1 /* 2 * This file and its contents are supplied under the terms of the 3 * Common Development and Distribution License ("CDDL"), version 1.0. 4 * You may only use this file in accordance with the terms of version 5 * 1.0 of the CDDL. 6 * 7 * A full copy of the text of the CDDL should have accompanied this 8 * source. A copy of the CDDL is also available via the Internet at 9 * http://www.illumos.org/license/CDDL. 10 */ 11 12 /* 13 * Copyright 2023 Oxide Computer Company 14 * Copyright 2024 Ryan Zezeski 15 */ 16 17 /* 18 * The Kernel Test Facility 19 * ------------------------ 20 * 21 * The kernel test facility, otherwise known as "ktest", provides a 22 * means for in situ kernel testing. It allows one to write kernel 23 * modules whose purpose is to test other kernel modules (or the 24 * kernel at large). While much can be tested from userland, there are 25 * some cases where there is no substitute for running the test code 26 * in kernel context, right next to the code it's testing. In many 27 * cases it's the only way to efficiently test specific execution 28 * paths, by avoiding the brittleness of action from afar which relies 29 * on subtle interactions between userland and kernel. For these 30 * cases, and many more, ktest gives you the best chance at directly 31 * testing kernel code (short of injecting DEBUG invariant checks 32 * inline with the code itself). 33 * 34 * The kernel test facility provides the following. 35 * 36 * - The ktest kernel module (this file), which acts as a central 37 * location for all administration and execution of test modules. 38 * 39 * - The ktest(9) API, which provides the tools to write tests and 40 * register them with the ktest module. 41 * 42 * - The ktest pseudo device, which presents a control surface to 43 * userspace in the form of your typical ioctl interface. 44 * 45 * - A ktest(8) user command, which provides a user interface to the 46 * ktest facility. 47 * 48 * Ktest Architecture 49 * ------------------ 50 * 51 * ## The Test Triple 52 * 53 * Ktest provides a three-level namespace for organizing tests, 54 * referred to as the "test triple". It consists of the module name, 55 * suite name, and test name, written as '<module>:<suite>:<test>'. 56 * 57 * - Module: The top of the namespace, typically named after the 58 * module-under-test (MUT). The convention is to append the '_test' 59 * suffix to the module-under-test. For example, the 'mac' module 60 * might have a 'mac_test' test module. However, there is no hard 61 * rule that a test module must be named after its 62 * module-under-test, it’s merely a suggestion. Such a convention is 63 * a bit unwieldy for large modules like genunix. In those cases it 64 * makes sense to break from the norm. 65 * 66 * - Suite: Each module consists of one or more suites. A suite groups 67 * tests of related functionality. For example, you may have several 68 * tests that verify checksum routines for which you might name the 69 * suite 'checksum'. 70 * 71 * - Test: Each suite consists of one of more tests. The name of the 72 * test can be any string which you find descriptive of the test. A 73 * unit test for a single, small function will often use the name of 74 * the function-under-test with a _test suffix added. But for 75 * testing a series of function calls, or a larger function, it may 76 * make sense to abandon this convention. 77 * 78 * A test triple can be fully or partially-qualified, depending on the 79 * context. A fully-qualified triple is one that names one test by 80 * specifying each level of the namespace and using no glob characters 81 * -- it’s unambiguous. A partially-qualified triple, on the other 82 * hand, can be ambiguous; it only names some of the namespace or 83 * makes use of glob characters. 84 * 85 * Fully qualified: 86 * 87 * 'mac:checksum:mac_sw_cksum_ipv4_tcp_test' 88 * 89 * Partially qualified 90 * 91 * '*' 92 * '*:*:*' 93 * 'mac:' 94 * 'mac:checksum' 95 * 'mac:*:mac_sw*' 96 * 97 * ## The Context Handle 98 * 99 * All communication between ktest and the individual test happens via 100 * the "context object". This object cannot be accessed directly. 101 * Instead, ktest provides a context handle to be accessed via its 102 * ktest(9) API. A test must conform to the ktest_fn_t prototype. 103 * 104 * ## Setting Test Results 105 * 106 * A test conveys its result using one of the result ktest(9) APIs. A 107 * result is typically pass or fail, but a test may also be skipped or 108 * may encounter an unforeseen error. See ktest_result_type_t for a 109 * description of the types of results. All test results should 110 * include the associated source line by way of the __LINE__ macro. 111 * The fail, error, and skip results should also include a message 112 * giving further context on the result. 113 * 114 * ktest_result_pass(ktest_ctx_hdl_t *, int) 115 * 116 * The test ran as expected and all conditions were met. The result 117 * value is set to KTEST_RESULT_PASS. 118 * 119 * ktest_result_fail(ktest_ctx_hdl_t *, int, const char *, ...) 