1 /* 2 * This file and its contents are supplied under the terms of the 3 * Common Development and Distribution License ("CDDL"), version 1.0. 4 * You may only use this file in accordance with the terms of version 5 * 1.0 of the CDDL. 6 * 7 * A full copy of the text of the CDDL should have accompanied this 8 * source. A copy of the CDDL is also available via the Internet at 9 * http://www.illumos.org/license/CDDL. 10 */ 11 12 /* 13 * Copyright 2025 Oxide Computer Company 14 * Copyright 2024 Ryan Zezeski 15 */ 16 17 /* 18 * The Kernel Test Facility 19 * ------------------------ 20 * 21 * The kernel test facility, otherwise known as "ktest", provides a 22 * means for in situ kernel testing. It allows one to write kernel 23 * modules whose purpose is to test other kernel modules (or the 24 * kernel at large). While much can be tested from userland, there are 25 * some cases where there is no substitute for running the test code 26 * in kernel context, right next to the code it's testing. In many 27 * cases it's the only way to efficiently test specific execution 28 * paths, by avoiding the brittleness of action from afar which relies 29 * on subtle interactions between userland and kernel. For these 30 * cases, and many more, ktest gives you the best chance at directly 31 * testing kernel code (short of injecting DEBUG invariant checks 32 * inline with the code itself). 33 * 34 * The kernel test facility provides the following. 35 * 36 * - The ktest kernel module (this file), which acts as a central 37 * location for all administration and execution of test modules. 38 * 39 * - The ktest(9) API, which provides the tools to write tests and 40 * register them with the ktest module. 41 * 42 * - The ktest pseudo device, which presents a control surface to 43 * userspace in the form of your typical ioctl interface. 44 * 45 * - A ktest(8) user command, which provides a user interface to the 46 * ktest facility. 47 * 48 * Ktest Architecture 49 * ------------------ 50 * 51 * ## The Test Triple 52 * 53 * Ktest provides a three-level namespace for organizing tests, 54 * referred to as the "test triple". It consists of the module name, 55 * suite name, and test name, written as '<module>:<suite>:<test>'. 56 * 57 * - Module: The top of the namespace, typically named after the 58 * module-under-test (MUT). The convention is to append the '_test' 59 * suffix to the module-under-test. For example, the 'mac' module 60 * might have a 'mac_ktest' test module. However, there is no hard 61 * rule that a test module must be named after its 62 * module-under-test, it’s merely a suggestion. Such a convention is 63 * a bit unwieldy for large modules like genunix. In those cases it 64 * makes sense to break from the norm. 65 * 66 * - Suite: Each module consists of one or more suites. A suite groups 67 * tests of related functionality. For example, you may have several 68 * tests that verify checksum routines for which you might name the 69 * suite 'checksum'. 70 * 71 * - Test: Each suite consists of one of more tests. The name of the 72 * test can be any string which you find descriptive of the test. A 73 * unit test for a single, small function will often use the name of 74 * the function-under-test with a _test suffix added. But for 75 * testing a series of function calls, or a larger function, it may 76 * make sense to abandon this convention. 77 * 78 * A test triple can be fully or partially-qualified, depending on the 79 * context. A fully-qualified triple is one that names one test by 80 * specifying each level of the namespace and using no glob characters 81 * -- it’s unambiguous. A partially-qualified triple, on the other 82 * hand, can be ambiguous; it only names some of the namespace or 83 * makes use of glob characters. 84 * 85 * Fully qualified: 86 * 87 * 'mac:checksum:mac_sw_cksum_ipv4_tcp_test' 88 * 89 * Partially qualified 90 * 91 * '*' 92 * '*:*:*' 93 * 'mac:' 94 * 'mac:checksum' 95 * 'mac:*:mac_sw*' 96 * 97 * ## The Context Handle 98 * 99 * All communication between ktest and the individual test happens via 100 * the "context object". This object cannot be accessed directly. 101 * Instead, ktest provides a context handle to be accessed via its 102 * ktest(9) API. A test must conform to the ktest_fn_t prototype. 103 * 104 * ## Setting Test Results 105 * 106 * A test conveys its result using one of the result ktest(9) APIs. A 107 * result is typically pass or fail, but a test may also be skipped or 108 * may encounter an unforeseen error. See ktest_result_type_t for a 109 * description of the types of results. All test results should 110 * include the associated source line by way of the __LINE__ macro. 111 * The fail, error, and skip results should also include a message 112 * giving further context on the result. 113 * 114 * ktest_result_pass(ktest_ctx_hdl_t *, int) 115 * 116 * The test ran as expected and all conditions were met. The result 117 * value is set to KTEST_RESULT_PASS. 118 * 119 * ktest_result_fail(ktest_ctx_hdl_t *, int, const char *, ...) 120 * 121 * One of the test conditions was violated. The test should use the 122 * format string and arguments to create a message describing which 123 * condition failed and why. The result value is set to KTEST_RESULT_FAIL. 124 * 125 * ktest_result_error(ktest_ctx_hdl_t *, int, const char *, ...) 