if_wg: pass back result of selftests and enable in CI
Hopefully bad tests will cause the module to not insert, so the CI picks this up. It looks like a failure to insert the module at the moment actually causes another crash, though: Kernel page fault with the following non-sleepable locks held: exclusive sleep mutex if_cloners lock (if_cloners lock) r = 0 (0xffffffff81d9a9b8) locked @ /usr/src/sys/net/if_clone.c:447 stack backtrace: #0 0xffffffff80c66181 at witness_debugger+0x71 #1 0xffffffff80c6729d at witness_warn+0x40d #2 0xffffffff8109499e at trap_pfault+0x7e #3 0xffffffff81093fab at trap+0x2ab #4 0xffffffff810687f8 at calltrap+0x8 #5 0xffffffff82925610 at wg_module_event_handler+0x120 #6 0xffffffff80bd53c3 at module_register_init+0xd3 #7 0xffffffff80bc5c61 at linker_load_module+0xc01 #8 0xffffffff80bc73b9 at kern_kldload+0xe9 #9 0xffffffff80bc74db at sys_kldload+0x5b #10 0xffffffff810952f7 at amd64_syscall+0x147 #11 0xffffffff8106911e at fast_syscall_common+0xf8 Fatal trap 12: page fault while in kernel mode cpuid = 9; apic id = 09 fault virtual address = 0x70 fault code = supervisor read data, page not present instruction pointer = 0x20:0xffffffff80d18e37 stack pointer = 0x28:0xfffffe0115fb35a0 frame pointer = 0x28:0xfffffe0115fb35c0 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 1587 (kldload) trap number = 12 panic: page fault cpuid = 9 time = 1621380034 KDB: stack backtrace: #0 0xffffffff80c44695 at kdb_backtrace+0x65 #1 0xffffffff80bf9d01 at vpanic+0x181 #2 0xffffffff80bf9ad3 at panic+0x43 #3 0xffffffff81094917 at trap_fatal+0x387 #4 0xffffffff810949b7 at trap_pfault+0x97 #5 0xffffffff81093fab at trap+0x2ab #6 0xffffffff810687f8 at calltrap+0x8 #7 0xffffffff82925610 at wg_module_event_handler+0x120 #8 0xffffffff80bd53c3 at module_register_init+0xd3 #9 0xffffffff80bc5c61 at linker_load_module+0xc01 #10 0xffffffff80bc73b9 at kern_kldload+0xe9 #11 0xffffffff80bc74db at sys_kldload+0x5b #12 0xffffffff810952f7 at amd64_syscall+0x147 #13 0xffffffff8106911e at fast_syscall_common+0xf8 Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This commit is contained in:
parent
74b1ad5ffd
commit
a554cedba4
|
@ -2,11 +2,10 @@ freebsd_task:
|
|||
timeout_in: 120m
|
||||
install_script:
|
||||
- ASSUME_ALWAYS_YES=yes pkg bootstrap -f ; pkg install -y bash iperf3 wireguard-tools
|
||||
script:
|
||||
- fetch https://download.freebsd.org/ftp/releases/$(uname -m)/$(uname -r)/src.txz
|
||||
- tar -C / -x -f src.txz
|
||||
build_script:
|
||||
- make -j $(sysctl -n hw.ncpu) -C src
|
||||
- make -j $(sysctl -n hw.ncpu) -C src DEBUG_FLAGS=-DSELFTESTS
|
||||
test_script:
|
||||
- kldload src/if_wg.ko
|
||||
- tests/netns.sh
|
||||
|
|
22
src/if_wg.c
22
src/if_wg.c
|
@ -2986,19 +2986,23 @@ wg_prison_remove(void *obj, void *data __unused)
|
|||
|
||||
#ifdef SELFTESTS
|
||||
#include "selftest/allowedips.c"
|
||||
static void wg_run_selftests(void)
|
||||
static bool wg_run_selftests(void)
|
||||
{
|
||||
wg_allowedips_selftest();
|
||||
noise_counter_selftest();
|
||||
cookie_selftest();
|
||||
bool ret = true;
|
||||
ret &= wg_allowedips_selftest();
|
||||
ret &= noise_counter_selftest();
|
||||
ret &= cookie_selftest();
|
||||
return ret;
|
||||
}
|
||||
#else
|
||||
static inline void wg_run_selftests(void) { }
|
||||
static inline bool wg_run_selftests(void) { return true; }
|
||||
#endif
|
||||
|
||||
static int
|
||||
wg_module_init(void)
|
||||
{
|
||||
int ret = ENOMEM;
|
||||
|
||||
osd_method_t methods[PR_MAXMETHOD] = {
|
||||
[PR_METHOD_REMOVE] = wg_prison_remove,
|
||||
};
|
||||
|
@ -3010,13 +3014,17 @@ wg_module_init(void)
|
|||
goto free_zone;
|
||||
|
||||
wg_osd_jail_slot = osd_jail_register(NULL, methods);
|
||||