120 * 121 * One of the test conditions was violated. The test should use the 122 * format string and arguments to create a message describing which 123 * condition failed and why. The result value is set to KTEST_RESULT_FAIL. 124 * 125 * ktest_result_error(ktest_ctx_hdl_t *, int, const char *, ...) 126 * 127 * The test encountered an unexpected error, one that is not 128 * directly related to the logic under test. For example, failure to 129 * acquire memory is often outside of the test parameters for most 130 * tests. These types of errors are often encountered when 131 * interacting with the kernel at large and when acquiring resources 132 * for test setup. Perhaps most importantly, it indicates the lack 133 * of a pass/fail determination for this test. The result value is 134 * set to KTEST_RESULT_ERROR. 135 * 136 * ktest_result_skip(ktest_ctx_hdl_t *, int, const char *, ...) 137 * 138 * The test lacks the required context to execute, typically for 139 * lack of resources or specific hardware under test. Like the error 140 * result, this lacks a pass/fail determination. The result value is 141 * set to KTEST_RESULT_SKIP. 142 * 143 * ## Result Macros 144 * 145 * Using the API above is cumbersome, requiring the repetitive use of 146 * the __LINE__ macro. The following macros are provided for ease of 147 * use. 148 * 149 * - KT_PASS(ktest_ctx_hdl_t *ctx) 150 * - KT_FAIL(ktest_ctx_hdl_t *ctx, char *msg, ...) 151 * - KT_ERROR(ktest_ctx_hdl_t *ctx, char *msg, ...) 152 * - KT_SKIP(ktest_ctx_hdl_t *ctx, char *msg, ...) 153 * 154 * ## KTest ASSERT Macros 155 * 156 * Even with the help of the result macros, writing test assertions 157 * requires quite a bit of verbosity and boilerplate; requiring an if 158 * statement, a KT_* call, and the failure message arguments. The 159 * KTest ASSERT macros provide an ASSERT3-like family of macros to 160 * reduce the boilerplate and make test writing feel more natural. 161 * However, they are different from the ASSERT3 family in two major 162 * ways. 163 * 164 * 1. They don't panic. The point is to report test failure, not 165 * preserve system state leading up to an invalid condition. 166 * However, for particularly difficult-to-debug test failures you 167 * could use DTrace to invoke a panic upon entry to 168 * ktest_result_error. 169 * 170 * 2. Following from (1), there may be test state to cleanup such as 171 * freeing memory or other resources. This cleanup needs to happen 172 * as a consequence of the assertion triggering, before returning 173 * from the test function. 174 * 175 * There are three types of KT_ASSERT macros: KTest ASSERT, KTest 176 * ASSERT Goto, and KTest ASSERT Block. The first type of assert is 177 * the closest match to the standard ASSERT macros: they provide no 178 * state cleanup, but require the context handle is passed as final 179 * argument. The goto versions allow for cleanup via a jump to a 180 * label. The block versions allow for cleanup via an attached block, 181 * much like an if statement, but requires an additional 182 * KT_ASSERTB_END to indicate the end of the block. What follows is a 183 * list of the various KT_ASSERT macros and their arguments. For each 184 * macro listed below, there is a corresponding KTEST_EASSERT macro. 185 * These later macros set a KTEST_ERROR result when tripped. 186 * 187 * KTest ASSERT (no cleanup) 188 * 189 * KTEST_ASSERT3S(left, op, right, ctx) 190 * KTEST_ASSERT3U(left, op, right, ctx) 191 * KTEST_ASSERT3P(left, op, right, ctx) 192 * KTEST_ASSERT(exp, ctx) 193 * KTEST_ASSERT0(exp, ctx) 194 * 195 * KTest ASSERT Goto (cleanup via label) 196 * 197 * KT_ASSERT3SG(left, op, right, ctx, label) 198 * KT_ASSERT3UG(left, op, right, ctx, label) 199 * KT_ASSERT3PG(left, op, right, ctx, label) 200 * KT_ASSERTG(exp, ctx, label) 201 * KT_ASSERT0G(exp, ctx, label) 202 * 203 * KTest ASSERT Block (cleanup via block) 204 * 205 * KT_ASSERT*B(left, op, right, ctx) { 206 * <... cleanup goes here ...> 207 * } 208 * KT_ASSERTB_END 209 * 210 * ## Additional Failure/Error Context 211 * 212 * Sometimes the failure message generated by the KT_ASSERT macro is 213 * not enough. You might want to prepend some information to the 214 * message to provide additional context about the failure. This would 215 * require using the ktest result API manually, which defeats the 216 * purpose of the KT_ASSERT macros. Instead, ktest offers the 217 * ktest_msg_{prepend,clear}(9F) API; allowing you to prepend 218 * additional context to the failure message (if the assertion should 219 * trip) while still using the KT_ASSERT macros. 220 * 221 * For example, if you were asserting an invariant on an array of 222 * objects, and you wanted the failure message to include the index of 223 * the object which tripped the assert, you could write something like 224 * the following. 225 * 226 * ---- 227 * for (int i = 0; i < num_objs; i++) { 228 * obj_t *obj = &objs[i]; 229 * 230 * ktest_msg_prepend(ctx, "objs[%d]: ", i); 231 * KT_ASSERT3P(obj->o_state, !=, NULL, ctx); 232 * } 233 * 234 * ktest_msg_clear(ctx); 235 * ---- 236 * 237 * The ktest_msg_prepend() call is not additive; it always overwrites 238 * the contents of the prepend buffer. 