126 * 127 * The test encountered an unexpected error, one that is not 128 * directly related to the logic under test. For example, failure to 129 * acquire memory is often outside of the test parameters for most 130 * tests. These types of errors are often encountered when 131 * interacting with the kernel at large and when acquiring resources 132 * for test setup. Perhaps most importantly, it indicates the lack 133 * of a pass/fail determination for this test. The result value is 134 * set to KTEST_RESULT_ERROR. 135 * 136 * ktest_result_skip(ktest_ctx_hdl_t *, int, const char *, ...) 137 * 138 * The test lacks the required context to execute, typically for 139 * lack of resources or specific hardware under test. Like the error 140 * result, this lacks a pass/fail determination. The result value is 141 * set to KTEST_RESULT_SKIP. 142 * 143 * ## Result Macros 144 * 145 * Using the API above is cumbersome, requiring the repetitive use of 146 * the __LINE__ macro. The following macros are provided for ease of 147 * use. 148 * 149 * - KT_PASS(ktest_ctx_hdl_t *ctx) 150 * - KT_FAIL(ktest_ctx_hdl_t *ctx, char *msg, ...) 151 * - KT_ERROR(ktest_ctx_hdl_t *ctx, char *msg, ...) 152 * - KT_SKIP(ktest_ctx_hdl_t *ctx, char *msg, ...) 153 * 154 * ## KTest ASSERT Macros 155 * 156 * Even with the help of the result macros, writing test assertions 157 * requires quite a bit of verbosity and boilerplate; requiring an if 158 * statement, a KT_* call, and the failure message arguments. The 159 * KTest ASSERT macros provide an ASSERT3-like family of macros to 160 * reduce the boilerplate and make test writing feel more natural. 161 * However, they are different from the ASSERT3 family in two major 162 * ways. 163 * 164 * 1. They don't panic. The point is to report test failure, not 165 * preserve system state leading up to an invalid condition. 166 * However, for particularly difficult-to-debug test failures you 167 * could use DTrace to invoke a panic upon entry to 168 * ktest_result_error. 169 * 170 * 2. Following from (1), there may be test state to cleanup such as 171 * freeing memory or other resources. This cleanup needs to happen 172 * as a consequence of the assertion triggering, before returning 173 * from the test function. 174 * 175 * There are three types of KT_ASSERT macros: KTest ASSERT, KTest 176 * ASSERT Goto, and KTest ASSERT Block. The first type of assert is 177 * the closest match to the standard ASSERT macros: they provide no 178 * state cleanup, but require the context handle is passed as final 179 * argument. The goto versions allow for cleanup via a jump to a 180 * label. The block versions allow for cleanup via an attached block, 181 * much like an if statement, but requires an additional 182 * KT_ASSERTB_END to indicate the end of the block. What follows is a 183 * list of the various KT_ASSERT macros and their arguments. For each 184 * macro listed below, there is a corresponding KTEST_EASSERT macro. 185 * These later macros set a KTEST_ERROR result when tripped. 186 * 187 * KTest ASSERT (no cleanup) 188 * 189 * KTEST_ASSERT3S(left, op, right, ctx) 190 * KTEST_ASSERT3U(left, op, right, ctx) 191 * KTEST_ASSERT3P(left, op, right, ctx) 192 * KTEST_ASSERT(exp, ctx) 193 * KTEST_ASSERT0(exp, ctx) 194 * 195 * KTest ASSERT Goto (cleanup via label) 196 * 197 * KT_ASSERT3SG(left, op, right, ctx, label) 198 * KT_ASSERT3UG(left, op, right, ctx, label) 199 * KT_ASSERT3PG(left, op, right, ctx, label) 200 * KT_ASSERTG(exp, ctx, label) 201 * KT_ASSERT0G(exp, ctx, label) 202 * 203 * KTest ASSERT Block (cleanup via block) 204 * 205 * KT_ASSERT*B(left, op, right, ctx) { 206 * <... cleanup goes here ...> 207 * } 208 * KT_ASSERTB_END 209 * 210 * ## Additional Failure/Error Context 211 * 212 * Sometimes the failure message generated by the KT_ASSERT macro is 213 * not enough. You might want to prepend some information to the 214 * message to provide additional context about the failure. This would 215 * require using the ktest result API manually, which defeats the 216 * purpose of the KT_ASSERT macros. Instead, ktest offers the 217 * ktest_msg_{prepend,clear}(9F) API; allowing you to prepend 218 * additional context to the failure message (if the assertion should 219 * trip) while still using the KT_ASSERT macros. 220 * 221 * For example, if you were asserting an invariant on an array of 222 * objects, and you wanted the failure message to include the index of 223 * the object which tripped the assert, you could write something like 224 * the following. 225 * 226 * ---- 227 * for (int i = 0; i < num_objs; i++) { 228 * obj_t *obj = &objs[i]; 229 * 230 * ktest_msg_prepend(ctx, "objs[%d]: ", i); 231 * KT_ASSERT3P(obj->o_state, !=, NULL, ctx); 232 * } 233 * 234 * ktest_msg_clear(ctx); 235 * ---- 236 * 237 * The ktest_msg_prepend() call is not additive; it always overwrites 238 * the contents of the prepend buffer. 