wg_run_selftests();
|
||||
|
||||
ret = ENOTRECOVERABLE;
|
||||
if (!wg_run_selftests())
|
||||
goto free_zone;
|
||||
|
||||
return (0);
|
||||
|
||||
free_zone:
|
||||
uma_zdestroy(wg_packet_zone);
|
||||
free_none:
|
||||
return (ENOMEM);
|
||||
return (ret);
|
||||
}
|
||||
|
||||
static void
|
||||
|
|
|
@ -30,9 +30,10 @@ static const struct expected_results {
|
|||
|
||||
static struct ratelimit rl;
|
||||
|
||||
static void
|
||||
static bool
|
||||
cookie_ratelimit_timings_test(void)
|
||||
{
|
||||
bool ret = false;
|
||||
struct sockaddr_in sin;
|
||||
#ifdef INET6
|
||||
struct sockaddr_in6 sin6;
|
||||
|
@ -91,15 +92,18 @@ cookie_ratelimit_timings_test(void)
|
|||
#endif
|
||||
}
|
||||
T_PASSED;
|
||||
ret = true;
|
||||
cleanup:
|
||||
ratelimit_deinit(&rl);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static void
|
||||
static bool
|
||||
cookie_ratelimit_capacity_test(void)
|
||||
{
|
||||
struct sockaddr_in sin;
|
||||
int i;
|
||||
bool ret = false;
|
||||
|
||||
bzero(&rl, sizeof(rl));
|
||||
ratelimit_init(&rl);
|
||||
|
@ -120,15 +124,18 @@ cookie_ratelimit_capacity_test(void)
|
|||
}
|
||||
}
|
||||
T_PASSED;
|
||||
ret = true;
|
||||
cleanup:
|
||||
ratelimit_deinit(&rl);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static void
|
||||
static bool
|
||||
cookie_ratelimit_gc_test(void)
|
||||
{
|
||||
struct sockaddr_in sin;
|
||||
int i;
|
||||
bool ret = false;
|
||||
|
||||
bzero(&rl, sizeof(rl));
|
||||
ratelimit_init(&rl);
|
||||
|
@ -165,11 +172,13 @@ cookie_ratelimit_gc_test(void)
|
|||
if (rl.rl_table_num != 0)
|
||||
T_FAILED("gc");
|
||||
T_PASSED;
|
||||
ret = true;
|
||||
cleanup:
|
||||
ratelimit_deinit(&rl);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static void
|
||||
static bool
|
||||
cookie_mac_test(void)
|
||||
{
|
||||
struct cookie_checker checker;
|
||||
|
@ -177,6 +186,7 @@ cookie_mac_test(void)
|
|||
struct cookie_macs cm;
|
||||
struct sockaddr_in sin;
|
||||
int res, i;
|
||||
bool ret = false;
|
||||
|
||||
uint8_t nonce[COOKIE_NONCE_SIZE];
|
||||
uint8_t cookie[COOKIE_ENCRYPTED_SIZE];
|
||||
|
@ -280,15 +290,18 @@ cookie_mac_test(void)
|
|||
T_FAILED("validate_macs_load_normal_mac2_retry");
|
||||
|
||||
T_PASSED;
|
||||
ret = true;
|
||||
cleanup:
|
||||
return;
|
||||
return ret;
|
||||
}
|
||||
|
||||
void
|
||||
bool
|
||||
cookie_selftest(void)
|
||||
{
|
||||
cookie_ratelimit_timings_test();
|
||||
cookie_ratelimit_capacity_test();
|
||||
cookie_ratelimit_gc_test();
|
||||
cookie_mac_test();
|
||||
bool ret = true;
|
||||
ret &= cookie_ratelimit_timings_test();
|
||||
ret &= cookie_ratelimit_capacity_test();
|
||||
ret &= cookie_ratelimit_gc_test();
|
||||
ret &= cookie_mac_test();
|
||||
return ret;
|
||||
}
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
} \
|
||||
} while (0)
|
||||
|
||||
void
|
||||
bool
|
||||
noise_counter_selftest(void)
|
||||
{
|
||||
struct noise_keypair kp;
|
||||
|
@ -95,4 +95,5 @@ noise_counter_selftest(void)
|
|||
|
||||
if (success)
|
||||
printf("nonce counter self-test: pass\n");
|
||||
return success;
|
||||
}
|
||||
|
|
|
@ -68,7 +68,7 @@ int cookie_checker_validate_macs(struct cookie_checker *,
|
|||
struct vnet *);
|
||||
|
||||
#ifdef SELFTESTS
|
||||
void cookie_selftest(void);
|
||||
bool cookie_selftest(void);
|
||||
#endif /* SELFTESTS */
|
||||
|
||||
#endif /* __COOKIE_H__ */
|
||||
|
|
|
@ -129,7 +129,7 @@ int noise_consume_response(
|
|||
uint8_t en[0 + NOISE_AUTHTAG_LEN]);
|
||||
|
||||
#ifdef SELFTESTS
|
||||
void noise_counter_selftest(void);
|
||||
bool noise_counter_selftest(void);
|
||||
#endif /* SELFTESTS */
|
||||
|
||||
#endif /* __NOISE_H__ */
|
||||
|
|
Loading…
Reference in New Issue