239 * 240 * ## Test Input 241 * 242 * A test has the option to require input. The input is always in the 243 * form of a byte stream. The interpretation of those bytes is left to 244 * the test; the ktest facility at large treats the input stream as 245 * opaque. It is legal to have an input stream of zero bytes. The test 246 * retrieves its byte stream with the ktest_get_input(9F) API. 247 * 248 * ## Testing Private Functions 249 * 250 * A test module often needs to test static (private) functions. 251 * However, as the test module and module-under-test are two different 252 * modules, and a static function's linkage is local, there is no way 253 * to easily access them. Ktest works around this by offering a set of 254 * APIs to dynamically load the the function object into the test module. 255 * 256 * ktest_hold_mod(9F) 257 * ktest_get_fn(9F) 258 * ktest_release_mod(9F) 259 * 260 * The test modules must perform four steps when accessing a static 261 * function. 262 * 263 * 1. Recreate the function prototype, typically in the form of a 264 * typedef. This is then used to declare the function pointer to 265 * the static function. 266 * 267 * 2. Get a handle to the module-under-test via ktest_hold_mod(9F). 268 * 269 * 3. Fill in the function pointer with ktest_get_fn(9F), after 270 * which it can be called just as it would in the 271 * module-under-test. 272 * 273 * 4. At completion of the test release the module handle via 274 * ktest_release_mod(9F). 275 * 276 * ## Registering Tests 277 * 278 * For a test to be run it first needs to be registered with the ktest 279 * facility. This is done via the ktest(9) APIs described below. The 280 * test module should be a 'modlmisc' module and perform all test 281 * registration/unregistration in its '_init' and '_fini' callbacks. 282 * Internally, ktest tracks all registered tests via the ktest_modules 283 * list. 284 * 285 * ktest_create_module(9F) 286 * ktest_add_test(9F) 287 * ktest_add_suite(9F) 288 * ktest_register_module(9F) 289 * ktest_unregister_module(9F) 290 * 291 * The creation and registration of tests is typically done in the 292 * following order. 293 * 294 * 1. Create a new module with ktest_create_module(9F). 295 * 296 * 2. Add a new suite with ktest_add_suite(9F). 297 * 298 * 3. Add one or more tests to the suite with ktest_add_test(9F). 299 * 300 * 4. Go back to step (2) if more suites are needed. 301 * 302 * 5. Register the module with ktest_register_module(9F). 303 * 304 * For unregistering your test module it's a simple matter of calling 305 * ktest_unregister_module(9F). 306 * 307 * The ktest_add_test(9F) API does provide a flags argument for 308 * providing additional information about the test, see 309 * ktest_test_flags_t for more information. 310 */ 311 #include <sys/stddef.h> 312 #include <sys/conf.h> 313 #include <sys/file.h> 314 #include <sys/stat.h> 315 #include <sys/modctl.h> 316 #include <sys/ktest_impl.h> 317 #include <sys/ddi.h> 318 #include <sys/sunddi.h> 319 320 #define KTEST_CTL_MINOR 0 321 322 dev_info_t *ktest_dip; 323 kmutex_t ktest_lock; 324 325 /* 326 * The global list of registered ktest modules. A module must call 327 * ktest_register_module() to register itself with the ktest framework. 328 * 329 * Protected by ktest_lock. 330 * 331 * List modules in MDB 332 * ------------------- 333 * 334 * > ktest_modules::walk list |::print ktest_module_t 335 */ 336 list_t ktest_modules; 337 338 /* 339 * Determine if the name is valid. This is probably overly 340 * restrictive, but it's easier to add additional characters later 341 * than to remove them. We want to avoid: 342 * 343 * - KTEST_SEPARATOR and KTEST_GMATCH_CHARS, as it causes ambiguity. 344 * 345 * - Characters that make it harder to use the ktest command in an 346 * interactive shell, such as whitespace and special characters like '&'. 347 */ 348 static int 349 ktest_valid_name(const char *name) 350 { 351 size_t len = strnlen(name, KTEST_MAX_NAME_LEN); 352 353 if (len >= KTEST_MAX_NAME_LEN) { 354 return (EOVERFLOW); 355 } 356 357 for (uint_t i = 0; i < len; i++) { 358 char c = name[i]; 359 boolean_t good_char = c == '.' || c == '_' || 360 (c >= 'A' && c <= 'Z') || (c >= 'a' && c <= 'z') || 361 (c >= '0' && c <= '9'); 362 363 if (!good_char) { 364 return (EINVAL); 365 } 366 } 367 368 return (0); 369 } 370 371 static ktest_module_t * 372 ktest_find_module(const char *module) 373 { 374 ktest_module_t *km = NULL; 375 376 VERIFY(MUTEX_HELD(&ktest_lock)); 377 378 for (km = list_head(&ktest_modules); km != NULL; 379 km = list_next(&ktest_modules, km)) { 380 if (strncmp(km->km_name, module, KTEST_MAX_NAME_LEN) == 0) { 381 return (km); 382 } 383 } 384 385 return (NULL); 386 } 387 388 static ktest_suite_t * 389 ktest_find_suite(ktest_module_t *km, const char *suite) 390 { 391 ktest_suite_t *ks = NULL; 392 393 for (ks = list_head(&km->km_suites); ks != NULL; 394 ks = list_next(&km->km_suites, ks)) { 395 if (strncmp(ks->ks_name, suite, KTEST_MAX_NAME_LEN) == 0) { 396 return (ks); 397 } 398 } 399 400 return (NULL); 401 } 402 403 static ktest_test_t * 404 ktest_find_test(ktest_suite_t *ks, const char *test) 405 { 406 ktest_test_t *kt = NULL; 407 408 for (kt = list_head(&ks->ks_tests); kt != NULL; 409 kt = list_next(&ks->ks_tests, kt)) { 410 if (strncmp(kt->kt_name, test, KTEST_MAX_NAME_LEN) == 0) { 411 return (kt); 412 } 413 } 414 415 return (NULL); 416 } 417 418 /* 419 * Return a pointer to the test that matches the fully-qualified 420 * triple. Return NULL if no match is found. 