239 * 240 * ## Test Input 241 * 242 * A test has the option to require input. The input is always in the 243 * form of a byte stream. The interpretation of those bytes is left to 244 * the test; the ktest facility at large treats the input stream as 245 * opaque. It is legal to have an input stream of zero bytes. The test 246 * retrieves its byte stream with the ktest_get_input(9F) API. 247 * 248 * ## Testing Private Functions 249 * 250 * A test module often needs to test static (private) functions. 251 * However, as the test module and module-under-test are two different 252 * modules, and a static function's linkage is local, there is no way 253 * to easily access them. Ktest works around this by offering a set of 254 * APIs to dynamically load the the function object into the test module. 255 * 256 * ktest_hold_mod(9F) 257 * ktest_get_fn(9F) 258 * ktest_release_mod(9F) 259 * 260 * The test modules must perform four steps when accessing a static 261 * function. 262 * 263 * 1. Recreate the function prototype, typically in the form of a 264 * typedef. This is then used to declare the function pointer to 265 * the static function. 266 * 267 * 2. Get a handle to the module-under-test via ktest_hold_mod(9F). 268 * 269 * 3. Fill in the function pointer with ktest_get_fn(9F), after 270 * which it can be called just as it would in the 271 * module-under-test. 272 * 273 * 4. At completion of the test release the module handle via 274 * ktest_release_mod(9F). 275 * 276 * ## Registering Tests 277 * 278 * For a test to be run it first needs to be registered with the ktest 279 * facility. This is done via the ktest(9) APIs described below. The 280 * test module should be a 'modlmisc' module and perform all test 281 * registration/unregistration in its '_init' and '_fini' callbacks. 282 * Internally, ktest tracks all registered tests via the ktest_modules 283 * list. 284 * 285 * ktest_create_module(9F) 286 * ktest_add_test(9F) 287 * ktest_add_suite(9F) 288 * ktest_register_module(9F) 289 * ktest_unregister_module(9F) 290 * 291 * The creation and registration of tests is typically done in the 292 * following order. 293 * 294 * 1. Create a new module with ktest_create_module(9F). 295 * 296 * 2. Add a new suite with ktest_add_suite(9F). 297 * 298 * 3. Add one or more tests to the suite with ktest_add_test(9F). 299 * 300 * 4. Go back to step (2) if more suites are needed. 301 * 302 * 5. Register the module with ktest_register_module(9F). 303 * 304 * For unregistering your test module it's a simple matter of calling 305 * ktest_unregister_module(9F). 306 * 307 * The ktest_add_test(9F) API does provide a flags argument for 308 * providing additional information about the test, see 309 * ktest_test_flags_t for more information. 310 */ 311 #include <sys/stddef.h> 312 #include <sys/conf.h> 313 #include <sys/file.h> 314 #include <sys/stat.h> 315 #include <sys/modctl.h> 316 #include <sys/ktest_impl.h> 317 #include <sys/ddi.h> 318 #include <sys/sunddi.h> 319 320 #define KTEST_CTL_MINOR 0 321 322 dev_info_t *ktest_dip; 323 kmutex_t ktest_lock; 324 325 /* 326 * The global list of registered ktest modules. A module must call 327 * ktest_register_module() to register itself with the ktest framework. 328 * 329 * Protected by ktest_lock. 330 * 331 * List modules in MDB 332 * ------------------- 333 * 334 * > ktest_modules::walk list |::print ktest_module_t 335 */ 336 list_t ktest_modules; 337 338 /* 339 * Determine if the name is valid. This is probably overly 340 * restrictive, but it's easier to add additional characters later 341 * than to remove them. We want to avoid: 342 * 343 * - KTEST_SEPARATOR and KTEST_GMATCH_CHARS, as it causes ambiguity. 344 * 345 * - Characters that make it harder to use the ktest command in an 346 * interactive shell, such as whitespace and special characters like '&'. 347 */ 348 static int 349 ktest_valid_name(const char *name) 350 { 351 size_t len = strnlen(name, KTEST_MAX_NAME_LEN); 352 353 if (len >= KTEST_MAX_NAME_LEN) { 354 return (EOVERFLOW); 355 } 356 357 for (uint_t i = 0; i < len; i++) { 358 char c = name[i]; 359 boolean_t good_char = c == '.' || c == '_' || 360 (c >= 'A' && c <= 'Z') || (c >= 'a' && c <= 'z') || 361 (c >= '0' && c <= '9'); 362 363 if (!good_char) { 364 return (EINVAL); 365 } 366 } 367 368 return (0); 369 } 370 371 static ktest_module_t * 372 ktest_find_module(const char *module) 373 { 374 ktest_module_t *km = NULL; 375 376 VERIFY(MUTEX_HELD(&ktest_lock)); 377 378 for (km = list_head(&ktest_modules); km != NULL; 379 km = list_next(&ktest_modules, km)) { 380 if (strncmp(km->km_name, module, KTEST_MAX_NAME_LEN) == 0) { 381 return (km); 382 } 383 } 384 385 return (NULL); 386 } 387 388 static ktest_suite_t * 389 ktest_find_suite(ktest_module_t *km, const char *suite) 390 { 391 ktest_suite_t *ks = NULL; 392 393 for (ks = list_head(&km->km_suites); ks != NULL; 394 ks = list_next(&km->km_suites, ks)) { 395 if (strncmp(ks->ks_name, suite, KTEST_MAX_NAME_LEN) == 0) { 396 return (ks); 397 } 398 } 399 400 return (NULL); 401 } 402 403 static ktest_test_t * 404 ktest_find_test(ktest_suite_t *ks, const char *test) 405 { 406 ktest_test_t *kt = NULL; 407 408 for (kt = list_head(&ks->ks_tests); kt != NULL; 409 kt = list_next(&ks->ks_tests, kt)) { 410 if (strncmp(kt->kt_name, test, KTEST_MAX_NAME_LEN) == 0) { 411 return (kt); 412 } 413 } 414 415 return (NULL); 416 } 417 418 /* 419 * Return a pointer to the test that matches the fully-qualified 420 * triple. Return NULL if no match is found. 