summaryrefslogtreecommitdiff
path: root/tools
AgeCommit message (Collapse)Author
2026-04-02perf trace: Fix potential u64 underflow in duration calculationMichael Petlan
Although it happens very rarely, in case of out-of-order events (i.e. due to CPU migration when a syscall is executed), the calculation of event duration might underflow and thus a bogus value is printed: 2.804 ( 0.001 ms): :49553/49553 rt_sigaction(sig: QUIT, act: 0x7fff403ed6e0, oact: 0x7fff403ed780, sigsetsize: 8) = 0 2.807 ( 0.001 ms): :49553/49553 rt_sigaction(sig: CHLD, act: 0x7fff403ed6e0, oact: 0x7fff403ed780, sigsetsize: 8) = 0 2.815 (18446744073709.438 ms): :49553/49553 execve(filename: 0xbb173a30, argv: 0x55aabb171930, envp: 0x55aabb171120) = 0 2.815 ( 0.534 ms): pwd/49553 ... [continued]: execve()) = 0 Check for possible underflow first and in case of a bogus value, do not print it. 2.804 ( 0.001 ms): :49553/49553 rt_sigaction(sig: QUIT, act: 0x7fff403ed6e0, oact: 0x7fff403ed780, sigsetsize: 8) = 0 2.807 ( 0.001 ms): :49553/49553 rt_sigaction(sig: CHLD, act: 0x7fff403ed6e0, oact: 0x7fff403ed780, sigsetsize: 8) = 0 2.815 ( ): :49553/49553 execve(filename: 0xbb173a30, argv: 0x55aabb171930, envp: 0x55aabb171120) = 0 2.815 ( 0.534 ms): pwd/49553 ... [continued]: execve()) = 0 Signed-off-by: Michael Petlan <mpetlan@redhat.com> Reviewed-by: Ian Rogers <irogers@google.com> Signed-off-by: Namhyung Kim <namhyung@kernel.org>
2026-04-02selftests/bpf: Remove invariant violation flagsPaul Chaignon
With the changes to the verifier in previous commits, we're not expecting any invariant violations anymore. We should therefore always enable BPF_F_TEST_REG_INVARIANTS to fail on invariant violations. Turns out that's already the case and we've been explicitly setting this flag in selftests when it wasn't necessary. This commit removes those flags from selftests, which should hopefully make clearer that it's always enabled. Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com> Acked-by: Mykyta Yatsenko <yatsenko@meta.com> Link: https://lore.kernel.org/r/9afce92510a7d44569dc3af63c9b8c608e69298a.1775142354.git.paul.chaignon@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2026-04-02selftests/bpf: Cover invariant violation case from syzbotPaul Chaignon
This patch adds a selftest for the change in the previous patch. The selftest is derived from a syzbot reproducer from [1] (among the 22 reproducers on that page, only 4 still reproduced on latest bpf tree, all being small variants of the same invariant violation). The test case failure without the previous patch is shown below. 0: R1=ctx() R10=fp0 0: (85) call bpf_get_prandom_u32#7 ; R0=scalar() 1: (bf) r5 = r0 ; R0=scalar(id=1) R5=scalar(id=1) 2: (57) r5 &= -4 ; R5=scalar(smax=0x7ffffffffffffffc,umax=0xfffffffffffffffc,smax32=0x7ffffffc,umax32=0xfffffffc,var_off=(0x0; 0xfffffffffffffffc)) 3: (bf) r7 = r0 ; R0=scalar(id=1) R7=scalar(id=1) 4: (57) r7 &= 1 ; R7=scalar(smin=smin32=0,smax=umax=smax32=umax32=1,var_off=(0x0; 0x1)) 5: (07) r7 += -43 ; R7=scalar(smin=smin32=-43,smax=smax32=-42,umin=0xffffffffffffffd5,umax=0xffffffffffffffd6,umin32=0xffffffd5,umax32=0xffffffd6,var_off=(0xffffffffffffffd4; 0x3)) 6: (5e) if w5 != w7 goto pc+1 verifier bug: REG INVARIANTS VIOLATION (false_reg1): range bounds violation u64=[0xffffffd5, 0xffffffffffffffd4] s64=[0x80000000ffffffd5, 0x7fffffffffffffd4] u32=[0xffffffd5, 0xffffffd4] s32=[0xffffffd5, 0xffffffd4] var_off=(0xffffffd4, 0xffffffff00000000) R5 