421 */ 422 static ktest_test_t * 423 ktest_get_test(const char *module, const char *suite, const char *test) 424 { 425 ktest_module_t *km = NULL; 426 ktest_suite_t *ks = NULL; 427 428 VERIFY(module != NULL); 429 VERIFY(suite != NULL); 430 VERIFY(test != NULL); 431 VERIFY(MUTEX_HELD(&ktest_lock)); 432 433 if ((km = ktest_find_module(module)) == NULL) { 434 return (NULL); 435 } 436 437 if ((ks = ktest_find_suite(km, suite)) == NULL) { 438 return (NULL); 439 } 440 441 return (ktest_find_test(ks, test)); 442 } 443 444 /* 445 * Create a new test module object named 'name'. The test module name 446 * may be the same as the module-under-test, but this isn't required. 447 * 448 * Zero indicates success and a handle to the module object is 449 * returned via 'km_hdl'. 450 * 451 * See ktest_create_module(9F). 452 */ 453 int 454 ktest_create_module(const char *name, ktest_module_hdl_t **km_hdl) 455 { 456 int ret = 0; 457 ktest_module_t *km = NULL; 458 459 if ((ret = ktest_valid_name(name)) != 0) { 460 return (ret); 461 } 462 463 if ((km = kmem_zalloc(sizeof (*km), KM_NOSLEEP)) == NULL) { 464 return (ENOMEM); 465 } 466 467 list_create(&km->km_suites, sizeof (ktest_suite_t), 468 offsetof(ktest_suite_t, ks_node)); 469 /* The length was already checked by ktest_valid_name(). */ 470 (void) strlcpy(km->km_name, name, sizeof (km->km_name)); 471 *km_hdl = (ktest_module_hdl_t *)km; 472 return (0); 473 } 474 475 /* 476 * Create a new suite object named 'name' and add it to the module. 477 * 478 * Zero indicates success and a handle to the suite object is returned 479 * via 'ks_hdl'. 480 * 481 * See ktest_add_suite(9F). 482 */ 483 int 484 ktest_add_suite(ktest_module_hdl_t *km_hdl, const char *name, 485 ktest_suite_hdl_t **ks_hdl) 486 { 487 int ret = 0; 488 ktest_module_t *km = (ktest_module_t *)km_hdl; 489 ktest_suite_t *ks = NULL; 490 491 if ((ret = ktest_valid_name(name)) != 0) { 492 return (ret); 493 } 494 495 if (ktest_find_suite(km, name) != NULL) { 496 return (EEXIST); 497 } 498 499 if ((ks = kmem_zalloc(sizeof (*ks), KM_NOSLEEP)) == NULL) { 500 return (ENOMEM); 501 } 502 503 list_create(&ks->ks_tests, sizeof (ktest_test_t), 504 offsetof(ktest_test_t, kt_node)); 505 /* The length was already checked by ktest_valid_name(). */ 506 (void) strlcpy(ks->ks_name, name, sizeof (ks->ks_name)); 507 ks->ks_module = km; 508 list_insert_tail(&km->km_suites, ks); 509 km->km_num_suites++; 510 km->km_num_tests += ks->ks_num_tests; 511 *ks_hdl = (ktest_suite_hdl_t *)ks; 512 return (0); 513 } 514 515 static int 516 ktest_create_test(ktest_test_t **test_out, ktest_suite_t *ks, const char *name, 517 ktest_fn_t fn, ktest_test_flags_t flags) 518 { 519 int ret = 0; 520 ktest_test_t *kt = NULL; 521 boolean_t requires_input = B_FALSE; 522 523 if ((ret = ktest_valid_name(name)) != 0) { 524 return (ret); 525 } 526 527 if ((kt = kmem_zalloc(sizeof (*kt), KM_NOSLEEP)) == NULL) { 528 return (ENOMEM); 529 } 530 531 if ((flags & KTEST_FLAG_INPUT) != 0) { 532 requires_input = B_TRUE; 533 } 534 535 /* The length was already checked by ktest_valid_name(). */ 536 (void) strlcpy(kt->kt_name, name, sizeof (kt->kt_name)); 537 kt->kt_fn = fn; 538 kt->kt_suite = ks; 539 kt->kt_requires_input = requires_input; 540 *test_out = kt; 541 return (0); 542 } 543 544 /* 545 * Add a test function to the suite specified by 'ks_hdl'. The test is 546 * registered under the 'name' pseudonym and refers to the 'fn' 547 * function. While the name is often the same as the function symbol, 548 * this is merely a convention and not enforced. The 'flags' argument 549 * may specify additional information about the function -- see the 550 * ktest_test_flags_t definition. 551 * 552 * This function creates a new test object on the caller's behalf and 553 * registers it with the specified suite. Zero indicates success. 554 * 555 * See ktest_add_test(9F). 556 */ 557 int 558 ktest_add_test(ktest_suite_hdl_t *ks_hdl, const char *name, ktest_fn_t fn, 559 ktest_test_flags_t flags) 560 { 561 ktest_suite_t *ks = (ktest_suite_t *)ks_hdl; 562 ktest_test_t *test; 563 int ret; 564 565 if (ktest_find_test(ks, name) != NULL) { 566 return (EEXIST); 567 } 568 569 if ((ret = ktest_create_test(&test, ks, name, fn, flags)) != 0) { 570 return (ret); 571 } 572 573 list_insert_tail(&ks->ks_tests, test); 574 ks->ks_num_tests++; 575 return (0); 576 } 577 578 /* 579 * Register the test module specified by 'km_hdl' with the ktest 580 * facility. 581 * 582 * See ktest_register_module(9F). 