421 */ 422 static ktest_test_t * 423 ktest_get_test(const char *module, const char *suite, const char *test) 424 { 425 ktest_module_t *km = NULL; 426 ktest_suite_t *ks = NULL; 427 428 VERIFY(module != NULL); 429 VERIFY(suite != NULL); 430 VERIFY(test != NULL); 431 VERIFY(MUTEX_HELD(&ktest_lock)); 432 433 if ((km = ktest_find_module(module)) == NULL) { 434 return (NULL); 435 } 436 437 if ((ks = ktest_find_suite(km, suite)) == NULL) { 438 return (NULL); 439 } 440 441 return (ktest_find_test(ks, test)); 442 } 443 444 /* 445 * Create a new test module object named 'name'. The test module name 446 * may be the same as the module-under-test, but this isn't required. 447 * 448 * Zero indicates success and a handle to the module object is 449 * returned via 'km_hdl'. 450 * 451 * See ktest_create_module(9F). 452 */ 453 int 454 ktest_create_module(const char *name, ktest_module_hdl_t **km_hdl) 455 { 456 int ret = 0; 457 ktest_module_t *km = NULL; 458 459 if ((ret = ktest_valid_name(name)) != 0) { 460 return (ret); 461 } 462 463 if ((km = kmem_zalloc(sizeof (*km), KM_NOSLEEP)) == NULL) { 464 return (ENOMEM); 465 } 466 467 list_create(&km->km_suites, sizeof (ktest_suite_t), 468 offsetof(ktest_suite_t, ks_node)); 469 /* The length was already checked by ktest_valid_name(). */ 470 (void) strlcpy(km->km_name, name, sizeof (km->km_name)); 471 *km_hdl = (ktest_module_hdl_t *)km; 472 return (0); 473 } 474 475 /* 476 * Create a new suite object named 'name' and add it to the module. 477 * 478 * Zero indicates success and a handle to the suite object is returned 479 * via 'ks_hdl'. 480 * 481 * See ktest_add_suite(9F). 482 */ 483 int 484 ktest_add_suite(ktest_module_hdl_t *km_hdl, const char *name, 485 ktest_suite_hdl_t **ks_hdl) 486 { 487 int ret = 0; 488 ktest_module_t *km = (ktest_module_t *)km_hdl; 489 ktest_suite_t *ks = NULL; 490 491 if ((ret = ktest_valid_name(name)) != 0) { 492 return (ret); 493 } 494 495 if (ktest_find_suite(km, name) != NULL) { 496 return (EEXIST); 497 } 498 499 if ((ks = kmem_zalloc(sizeof (*ks), KM_NOSLEEP)) == NULL) { 500 return (ENOMEM); 501 } 502 503 list_create(&ks->ks_tests, sizeof (ktest_test_t), 504 offsetof(ktest_test_t, kt_node)); 505 /* The length was already checked by ktest_valid_name(). */ 506 (void) strlcpy(ks->ks_name, name, sizeof (ks->ks_name)); 507 ks->ks_module = km; 508 list_insert_tail(&km->km_suites, ks); 509 km->km_num_suites++; 510 km->km_num_tests += ks->ks_num_tests; 511 *ks_hdl = (ktest_suite_hdl_t *)ks; 512 return (0); 513 } 514 515 static int 516 ktest_create_test(ktest_test_t **test_out, ktest_suite_t *ks, const char *name, 517 ktest_fn_t fn, ktest_test_flags_t flags) 518 { 519 int ret = 0; 520 ktest_test_t *kt = NULL; 521 boolean_t requires_input = B_FALSE; 522 523 if ((ret = ktest_valid_name(name)) != 0) { 524 return (ret); 525 } 526 527 if ((kt = kmem_zalloc(sizeof (*kt), KM_NOSLEEP)) == NULL) { 528 return (ENOMEM); 529 } 530 531 if ((flags & KTEST_FLAG_INPUT) != 0) { 532 requires_input = B_TRUE; 533 } 534 535 /* The length was already checked by ktest_valid_name(). */ 536 (void) strlcpy(kt->kt_name, name, sizeof (kt->kt_name)); 537 kt->kt_fn = fn; 538 kt->kt_suite = ks; 539 kt->kt_requires_input = requires_input; 540 *test_out = kt; 541 return (0); 542 } 543 544 /* 545 * Add a test function to the suite specified by 'ks_hdl'. The test is 546 * registered under the 'name' pseudonym and refers to the 'fn' 547 * function. While the name is often the same as the function symbol, 548 * this is merely a convention and not enforced. The 'flags' argument 549 * may specify additional information about the function -- see the 550 * ktest_test_flags_t definition. 551 * 552 * This function creates a new test object on the caller's behalf and 553 * registers it with the specified suite. Zero indicates success. 554 * 555 * See ktest_add_test(9F). 556 */ 557 int 558 ktest_add_test(ktest_suite_hdl_t *ks_hdl, const char *name, ktest_fn_t fn, 559 ktest_test_flags_t flags) 560 { 561 ktest_suite_t *ks = (ktest_suite_t *)ks_hdl; 562 ktest_test_t *test; 563 int ret; 564 565 if (ktest_find_test(ks, name) != NULL) { 566 return (EEXIST); 567 } 568 569 if ((ret = ktest_create_test(&test, ks, name, fn, flags)) != 0) { 570 return (ret); 571 } 572 573 list_insert_tail(&ks->ks_tests, test); 574 ks->ks_num_tests++; 575 return (0); 576 } 577 578 /* 579 * Register the test module specified by 'km_hdl' with the ktest 580 * facility. 581 * 582 * See ktest_register_module(9F). 583 */ 584 int 585 ktest_register_module(ktest_module_hdl_t *km_hdl) 586 { 587 ktest_module_t *km = (ktest_module_t *)km_hdl; 588 589 mutex_enter(&ktest_lock); 590 591 ktest_module_t *conflict = ktest_find_module(km->km_name); 592 if (conflict != NULL) { 593 /* 594 * The ktest self-test module will, as part of its duties, 595 * attempt to double-register its module to confirm that it 596 * receives an EEXIST rejection. 597 * 598 * For that one specific case, the error output to the console 599 * is suppressed, since the behavior is anticipated and the 600 * operator should not be alarmed. 