess_release() doesn't call tty_rel_sess(), and that pgdelete() doesn't
call tty_rel_pgrp(), so the pointers are left dangling.
Fix this by clearing pointers in tty_drop_ctty(). Add a standalone
regression test.
Approved by: so
Security: FreeBSD-SA-26:10.tty
Security: CVE-2026-5398
Reported by: Nicholas Carlini <npc@anthropic.com>
Reviewed by: kib, kevans
Fixes: 1b50b999f9 ("tty: implement TIOCNOTTY")
Differential Revision: https://reviews.freebsd.org/D56046
The test verifies that a socket can bind to a local address assigned by
connect(2) to a different socket. It was however trying to bind to the
wrong address, and the check of the result was inverted, so this went
unnoticed. It also needs to set SO_REUSEADDR for this to succeed.
Reported by: glebius
MFC after: 1 week
* RA hop limit validation
* RA source address validation
* Multi router RA validation
* Two hour rule RA validation
* SLAAC onlink prefix switching test
Reviewed by: glebius
Differential Revision: https://reviews.freebsd.org/D56128
Notably, confirm in the child that our close-on-fork fd is actually
closed, and break RECV_ALL out into a table and check each bit
individually to provide a better message when the test fails.
While we're here, just switch to waitid() rather than trying to identify
the point where we have to make the switch. This reduces maintenance
slightly, as keeping our assertion static would require still adding to
a _RECV_ALL mask *just* for that purpose.
Reviewed by: kib, markj (both slightly earlier version)
Differential Revision: https://reviews.freebsd.org/D56372
If a FIB does not have a router configured, X_ip_mforward() would leak a
lock. Plug the leak.
The IPv6 counterpart did not have such a check. It wouldn't send an
upcall to a non-existent router anyway due to the router_ver check, but
we should verify that a router is present anyway.
Add regression test cases to exercise these code paths.
Reported by: Claude Opus 4.6
Fixes: 0bb9c2b665 ("ip6_mroute: FIBify")
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
This includes a regression test for CVE-2024-42416
MFC after: 2 weeks
Sponsored by: ConnectWise
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D46613
The 'simplification' commit referenced below actually broke one aspect
of MFD_HUGETLB: the caller isn't supposed to be required to specify a
size. MFD_HUGETLB by itself without a shift mask just requests a large
page, so we revert that part of memfd_create() back.
While we're here, fix up the related parts of the manpages a little bit,
since MFD_HUGETLB is actually supported. The manpage claims that we
would return ENOSYS if forced mappings weren't supported, but this was
actually not true. However, that seems like a very important
distinction to make between ENOSYS and EOPNOTSUPP, so fix the
implementation to match the docs.
Fixes: 8b8cf4ece6 ("memfd_create: simplify HUGETLB support [...]")
Reviewed by: kib, markj
Differential Revision: https://reviews.freebsd.org/D56114
Just copy over a timer and a write-filter, be sure that we can observe
both in the child. Maybe the timer should check for a minimum time
passed, but I don't know that we'd be likely to get that wrong.
This also adds a negative test with a kqueue that is *not* set for
CPONFORK being added to the first one, made readable, and confirming
that we don't see a knote for it in the child.
Some other improvements to the test noted in the review are planned in
the short term, but they're not particularly worth blocking adding this
as a basic sanity check.
Reviewed by: kib, markj
Differential Revision: https://reviews.freebsd.org/D56223
Add the tests/sys/arch directory for architecture-specific tests and
use it to add arm64 SVE tests. These test the kernel is managing the
SVE state in a way we expect.
These tests require SVE hardware support to run so will skip when they
can't detect it.
Reviewed by: markj
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D43311
These use atf_python to create a number of hosts linked to a router.
The router runs pimd (for IPv4) or ip6_mrouter (simplistic IPv6
multicast router that I wrote since I couldn't find one in the ports
tree). The vnet_host*_handler() methods are invoked in different VNET
jails connected to the router; they register the connected epair with a
multicast group and verify that they can send messages to each other.
The tests are synchronized by sending messages over a unix domain
socket. The flow is something like:
1) test startup_method() is called, the unix socket is created,
2) the superclass creates jails and links them together using the
declared topology,
3) we wait for all child jails to start up and send a message on the
unix socket indicating that they are ready
4) we start the routing daemon in the main jail,
5) the test actually starts; starttest() kicks off the
vnet_host*_handlers(), which mostly just verify that they can send
messages to each other using multicast packets
6) once they finish running, they signal their completion, and
waittest() returns once they're all done
There are two tests, repeated for v4 and v6. One just exchanges packets
between two hosts, and the other has four hosts divided across two FIBs.
MFC after: 2 weeks
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D55244
The ROUTE_MPATH compile option was introduced to
test the new multipath implementation.
Since compiling it has no overhead and it's enabled
by default, remove it.
Reviewed by: melifaro, markj
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D55884
During the timerfd__periodic_timer_performance test, only expect
failures when the expiration count is less than 400000000. This
prevents the test from being reported as a true failure in environments
where scheduling latency is high enough to delay timerfd wakeups.
Fixes: cb692380f1 ("timerfd: Expect periodic timer ...")
MFC after: 1 week
The current timerfd implementation fails to correctly count events on a
nanosecond callout interval. The timerfd__periodic_timer_performance
test detects this and reports failure.
Mark this test as an expected failure so it isn't flagged by CI. A link
to the bug report is attached to the test for reference.
While we're here, clean up some minor style and Make issues.
Fixes: 834c1ba793 ("timerfd: Add tests")
MFC after: 1 week