583 */ 584 int 585 ktest_register_module(ktest_module_hdl_t *km_hdl) 586 { 587 ktest_module_t *km = (ktest_module_t *)km_hdl; 588 589 mutex_enter(&ktest_lock); 590 591 if (ktest_find_module(km->km_name) != NULL) { 592 mutex_exit(&ktest_lock); 593 cmn_err(CE_NOTE, "test module already exists: %s", km->km_name); 594 return (EEXIST); 595 } 596 597 list_insert_tail(&ktest_modules, km); 598 mutex_exit(&ktest_lock); 599 return (0); 600 } 601 602 static void 603 ktest_free_test(ktest_test_t *test) 604 { 605 kmem_free(test, sizeof (*test)); 606 } 607 608 static void 609 ktest_free_suite(ktest_suite_t *ks) 610 { 611 ktest_test_t *kt = NULL; 612 613 while ((kt = list_remove_head(&ks->ks_tests)) != NULL) { 614 ktest_free_test(kt); 615 } 616 617 list_destroy(&ks->ks_tests); 618 kmem_free(ks, sizeof (*ks)); 619 } 620 621 void 622 ktest_free_module(ktest_module_hdl_t *km_hdl) 623 { 624 ktest_module_t *km = (ktest_module_t *)km_hdl; 625 ktest_suite_t *ks = NULL; 626 627 while ((ks = list_remove_head(&km->km_suites)) != NULL) { 628 ktest_free_suite(ks); 629 } 630 631 list_destroy(&km->km_suites); 632 kmem_free(km, sizeof (*km)); 633 } 634 635 /* 636 * Unregister the test module named by 'name'. This walks all suites 637 * and tests registered under this module, removing them and freeing 638 * their resources. 639 * 640 * See ktest_unregister_module(9F). 641 */ 642 void 643 ktest_unregister_module(const char *name) 644 { 645 mutex_enter(&ktest_lock); 646 647 for (ktest_module_t *km = list_head(&ktest_modules); 648 km != NULL; 649 km = list_next(&ktest_modules, km)) { 650 if (strncmp(name, km->km_name, KTEST_MAX_NAME_LEN) == 0) { 651 list_remove(&ktest_modules, km); 652 ktest_free_module((ktest_module_hdl_t *)km); 653 break; 654 } 655 } 656 657 mutex_exit(&ktest_lock); 658 } 659 660 static void 661 ktest_unregister_all() 662 { 663 ktest_module_t *km; 664 mutex_enter(&ktest_lock); 665 666 while ((km = list_remove_head(&ktest_modules)) != NULL) { 667 ktest_free_module((ktest_module_hdl_t *)km); 668 } 669 670 mutex_exit(&ktest_lock); 671 } 672 673 /* 674 * Get a function pointer to the function with symbol 'fn_name'. This 675 * function must be a symbol in the module referenced by 'hdl', 676 * otherwise an error is returned. It's up to the caller to make sure 677 * that the 'fn' pointer is declared correctly. 678 * 679 * Zero indicates success. 680 * 681 * See ktest_get_fn(9F). 682 */ 683 int 684 ktest_get_fn(ddi_modhandle_t hdl, const char *fn_name, void **fn) 685 { 686 int err; 687 688 if ((*fn = ddi_modsym(hdl, fn_name, &err)) == NULL) { 689 return (err); 690 } 691 692 return (0); 693 } 694 695 /* 696 * Get the input stream from the context handle. The contract for this 697 * API guarantees that if it is called, then there MUST be an input 698 * stream. It does this by VERIFYing that a) the test's 699 * 'kt_requires_input' flag is set, and b) that the 'ktc_input' is 700 * non-NULL. This means that failure to set an input stream on a test 701 * which requires it will result in a kernel panic. That may seem 702 * extreme, however, consider that this is meant to be discovered 703 * during development, and that the ktest cmd also takes steps to 704 * ensure that any test which requires input has an input stream 705 * specified. The impetus for this contract is to avoid checking for 706 * valid input in every test -- it allows the test to assume the input 707 * is there and categorically catch any case where it is not. 708 * 709 * This contract does not preclude the possibility of a 0-byte stream, 710 * which may be a valid test case for some tests. It only precludes a 711 * non-existent stream. 712 * 713 * See ktest_get_input(9F). 714 */ 715 void 716 ktest_get_input(const ktest_ctx_hdl_t *hdl, uchar_t **input, size_t *len) 717 { 718 ktest_ctx_t *ctx = (ktest_ctx_t *)hdl; 719 VERIFY(ctx->ktc_test->kt_requires_input == B_TRUE); 720 VERIFY3P(ctx->ktc_input, !=, NULL); 721 *len = ctx->ktc_input_len; 722 *input = ctx->ktc_input; 723 } 724 725 /* 726 * Grab a hold on 'module' and return it in 'hdl'. Meant to be used 727 * with ktest_get_fn(). Zero indicates success. 728 * 729 * Remember, 'ddi_modhandle_t' is a pointer, so 'hdl' is pointer to 730 * pointer. 731 * 732 * See ktest_hold_mod(9F). 733 */ 734 int 735 ktest_hold_mod(const char *module, ddi_modhandle_t *hdl) 736 { 737 int err; 738 739 if ((*hdl = ddi_modopen(module, KRTLD_MODE_FIRST, &err)) == NULL) { 740 return (err); 741 } 742 743 return (0); 744 } 745 746 /* 747 * The opposite of ktest_hold_mod(). 748 * 749 * See ktest_release_mod(9F). 750 */ 751 void 752 ktest_release_mod(ddi_modhandle_t hdl) 753 { 754 (void) ddi_modclose(hdl); 755 } 756 757 /* 758 * Check if the result is already set. Setting the result more than 759 * once is a bug in the test. This check catches the bug and produces 760 * an error result with a message indicating the line number of the 761 * original result which was overwritten. It replaces 'ktc_res_line' 762 * with the line number of the overwriting result. 763 * 764 * Return true when an existing result was found. 