601 */ 602 const boolean_t selftest_suppress_msg = 603 conflict == km && 604 strncmp(km->km_name, "ktest", KTEST_MAX_NAME_LEN) == 0; 605 mutex_exit(&ktest_lock); 606 607 if (!selftest_suppress_msg) { 608 cmn_err(CE_NOTE, "test module already exists: %s", 609 km->km_name); 610 } 611 return (EEXIST); 612 } 613 614 list_insert_tail(&ktest_modules, km); 615 mutex_exit(&ktest_lock); 616 return (0); 617 } 618 619 static void 620 ktest_free_test(ktest_test_t *test) 621 { 622 kmem_free(test, sizeof (*test)); 623 } 624 625 static void 626 ktest_free_suite(ktest_suite_t *ks) 627 { 628 ktest_test_t *kt = NULL; 629 630 while ((kt = list_remove_head(&ks->ks_tests)) != NULL) { 631 ktest_free_test(kt); 632 } 633 634 list_destroy(&ks->ks_tests); 635 kmem_free(ks, sizeof (*ks)); 636 } 637 638 void 639 ktest_free_module(ktest_module_hdl_t *km_hdl) 640 { 641 ktest_module_t *km = (ktest_module_t *)km_hdl; 642 ktest_suite_t *ks = NULL; 643 644 while ((ks = list_remove_head(&km->km_suites)) != NULL) { 645 ktest_free_suite(ks); 646 } 647 648 list_destroy(&km->km_suites); 649 kmem_free(km, sizeof (*km)); 650 } 651 652 /* 653 * Unregister the test module named by 'name'. This walks all suites 654 * and tests registered under this module, removing them and freeing 655 * their resources. 656 * 657 * See ktest_unregister_module(9F). 658 */ 659 void 660 ktest_unregister_module(const char *name) 661 { 662 mutex_enter(&ktest_lock); 663 664 for (ktest_module_t *km = list_head(&ktest_modules); 665 km != NULL; 666 km = list_next(&ktest_modules, km)) { 667 if (strncmp(name, km->km_name, KTEST_MAX_NAME_LEN) == 0) { 668 list_remove(&ktest_modules, km); 669 ktest_free_module((ktest_module_hdl_t *)km); 670 break; 671 } 672 } 673 674 mutex_exit(&ktest_lock); 675 } 676 677 static void 678 ktest_unregister_all() 679 { 680 ktest_module_t *km; 681 mutex_enter(&ktest_lock); 682 683 while ((km = list_remove_head(&ktest_modules)) != NULL) { 684 ktest_free_module((ktest_module_hdl_t *)km); 685 } 686 687 mutex_exit(&ktest_lock); 688 } 689 690 /* 691 * Get a function pointer to the function with symbol 'fn_name'. This 692 * function must be a symbol in the module referenced by 'hdl', 693 * otherwise an error is returned. It's up to the caller to make sure 694 * that the 'fn' pointer is declared correctly. 695 * 696 * Zero indicates success. 697 * 698 * See ktest_get_fn(9F). 699 */ 700 int 701 ktest_get_fn(ddi_modhandle_t hdl, const char *fn_name, void **fn) 702 { 703 int err; 704 705 if ((*fn = ddi_modsym(hdl, fn_name, &err)) == NULL) { 706 return (err); 707 } 708 709 return (0); 710 } 711 712 /* 713 * Get the input stream from the context handle. The contract for this 714 * API guarantees that if it is called, then there MUST be an input 715 * stream. It does this by VERIFYing that a) the test's 716 * 'kt_requires_input' flag is set, and b) that the 'ktc_input' is 717 * non-NULL. This means that failure to set an input stream on a test 718 * which requires it will result in a kernel panic. That may seem 719 * extreme, however, consider that this is meant to be discovered 720 * during development, and that the ktest cmd also takes steps to 721 * ensure that any test which requires input has an input stream 722 * specified. The impetus for this contract is to avoid checking for 723 * valid input in every test -- it allows the test to assume the input 724 * is there and categorically catch any case where it is not. 725 * 726 * This contract does not preclude the possibility of a 0-byte stream, 727 * which may be a valid test case for some tests. It only precludes a 728 * non-existent stream. 729 * 730 * See ktest_get_input(9F). 731 */ 732 void 733 ktest_get_input(const ktest_ctx_hdl_t *hdl, uchar_t **input, size_t *len) 734 { 735 ktest_ctx_t *ctx = (ktest_ctx_t *)hdl; 736 VERIFY(ctx->ktc_test->kt_requires_input == B_TRUE); 737 VERIFY3P(ctx->ktc_input, !=, NULL); 738 *len = ctx->ktc_input_len; 739 *input = ctx->ktc_input; 740 } 741 742 /* 743 * Grab a hold on 'module' and return it in 'hdl'. Meant to be used 744 * with ktest_get_fn(). Zero indicates success. 745 * 746 * Remember, 'ddi_modhandle_t' is a pointer, so 'hdl' is pointer to 747 * pointer. 748 * 749 * See ktest_hold_mod(9F). 750 */ 751 int 752 ktest_hold_mod(const char *module, ddi_modhandle_t *hdl) 753 { 754 int err; 755 756 if ((*hdl = ddi_modopen(module, KRTLD_MODE_FIRST, &err)) == NULL) { 757 return (err); 758 } 759 760 return (0); 761 } 762 763 /* 764 * The opposite of ktest_hold_mod(). 765 * 766 * See ktest_release_mod(9F). 767 */ 768 void 769 ktest_release_mod(ddi_modhandle_t hdl) 770 { 771 (void) ddi_modclose(hdl); 772 } 773 774 /* 775 * Check if the result is already set. Setting the result more than 776 * once is a bug in the test. This check catches the bug and produces 777 * an error result with a message indicating the line number of the 778 * original result which was overwritten. It replaces 'ktc_res_line' 779 * with the line number of the overwriting result. 780 * 781 * Return true when an existing result was found. 