765 */ 766 static boolean_t 767 ktest_result_check(ktest_ctx_t *ctx, int line) 768 { 769 if (ctx->ktc_res->kr_type != KTEST_RESULT_NONE) { 770 char *msg = ctx->ktc_res->kr_msg; 771 int first_line = ctx->ktc_res->kr_line; 772 773 ctx->ktc_res->kr_type = KTEST_RESULT_ERROR; 774 ctx->ktc_res->kr_line = line; 775 776 /* We know the string is within max length. */ 777 (void) snprintf(msg, KTEST_MAX_LOG_LEN, "multiple results: " 778 "prev result at line %d", first_line); 779 780 return (B_TRUE); 781 } 782 783 return (B_FALSE); 784 } 785 786 /* 787 * Set result if and only if one has not already been set. Return true 788 * if the result was set. Return false if it was already set. 789 */ 790 static boolean_t 791 ktest_set_result(ktest_ctx_hdl_t *hdl, ktest_result_type_t rt, int line) 792 { 793 ktest_ctx_t *ctx = (ktest_ctx_t *)hdl; 794 795 /* Overwriting a previous result is not allowed. */ 796 if (ktest_result_check(ctx, line)) { 797 return (B_FALSE); 798 } 799 800 ctx->ktc_res->kr_type = rt; 801 ctx->ktc_res->kr_line = line; 802 return (B_TRUE); 803 } 804 805 static void 806 ktest_set_msg(ktest_ctx_hdl_t *hdl, const char *format, va_list args) 807 { 808 ktest_ctx_t *ctx = (ktest_ctx_t *)hdl; 809 char *msg = ctx->ktc_res->kr_msg; 810 size_t written = 0; 811 812 written = vsnprintf(msg, KTEST_MAX_LOG_LEN, format, args); 813 814 /* Subtract one to account for the implicit NULL byte. */ 815 if (written > (KTEST_MAX_LOG_LEN - 1)) { 816 const ktest_test_t *test = ctx->ktc_test; 817 ktest_suite_t *suite = test->kt_suite; 818 ktest_module_t *mod = suite->ks_module; 819 820 cmn_err(CE_NOTE, "result message truncated: %s:%s:%s [%d]", 821 mod->km_name, suite->ks_name, test->kt_name, 822 ctx->ktc_res->kr_line); 823 } 824 } 825 826 void 827 ktest_result_skip(ktest_ctx_hdl_t *hdl, int line, const char *format, ...) 828 { 829 if (ktest_set_result(hdl, KTEST_RESULT_SKIP, line)) { 830 va_list adx; 831 832 va_start(adx, format); 833 ktest_set_msg(hdl, format, adx); 834 va_end(adx); 835 } 836 } 837 838 void 839 ktest_result_fail(ktest_ctx_hdl_t *hdl, int line, const char *format, ...) 840 { 841 if (ktest_set_result(hdl, KTEST_RESULT_FAIL, line)) { 842 va_list adx; 843 844 va_start(adx, format); 845 ktest_set_msg(hdl, format, adx); 846 va_end(adx); 847 } 848 } 849 850 void 851 ktest_result_error(ktest_ctx_hdl_t *hdl, int line, const char *format, ...) 852 { 853 if (ktest_set_result(hdl, KTEST_RESULT_ERROR, line)) { 854 va_list adx; 855 856 va_start(adx, format); 857 ktest_set_msg(hdl, format, adx); 858 va_end(adx); 859 } 860 } 861 862 void 863 ktest_result_pass(ktest_ctx_hdl_t *hdl, int line) 864 { 865 (void) ktest_set_result(hdl, KTEST_RESULT_PASS, line); 866 } 867 868 /* 869 * Clear the prepend message, undoing any message set by ktest_msg_prepend(). 870 * 871 * See ktest_msg_clear(9F). 872 */ 873 void 874 ktest_msg_clear(ktest_ctx_hdl_t *hdl) 875 { 876 ktest_ctx_t *ctx = (ktest_ctx_t *)hdl; 877 ctx->ktc_res->kr_msg_prepend[0] = '\0'; 878 } 879 880 /* 881 * Prepend formatted text to the result message. This is useful in 882 * cases where the KT_ASSERT macro's generated message doesn't convey 883 * enough context to determine the precise cause of the failure. By 884 * prepending the formatted text you can add additional context while 885 * still using the KT_ASSERT macros (and not having to reimplement 886 * them yourself). This overwrites any existing prepend text. 887 * 888 * See ktest_msg_prepend(9F). 889 */ 890 void 891 ktest_msg_prepend(ktest_ctx_hdl_t *hdl, const char *format, ...) 892 { 893 ktest_ctx_t *ctx = (ktest_ctx_t *)hdl; 894 char *msg = ctx->ktc_res->kr_msg_prepend; 895 size_t written; 896 va_list adx; 897 898 va_start(adx, format); 899 written = vsnprintf(msg, KTEST_MAX_LOG_LEN, format, adx); 900 /* Subtract one to account for the implicit NULL byte. */ 901 if (written > (KTEST_MAX_LOG_LEN - 1)) { 902 const ktest_test_t *test = ctx->ktc_test; 903 ktest_suite_t *suite = test->kt_suite; 904 ktest_module_t *mod = suite->ks_module; 905 906 cmn_err(CE_NOTE, "prepend message truncated: %s:%s:%s", 907 mod->km_name, suite->ks_name, test->kt_name); 908 } 909 va_end(adx); 910 } 911 912 /* 913 * Each `{:}` represents an nvpair, each `[,]` represents an nvlist. 914 * 915 * Test nvlist 916 * ----------- 917 * 918 * [{"name":"<test_name>"}, 919 * {"input_required":boolean_t}] 920 * 921 * Tests nvlist 922 * ------------ 923 * 924 * [{"test1":<test1_nvlist>}, 925 * {"test2":<test2_nvlist>"}, 926 * ...] 927 * 928 * Suite nvlist 929 * ------------ 930 * 931 * [{"name":"<ks->ks_name>"}, 932 * {"tests":<tests_nvlist>}] 933 * 934 * Suites nvlist 935 * ------------- 936 * 937 * [{"suite1":<suite1_nvlist>}, 938 * {"suite2":<suite2_nvlist>}, 939 * ...] 940 * 941 * Module nvlist 942 * ------------- 943 * 944 * [{"name":"<km->km_name>"}, 945 * {"suites":<suites_nvlist>}] 946 * 947 * Modules nvlist 948 * -------------- 949 * 950 * [{"ser_fmt_version":1}, 951 * {"module1":<module1_nvlist>}, 952 * {"module2":<module2_nvlist>}, 953 * ...] 954 * 955 */ 956 int 957 ktest_list_tests(ktest_list_op_t *klo, int mode) 958 { 959 nvlist_t *modules = fnvlist_alloc(); 960 char *buf = NULL; 961 size_t len = 0; 962 int ret = 0; 963 964 /* 965 * The first thing we add is a uint64_t ser_fmt_version field. 966 * This field allows any consumer of this nvlist (namely the 967 * ktest cmd) to know which serialization format it is in. 968 * Specifically, the format version tells the consumer which 969 * fields to expect and how they are laid out. Given that the 970 * ktest kernel facility and its user command are delivered in 971 * gate, this should never be needed. However, including a 972 * versioned format now keeps the future flexible, and costs 973 * us little. 