782 */ 783 static boolean_t 784 ktest_result_check(ktest_ctx_t *ctx, int line) 785 { 786 if (ctx->ktc_res->kr_type != KTEST_RESULT_NONE) { 787 char *msg = ctx->ktc_res->kr_msg; 788 int first_line = ctx->ktc_res->kr_line; 789 790 ctx->ktc_res->kr_type = KTEST_RESULT_ERROR; 791 ctx->ktc_res->kr_line = line; 792 793 /* We know the string is within max length. */ 794 (void) snprintf(msg, KTEST_MAX_LOG_LEN, "multiple results: " 795 "prev result at line %d", first_line); 796 797 return (B_TRUE); 798 } 799 800 return (B_FALSE); 801 } 802 803 /* 804 * Set result if and only if one has not already been set. Return true 805 * if the result was set. Return false if it was already set. 806 */ 807 static boolean_t 808 ktest_set_result(ktest_ctx_hdl_t *hdl, ktest_result_type_t rt, int line) 809 { 810 ktest_ctx_t *ctx = (ktest_ctx_t *)hdl; 811 812 /* Overwriting a previous result is not allowed. */ 813 if (ktest_result_check(ctx, line)) { 814 return (B_FALSE); 815 } 816 817 ctx->ktc_res->kr_type = rt; 818 ctx->ktc_res->kr_line = line; 819 return (B_TRUE); 820 } 821 822 static void 823 ktest_set_msg(ktest_ctx_hdl_t *hdl, const char *format, va_list args) 824 { 825 ktest_ctx_t *ctx = (ktest_ctx_t *)hdl; 826 char *msg = ctx->ktc_res->kr_msg; 827 size_t written = 0; 828 829 written = vsnprintf(msg, KTEST_MAX_LOG_LEN, format, args); 830 831 /* Subtract one to account for the implicit NULL byte. */ 832 if (written > (KTEST_MAX_LOG_LEN - 1)) { 833 const ktest_test_t *test = ctx->ktc_test; 834 ktest_suite_t *suite = test->kt_suite; 835 ktest_module_t *mod = suite->ks_module; 836 837 cmn_err(CE_NOTE, "result message truncated: %s:%s:%s [%d]", 838 mod->km_name, suite->ks_name, test->kt_name, 839 ctx->ktc_res->kr_line); 840 } 841 } 842 843 void 844 ktest_result_skip(ktest_ctx_hdl_t *hdl, int line, const char *format, ...) 845 { 846 if (ktest_set_result(hdl, KTEST_RESULT_SKIP, line)) { 847 va_list adx; 848 849 va_start(adx, format); 850 ktest_set_msg(hdl, format, adx); 851 va_end(adx); 852 } 853 } 854 855 void 856 ktest_result_fail(ktest_ctx_hdl_t *hdl, int line, const char *format, ...) 857 { 858 if (ktest_set_result(hdl, KTEST_RESULT_FAIL, line)) { 859 va_list adx; 860 861 va_start(adx, format); 862 ktest_set_msg(hdl, format, adx); 863 va_end(adx); 864 } 865 } 866 867 void 868 ktest_result_error(ktest_ctx_hdl_t *hdl, int line, const char *format, ...) 869 { 870 if (ktest_set_result(hdl, KTEST_RESULT_ERROR, line)) { 871 va_list adx; 872 873 va_start(adx, format); 874 ktest_set_msg(hdl, format, adx); 875 va_end(adx); 876 } 877 } 878 879 void 880 ktest_result_pass(ktest_ctx_hdl_t *hdl, int line) 881 { 882 (void) ktest_set_result(hdl, KTEST_RESULT_PASS, line); 883 } 884 885 /* 886 * Clear the prepend message, undoing any message set by ktest_msg_prepend(). 887 * 888 * See ktest_msg_clear(9F). 889 */ 890 void 891 ktest_msg_clear(ktest_ctx_hdl_t *hdl) 892 { 893 ktest_ctx_t *ctx = (ktest_ctx_t *)hdl; 894 ctx->ktc_res->kr_msg_prepend[0] = '\0'; 895 } 896 897 /* 898 * Prepend formatted text to the result message. This is useful in 899 * cases where the KT_ASSERT macro's generated message doesn't convey 900 * enough context to determine the precise cause of the failure. By 901 * prepending the formatted text you can add additional context while 902 * still using the KT_ASSERT macros (and not having to reimplement 903 * them yourself). This overwrites any existing prepend text. 904 * 905 * See ktest_msg_prepend(9F). 906 */ 907 void 908 ktest_msg_prepend(ktest_ctx_hdl_t *hdl, const char *format, ...) 909 { 910 ktest_ctx_t *ctx = (ktest_ctx_t *)hdl; 911 char *msg = ctx->ktc_res->kr_msg_prepend; 912 size_t written; 913 va_list adx; 914 915 va_start(adx, format); 916 written = vsnprintf(msg, KTEST_MAX_LOG_LEN, format, adx); 917 /* Subtract one to account for the implicit NULL byte. */ 918 if (written > (KTEST_MAX_LOG_LEN - 1)) { 919 const ktest_test_t *test = ctx->ktc_test; 920 ktest_suite_t *suite = test->kt_suite; 921 ktest_module_t *mod = suite->ks_module; 922 923 cmn_err(CE_NOTE, "prepend message truncated: %s:%s:%s", 924 mod->km_name, suite->ks_name, test->kt_name); 925 } 926 va_end(adx); 927 } 928 929 /* 930 * Each `{:}` represents an nvpair, each `[,]` represents an nvlist. 931 * 932 * Test nvlist 933 * ----------- 934 * 935 * [{"name":"<test_name>"}, 936 * {"input_required":boolean_t}] 937 * 938 * Tests nvlist 939 * ------------ 940 * 941 * [{"test1":<test1_nvlist>}, 942 * {"test2":<test2_nvlist>"}, 943 * ...] 944 * 945 * Suite nvlist 946 * ------------ 947 * 948 * [{"name":"<ks->ks_name>"}, 949 * {"tests":<tests_nvlist>}] 950 * 951 * Suites nvlist 952 * ------------- 953 * 954 * [{"suite1":<suite1_nvlist>}, 955 * {"suite2":<suite2_nvlist>}, 956 * ...] 957 * 958 * Module nvlist 959 * ------------- 960 * 961 * [{"name":"<km->km_name>"}, 962 * {"suites":<suites_nvlist>}] 963 * 964 * Modules nvlist 965 * -------------- 966 * 967 * [{"ser_fmt_version":1}, 968 * {"module1":<module1_nvlist>}, 969 * {"module2":<module2_nvlist>}, 970 * ...] 971 * 972 */ 973 int 974 ktest_list_tests(ktest_list_op_t *klo, int mode) 975 { 976 nvlist_t *modules = fnvlist_alloc(); 977 char *buf = NULL; 978 size_t len = 0; 979 int ret = 0; 980 981 /* 982 * The first thing we add is a uint64_t ser_fmt_version field. 983 * This field allows any consumer of this nvlist (namely the 984 * ktest cmd) to know which serialization format it is in. 985 * Specifically, the format version tells the consumer which 986 * fields to expect and how they are laid out. Given that the 987 * ktest kernel facility and its user command are delivered in 988 * gate, this should never be needed. However, including a 989 * versioned format now keeps the future flexible, and costs 990 * us little. 991 */ 992 fnvlist_add_uint64(modules, "ser_fmt_version", KTEST_SER_FMT_VSN); 993 mutex_enter(&ktest_lock); 994 995 for (ktest_module_t *km = list_head(&ktest_modules); 996 km != NULL; 997 km = list_next(&ktest_modules, km)) { 998 nvlist_t *module = fnvlist_alloc(); 999 nvlist_t *suites = fnvlist_alloc(); 1000 1001 for (ktest_suite_t *ks = list_head(&km->km_suites); 1002 ks != NULL; 1003 ks = list_next(&km->km_suites, ks)) { 1004 nvlist_t *suite = fnvlist_alloc(); 1005 nvlist_t *tests = fnvlist_alloc(); 1006 1007 for (ktest_test_t *kt = list_head(&ks->ks_tests); 1008 kt != NULL; 1009 kt = list_next(&ks->ks_tests, kt)) { 1010 nvlist_t *test = fnvlist_alloc(); 1011 1012 fnvlist_add_string(test, KTEST_NAME_KEY, 1013 kt->kt_name); 1014 fnvlist_add_boolean_value(test, 1015 KTEST_TEST_INPUT_KEY, 1016 kt->kt_requires_input); 1017 fnvlist_add_nvlist(tests, kt->kt_name, test); 1018 nvlist_free(test); 1019 } 1020 1021 if (nvlist_empty(tests)) { 1022 nvlist_free(tests); 1023 nvlist_free(suite); 1024 continue; 1025 } 1026 1027 fnvlist_add_string(suite, KTEST_NAME_KEY, ks->ks_name); 1028 fnvlist_add_nvlist(suite, KTEST_SUITE_TESTS_KEY, tests); 1029 fnvlist_add_nvlist(suites, ks->ks_name, suite); 1030 nvlist_free(tests); 1031 nvlist_free(suite); 1032 } 1033 1034 if (nvlist_empty(suites)) { 1035 nvlist_free(suites); 1036 nvlist_free(module); 1037 continue; 1038 } 1039 1040 fnvlist_add_string(module, KTEST_NAME_KEY, km->km_name); 1041 fnvlist_add_nvlist(module, KTEST_MODULE_SUITES_KEY, suites); 1042 fnvlist_add_nvlist(modules, km->km_name, module); 1043 nvlist_free(suites); 1044 nvlist_free(module); 1045 } 1046 1047 mutex_exit(&ktest_lock); 1048 buf = fnvlist_pack(modules, &len); 1049 1050 /* 1051 * The userspace response buffer is not large enough. Fill in 1052 * the amount needed and return ENOBUFS so that the command 1053 * may retry. 1054 */ 1055 if (klo->klo_resp_len < len) { 1056 klo->klo_resp_len = len; 1057 nvlist_free(modules); 1058 ret = ENOBUFS; 1059 goto out; 1060 } 1061 1062 klo->klo_resp_len = len; 1063 1064 if (ddi_copyout(buf, klo->klo_resp, len, mode) != 0) { 1065 ret = EFAULT; 1066 goto out; 1067 } 1068 1069 out: 1070 nvlist_free(modules); 1071 kmem_free(buf, len); 1072 return (ret); 1073 } 1074 1075 static void 1076 ktest_run_test(const ktest_test_t *kt, uchar_t *input, uint64_t input_len, 1077 ktest_result_t *res) 1078 { 1079 ktest_ctx_t ctx; 1080 1081 bzero(&ctx, sizeof (ctx)); 1082 res->kr_type = KTEST_RESULT_NONE; 1083 ctx.ktc_test = kt; 1084 ctx.ktc_res = res; 1085 ctx.ktc_input = input; 1086 ctx.ktc_input_len = input_len; 1087 kt->kt_fn((ktest_ctx_hdl_t *)&ctx); 1088 } 1089 1090 static int 1091 ktest_getinfo(dev_info_t *dip, ddi_info_cmd_t cmd, void *arg, void **resultp) 1092 { 1093 switch (cmd) { 1094 case DDI_INFO_DEVT2DEVINFO: 1095 *resultp = ktest_dip; 1096 break; 1097 case DDI_INFO_DEVT2INSTANCE: 1098 *resultp = (void *)0; 1099 break; 1100 default: 1101 return (DDI_FAILURE); 1102 } 1103 1104 return (DDI_SUCCESS); 1105 } 1106 1107 static int 1108 ktest_attach(dev_info_t *dip, ddi_attach_cmd_t cmd) 1109 { 1110 if (cmd != DDI_ATTACH) { 1111 return (DDI_FAILURE); 1112 } 1113 1114 if (ddi_create_minor_node(dip, "ktest", S_IFCHR, KTEST_CTL_MINOR, 1115 DDI_PSEUDO, 0) != DDI_SUCCESS) { 1116 return (DDI_FAILURE); 1117 } 1118 1119 ktest_dip = dip; 1120 ddi_report_dev(dip); 1121 return (DDI_SUCCESS); 1122 } 1123 1124 static int 1125 ktest_detach(dev_info_t *dip, ddi_detach_cmd_t cmd) 1126 { 1127 if (cmd != DDI_DETACH) { 1128 return (DDI_FAILURE); 1129 } 1130 1131 ddi_remove_minor_node(dip, NULL); 1132 ktest_dip = NULL; 1133 return (DDI_SUCCESS); 1134 } 1135 1136 static int 1137 ktest_open(dev_t *devp, int flag, int otype, cred_t *credp) 1138 { 1139 if (otype != OTYP_CHR) { 1140 return (EINVAL); 1141 } 1142 1143 /* Make sure attach(9E) has completed. */ 1144 if (ktest_dip == NULL) { 1145 return (ENXIO); 1146 } 1147 1148 if (getminor(*devp) != KTEST_CTL_MINOR) { 1149 return (ENXIO); 1150 } 1151 1152 if (flag & FWRITE) { 1153 return (EACCES); 1154 } 1155 1156 if (flag & FEXCL) { 1157 return (ENOTSUP); 1158 } 1159 1160 /* 1161 * Access to the ktest facility requires the utmost respect: 1162 * test modules have full access to the kernel address space 1163 * and the user executing ktest can pipe in any arbitrary 1164 * stream of bytes to any test which takes an input stream. 