974 */ 975 fnvlist_add_uint64(modules, "ser_fmt_version", KTEST_SER_FMT_VSN); 976 mutex_enter(&ktest_lock); 977 978 for (ktest_module_t *km = list_head(&ktest_modules); 979 km != NULL; 980 km = list_next(&ktest_modules, km)) { 981 nvlist_t *module = fnvlist_alloc(); 982 nvlist_t *suites = fnvlist_alloc(); 983 984 for (ktest_suite_t *ks = list_head(&km->km_suites); 985 ks != NULL; 986 ks = list_next(&km->km_suites, ks)) { 987 nvlist_t *suite = fnvlist_alloc(); 988 nvlist_t *tests = fnvlist_alloc(); 989 990 for (ktest_test_t *kt = list_head(&ks->ks_tests); 991 kt != NULL; 992 kt = list_next(&ks->ks_tests, kt)) { 993 nvlist_t *test = fnvlist_alloc(); 994 995 fnvlist_add_string(test, KTEST_NAME_KEY, 996 kt->kt_name); 997 fnvlist_add_boolean_value(test, 998 KTEST_TEST_INPUT_KEY, 999 kt->kt_requires_input); 1000 fnvlist_add_nvlist(tests, kt->kt_name, test); 1001 nvlist_free(test); 1002 } 1003 1004 if (nvlist_empty(tests)) { 1005 nvlist_free(tests); 1006 nvlist_free(suite); 1007 continue; 1008 } 1009 1010 fnvlist_add_string(suite, KTEST_NAME_KEY, ks->ks_name); 1011 fnvlist_add_nvlist(suite, KTEST_SUITE_TESTS_KEY, tests); 1012 fnvlist_add_nvlist(suites, ks->ks_name, suite); 1013 nvlist_free(tests); 1014 nvlist_free(suite); 1015 } 1016 1017 if (nvlist_empty(suites)) { 1018 nvlist_free(suites); 1019 nvlist_free(module); 1020 continue; 1021 } 1022 1023 fnvlist_add_string(module, KTEST_NAME_KEY, km->km_name); 1024 fnvlist_add_nvlist(module, KTEST_MODULE_SUITES_KEY, suites); 1025 fnvlist_add_nvlist(modules, km->km_name, module); 1026 nvlist_free(suites); 1027 nvlist_free(module); 1028 } 1029 1030 mutex_exit(&ktest_lock); 1031 buf = fnvlist_pack(modules, &len); 1032 1033 /* 1034 * The userspace response buffer is not large enough. Fill in 1035 * the amount needed and return ENOBUFS so that the command 1036 * may retry. 1037 */ 1038 if (klo->klo_resp_len < len) { 1039 klo->klo_resp_len = len; 1040 nvlist_free(modules); 1041 ret = ENOBUFS; 1042 goto out; 1043 } 1044 1045 klo->klo_resp_len = len; 1046 1047 if (ddi_copyout(buf, klo->klo_resp, len, mode) != 0) { 1048 ret = EFAULT; 1049 goto out; 1050 } 1051 1052 out: 1053 nvlist_free(modules); 1054 kmem_free(buf, len); 1055 return (ret); 1056 } 1057 1058 static void 1059 ktest_run_test(const ktest_test_t *kt, uchar_t *input, uint64_t input_len, 1060 ktest_result_t *res) 1061 { 1062 ktest_ctx_t ctx; 1063 1064 bzero(&ctx, sizeof (ctx)); 1065 res->kr_type = KTEST_RESULT_NONE; 1066 ctx.ktc_test = kt; 1067 ctx.ktc_res = res; 1068 ctx.ktc_input = input; 1069 ctx.ktc_input_len = input_len; 1070 kt->kt_fn((ktest_ctx_hdl_t *)&ctx); 1071 } 1072 1073 static int 1074 ktest_getinfo(dev_info_t *dip, ddi_info_cmd_t cmd, void *arg, void **resultp) 1075 { 1076 switch (cmd) { 1077 case DDI_INFO_DEVT2DEVINFO: 1078 *resultp = ktest_dip; 1079 break; 1080 case DDI_INFO_DEVT2INSTANCE: 1081 *resultp = (void *)0; 1082 break; 1083 default: 1084 return (DDI_FAILURE); 1085 } 1086 1087 return (DDI_SUCCESS); 1088 } 1089 1090 static int 1091 ktest_attach(dev_info_t *dip, ddi_attach_cmd_t cmd) 1092 { 1093 if (cmd != DDI_ATTACH) { 1094 return (DDI_FAILURE); 1095 } 1096 1097 if (ddi_create_minor_node(dip, "ktest", S_IFCHR, KTEST_CTL_MINOR, 1098 DDI_PSEUDO, 0) != DDI_SUCCESS) { 1099 return (DDI_FAILURE); 1100 } 1101 1102 ktest_dip = dip; 1103 ddi_report_dev(dip); 1104 return (DDI_SUCCESS); 1105 } 1106 1107 static int 1108 ktest_detach(dev_info_t *dip, ddi_detach_cmd_t cmd) 1109 { 1110 if (cmd != DDI_DETACH) { 1111 return (DDI_FAILURE); 1112 } 1113 1114 ddi_remove_minor_node(dip, NULL); 1115 ktest_dip = NULL; 1116 return (DDI_SUCCESS); 1117 } 1118 1119 static int 1120 ktest_open(dev_t *devp, int flag, int otype, cred_t *credp) 1121 { 1122 if (otype != OTYP_CHR) { 1123 return (EINVAL); 1124 } 1125 1126 /* Make sure attach(9E) has completed. */ 1127 if (ktest_dip == NULL) { 1128 return (ENXIO); 1129 } 1130 1131 if (getminor(*devp) != KTEST_CTL_MINOR) { 1132 return (ENXIO); 1133 } 1134 1135 if (flag & FWRITE) { 1136 return (EACCES); 1137 } 1138 1139 if (flag & FEXCL) { 1140 return (ENOTSUP); 1141 } 1142 1143 /* 1144 * Access to the ktest facility requires the utmost respect: 1145 * test modules have full access to the kernel address space 1146 * and the user executing ktest can pipe in any arbitrary 1147 * stream of bytes to any test which takes an input stream. 