1165 * Given this liability, and the fact the test facility should 1166 * mostly be used for development quality assurance or 1167 * production pre-flight checklists or healthchecks, it makes 1168 * sense to restrict the loading, listing, and execution of 1169 * tests to those with the highest of privilege: the root 1170 * role/user in the Global Zone. 1171 */ 1172 if (drv_priv(credp) != 0 || crgetzoneid(credp) != GLOBAL_ZONEID) { 1173 return (EPERM); 1174 } 1175 1176 return (0); 1177 } 1178 1179 static int 1180 ktest_close(dev_t dev, int flags, int otype, cred_t *credp) 1181 { 1182 return (0); 1183 } 1184 1185 static int 1186 ktest_ioctl_run_test(intptr_t arg, int mode) 1187 { 1188 int ret = 0; 1189 ktest_run_op_t kro; 1190 uchar_t *input_bytes = NULL; 1191 ktest_test_t *kt = NULL; 1192 1193 bzero(&kro, sizeof (kro)); 1194 if (ddi_copyin((void *)arg, &kro, sizeof (kro), mode) != 0) { 1195 return (EFAULT); 1196 } 1197 1198 if (kro.kro_input_len > KTEST_IOCTL_MAX_LEN) { 1199 return (EINVAL); 1200 } 1201 1202 /* 1203 * If there is input, copy it into KAS. 1204 */ 1205 if (kro.kro_input_len > 0) { 1206 input_bytes = kmem_zalloc(kro.kro_input_len, KM_SLEEP); 1207 ret = ddi_copyin((void *)kro.kro_input_bytes, input_bytes, 1208 kro.kro_input_len, mode); 1209 1210 if (ret != 0) { 1211 ret = EFAULT; 1212 goto done; 1213 } 1214 } 1215 1216 mutex_enter(&ktest_lock); 1217 kt = ktest_get_test(kro.kro_module, kro.kro_suite, kro.kro_test); 1218 1219 /* 1220 * We failed to find a matching test. The ktest command should 1221 * always send down a valid fully-qualified triple; but it's 1222 * good hygiene to check for this case. 1223 */ 1224 if (kt == NULL) { 1225 ret = ENOENT; 1226 goto done; 1227 } 1228 1229 /* 1230 * The test requires input but none was provided. The ktest 1231 * command should not send down such a request; but it's good 1232 * hygiene to check for it. 1233 */ 1234 if (kt->kt_requires_input && kro.kro_input_len == 0) { 1235 ret = EINVAL; 1236 goto done; 1237 } 1238 1239 ktest_run_test(kt, input_bytes, kro.kro_input_len, &kro.kro_result); 1240 1241 done: 1242 mutex_exit(&ktest_lock); 1243 kmem_free(input_bytes, kro.kro_input_len); 1244 1245 if (ret == 0 && 1246 ddi_copyout(&kro, (void *)arg, sizeof (kro), mode) != 0) { 1247 ret = EFAULT; 1248 } 1249 1250 return (ret); 1251 } 1252 1253 static int 1254 ktest_ioctl_list_tests(intptr_t arg, int mode) 1255 { 1256 int ret = 0; 1257 ktest_list_op_t klo; 1258 1259 bzero(&klo, sizeof (klo)); 1260 if (ddi_copyin((void *)arg, &klo, sizeof (klo), mode) != 0) { 1261 return (EFAULT); 1262 } 1263 1264 if ((ret = ktest_list_tests(&klo, mode)) == 0) { 1265 if (ddi_copyout(&klo, (void *)arg, sizeof (klo), mode) != 0) { 1266 return (EFAULT); 1267 } 1268 } 1269 1270 return (ret); 1271 } 1272 1273 static int 1274 ktest_ioctl(dev_t dev, int cmd, intptr_t arg, int mode, cred_t *credp, 1275 int *rvalp) 1276 { 1277 int ret = 0; 1278 1279 /* 1280 * We make two assumptions: 1281 * 1282 * 1. That only the ktest command interacts with the ktest driver. 1283 * 1284 * 2. The the ktest command is 64-bit. 1285 */ 1286 if (ddi_model_convert_from(mode) != DDI_MODEL_NONE) { 1287 return (ENOSYS); 1288 } 1289 1290 switch (cmd) { 1291 case KTEST_IOCTL_RUN_TEST: 1292 ret = ktest_ioctl_run_test(arg, mode); 1293 break; 1294 1295 case KTEST_IOCTL_LIST_TESTS: 1296 ret = ktest_ioctl_list_tests(arg, mode); 1297 break; 1298 1299 default: 1300 ret = EINVAL; 1301 break; 1302 } 1303 1304 return (ret); 1305 } 1306 1307 static struct cb_ops ktest_cb_ops = { 1308 .cb_open = ktest_open, 1309 .cb_close = ktest_close, 1310 .cb_strategy = nodev, 1311 .cb_print = nodev, 1312 .cb_dump = nodev, 1313 .cb_read = nodev, 1314 .cb_write = nodev, 1315 .cb_ioctl = ktest_ioctl, 1316 .cb_devmap = nodev, 1317 .cb_mmap = nodev, 1318 .cb_segmap = nodev, 1319 .cb_chpoll = nochpoll, 1320 .cb_prop_op = ddi_prop_op, 1321 .cb_flag = D_MP | D_64BIT, 1322 .cb_rev = CB_REV, 1323 .cb_aread = nodev, 1324 .cb_awrite = nodev, 1325 .cb_str = NULL 1326 }; 1327 1328 static struct dev_ops ktest_dev_ops = { 1329 .devo_rev = DEVO_REV, 1330 .devo_refcnt = 0, 1331 .devo_getinfo = ktest_getinfo, 1332 .devo_identify = nulldev, 1333 .devo_probe = nulldev, 1334 .devo_attach = ktest_attach, 1335 .devo_detach = ktest_detach, 1336 .devo_reset = nodev, 1337 .devo_power = NULL, 1338 .devo_quiesce = ddi_quiesce_not_supported, 1339 .devo_cb_ops = &ktest_cb_ops, 1340 .devo_bus_ops = NULL 1341 }; 1342 1343 static struct modldrv ktest_modldrv = { 1344 .drv_modops = &mod_driverops, 1345 .drv_linkinfo = "Kernel Test Driver v1", 1346 .drv_dev_ops = &ktest_dev_ops 1347 }; 1348 1349 static struct modlinkage ktest_modlinkage = { 1350 .ml_rev = MODREV_1, 1351 .ml_linkage = { &ktest_modldrv, NULL } 1352 }; 1353 1354 static void 1355 ktest_fini() 1356 { 1357 ktest_unregister_all(); 1358 list_destroy(&ktest_modules); 1359 mutex_destroy(&ktest_lock); 1360 } 1361 1362 /* 1363 * This is a pseudo device driver with a single instance, therefore 1364 * all state is allocated/freed during init/fini. We delay the 1365 * creation of the taskq until attach, since tests cannot be executed 1366 * until the driver is attached. 1367 */ 1368 int 1369 _init(void) 1370 { 1371 int ret; 1372 1373 mutex_init(&ktest_lock, NULL, MUTEX_DRIVER, NULL); 1374 list_create(&ktest_modules, sizeof (ktest_module_t), 1375 offsetof(ktest_module_t, km_node)); 1376 ret = mod_install(&ktest_modlinkage); 1377 1378 if (ret != DDI_SUCCESS) { 1379 ktest_fini(); 1380 } 1381 1382 return (ret); 1383 } 1384 1385 int 1386 _fini(void) 1387 { 1388 int ret = mod_remove(&ktest_modlinkage); 1389 1390 if (ret == DDI_SUCCESS) { 1391 ktest_fini(); 1392 } 1393 1394 return (ret); 1395 } 1396 1397 int 1398 _info(struct modinfo *modinfop) 1399 { 1400 return (mod_info(&ktest_modlinkage, modinfop)); 1401 } 1402