1148 * Given this liability, and the fact the test facility should 1149 * mostly be used for development quality assurance or 1150 * production pre-flight checklists or healthchecks, it makes 1151 * sense to restrict the loading, listing, and execution of 1152 * tests to those with the highest of privilege: the root 1153 * role/user in the Global Zone. 1154 */ 1155 if (drv_priv(credp) != 0 || crgetzoneid(credp) != GLOBAL_ZONEID) { 1156 return (EPERM); 1157 } 1158 1159 return (0); 1160 } 1161 1162 static int 1163 ktest_close(dev_t dev, int flags, int otype, cred_t *credp) 1164 { 1165 return (0); 1166 } 1167 1168 static int 1169 ktest_ioctl_run_test(intptr_t arg, int mode) 1170 { 1171 int ret = 0; 1172 ktest_run_op_t kro; 1173 uchar_t *input_bytes = NULL; 1174 ktest_test_t *kt = NULL; 1175 1176 bzero(&kro, sizeof (kro)); 1177 if (ddi_copyin((void *)arg, &kro, sizeof (kro), mode) != 0) { 1178 return (EFAULT); 1179 } 1180 1181 if (kro.kro_input_len > KTEST_IOCTL_MAX_LEN) { 1182 return (EINVAL); 1183 } 1184 1185 /* 1186 * If there is input, copy it into KAS. 1187 */ 1188 if (kro.kro_input_len > 0) { 1189 input_bytes = kmem_zalloc(kro.kro_input_len, KM_SLEEP); 1190 ret = ddi_copyin((void *)kro.kro_input_bytes, input_bytes, 1191 kro.kro_input_len, mode); 1192 1193 if (ret != 0) { 1194 ret = EFAULT; 1195 goto done; 1196 } 1197 } 1198 1199 mutex_enter(&ktest_lock); 1200 kt = ktest_get_test(kro.kro_module, kro.kro_suite, kro.kro_test); 1201 1202 /* 1203 * We failed to find a matching test. The ktest command should 1204 * always send down a valid fully-qualified triple; but it's 1205 * good hygiene to check for this case. 1206 */ 1207 if (kt == NULL) { 1208 ret = ENOENT; 1209 goto done; 1210 } 1211 1212 /* 1213 * The test requires input but none was provided. The ktest 1214 * command should not send down such a request; but it's good 1215 * hygiene to check for it. 1216 */ 1217 if (kt->kt_requires_input && kro.kro_input_len == 0) { 1218 ret = EINVAL; 1219 goto done; 1220 } 1221 1222 ktest_run_test(kt, input_bytes, kro.kro_input_len, &kro.kro_result); 1223 1224 done: 1225 mutex_exit(&ktest_lock); 1226 kmem_free(input_bytes, kro.kro_input_len); 1227 1228 if (ret == 0 && 1229 ddi_copyout(&kro, (void *)arg, sizeof (kro), mode) != 0) { 1230 ret = EFAULT; 1231 } 1232 1233 return (ret); 1234 } 1235 1236 static int 1237 ktest_ioctl_list_tests(intptr_t arg, int mode) 1238 { 1239 int ret = 0; 1240 ktest_list_op_t klo; 1241 1242 bzero(&klo, sizeof (klo)); 1243 if (ddi_copyin((void *)arg, &klo, sizeof (klo), mode) != 0) { 1244 return (EFAULT); 1245 } 1246 1247 if ((ret = ktest_list_tests(&klo, mode)) == 0) { 1248 if (ddi_copyout(&klo, (void *)arg, sizeof (klo), mode) != 0) { 1249 return (EFAULT); 1250 } 1251 } 1252 1253 return (ret); 1254 } 1255 1256 static int 1257 ktest_ioctl(dev_t dev, int cmd, intptr_t arg, int mode, cred_t *credp, 1258 int *rvalp) 1259 { 1260 int ret = 0; 1261 1262 /* 1263 * We make two assumptions: 1264 * 1265 * 1. That only the ktest command interacts with the ktest driver. 1266 * 1267 * 2. The the ktest command is 64-bit. 1268 */ 1269 if (ddi_model_convert_from(mode) != DDI_MODEL_NONE) { 1270 return (ENOSYS); 1271 } 1272 1273 switch (cmd) { 1274 case KTEST_IOCTL_RUN_TEST: 1275 ret = ktest_ioctl_run_test(arg, mode); 1276 break; 1277 1278 case KTEST_IOCTL_LIST_TESTS: 1279 ret = ktest_ioctl_list_tests(arg, mode); 1280 break; 1281 1282 default: 1283 ret = EINVAL; 1284 break; 1285 } 1286 1287 return (ret); 1288 } 1289 1290 static struct cb_ops ktest_cb_ops = { 1291 .cb_open = ktest_open, 1292 .cb_close = ktest_close, 1293 .cb_strategy = nodev, 1294 .cb_print = nodev, 1295 .cb_dump = nodev, 1296 .cb_read = nodev, 1297 .cb_write = nodev, 1298 .cb_ioctl = ktest_ioctl, 1299 .cb_devmap = nodev, 1300 .cb_mmap = nodev, 1301 .cb_segmap = nodev, 1302 .cb_chpoll = nochpoll, 1303 .cb_prop_op = ddi_prop_op, 1304 .cb_flag = D_MP | D_64BIT, 1305 .cb_rev = CB_REV, 1306 .cb_aread = nodev, 1307 .cb_awrite = nodev, 1308 .cb_str = NULL 1309 }; 1310 1311 static struct dev_ops ktest_dev_ops = { 1312 .devo_rev = DEVO_REV, 1313 .devo_refcnt = 0, 1314 .devo_getinfo = ktest_getinfo, 1315 .devo_identify = nulldev, 1316 .devo_probe = nulldev, 1317 .devo_attach = ktest_attach, 1318 .devo_detach = ktest_detach, 1319 .devo_reset = nodev, 1320 .devo_power = NULL, 1321 .devo_quiesce = ddi_quiesce_not_supported, 1322 .devo_cb_ops = &ktest_cb_ops, 1323 .devo_bus_ops = NULL 1324 }; 1325 1326 static struct modldrv ktest_modldrv = { 1327 .drv_modops = &mod_driverops, 1328 .drv_linkinfo = "Kernel Test Driver v1", 1329 .drv_dev_ops = &ktest_dev_ops 1330 }; 1331 1332 static struct modlinkage ktest_modlinkage = { 1333 .ml_rev = MODREV_1, 1334 .ml_linkage = { &ktest_modldrv, NULL } 1335 }; 1336 1337 static void 1338 ktest_fini() 1339 { 1340 ktest_unregister_all(); 1341 list_destroy(&ktest_modules); 1342 mutex_destroy(&ktest_lock); 1343 } 1344 1345 /* 1346 * This is a pseudo device driver with a single instance, therefore 1347 * all state is allocated/freed during init/fini. We delay the 1348 * creation of the taskq until attach, since tests cannot be executed 1349 * until the driver is attached. 1350 */ 1351 int 1352 _init(void) 1353 { 1354 int ret; 1355 1356 mutex_init(&ktest_lock, NULL, MUTEX_DRIVER, NULL); 1357 list_create(&ktest_modules, sizeof (ktest_module_t), 1358 offsetof(ktest_module_t, km_node)); 1359 ret = mod_install(&ktest_modlinkage); 1360 1361 if (ret != DDI_SUCCESS) { 1362 ktest_fini(); 1363 } 1364 1365 return (ret); 1366 } 1367 1368 int 1369 _fini(void) 1370 { 1371 int ret = mod_remove(&ktest_modlinkage); 1372 1373 if (ret == DDI_SUCCESS) { 1374 ktest_fini(); 1375 } 1376 1377 return (ret); 1378 } 1379 1380 int 1381 _info(struct modinfo *modinfop) 1382 { 1383 return (mod_info(&ktest_modlinkage, modinfop)); 1384 } 1385