and R7 are prepared such that their tnums intersection results in a known constant but that constant isn't within R7's u32 bounds. is_branch_taken isn't able to detect this case today, so the verifier walks the impossible fallthrough branch. After regs_refine_cond_op and reg_bounds_sync refine R5 on the assumption that the branch is taken, the impossibility becomes apparent and results in an invariant violation for R5: umin32 is greater than umax32. The previous patch fixes this by using regs_refine_cond_op and reg_bounds_sync in is_branch_taken to detect the impossible branch. The fallthrough branch is therefore correctly detected as dead code. Link: https://syzkaller.appspot.com/bug?extid=c950cc277150935cc0b5 [1] Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com> Acked-by: Mykyta Yatsenko <yatsenko@meta.com> Link: https://lore.kernel.org/r/b1e22233a3206ead522f02eda27b9c5c991a0de9.1775142354.git.paul.chaignon@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2026-04-02perf header: Validate build_id filename length to prevent buffer overflowSeungJu Cheon
The build_id parsing functions calculate a filename length from the event header size and read directly into a stack buffer of PATH_MAX bytes without bounds checking. A malformed perf.data file with a crafted header.size can cause the length to be negative or exceed PATH_MAX, resulting in a stack buffer overflow. Add bounds checking for the filename length in both perf_header__read_build_ids() and the ABI quirk variant. Print a warning message when invalid length is detected. Signed-off-by: SeungJu Cheon <suunj1331@gmail.com> Reviewed-by: Ian Rogers <irogers@google.com> Signed-off-by: Namhyung Kim <namhyung@kernel.org>
2026-04-02perf metricgroup: Refine error logsLeo Yan
Return -ENOENT when no metric/group matches, and directly use the return value from expr__find_ids(), so -EINVAL is reserved for parse failures. Print separate logs to make it clear. Before: perf stat -C 5 -vvv Using CPUID 0x00000000410fd490 metric expr 100 * (STALL_SLOT_BACKEND / (CPU_CYCLES * #slots) - BR_MIS_PRED * 3 / CPU_CYCLES) for backend_bound parsing metric: 100 * (STALL_SLOT_BACKEND / (CPU_CYCLES * #slots) - BR_MIS_PRED * 3 / CPU_CYCLES) Failure to read '#slots' literal: #slots = nan syntax error Cannot find metric or group `Default' After: perf stat -C 5 -vvv Using CPUID 0x00000000410fd490 metric expr 100 * (STALL_SLOT_BACKEND / (CPU_CYCLES * #slots) - BR_MIS_PRED * 3 / CPU_CYCLES) for backend_bound parsing metric: 100 * (STALL_SLOT_BACKEND / (CPU_CYCLES * #slots) - BR_MIS_PRED * 3 / CPU_CYCLES) Failure to read '#slots' literal: #slots = nan syntax error Fail to parse metric or group `Default' Signed-off-by: Leo Yan <leo.yan@arm.com> Reviewed-by: Ian Rogers <irogers@google.com> Signed-off-by: Namhyung Kim <namhyung@kernel.org>
2026-04-02perf expr: Add '\n' in literal parse errorsLeo Yan
Add a trailing newline for logs. Before: perf stat -C 5 Failure to read '#slots'Cannot find metric or group `Default' After: perf stat -C 5 Failure to read '#slots' Cannot find metric or group `Default' Signed-off-by: Leo Yan <leo.yan@arm.com> Reviewed-by: Ian Rogers <irogers@google.com> Signed-off-by: Namhyung Kim <namhyung@kernel.org>
2026-04-02perf expr: Return -EINVAL for syntax error in expr__find_ids()Leo Yan
expr__find_ids() propagates the parser return value directly. For syntax errors, the parser can return a positive value, but callers treat it as success, e.g., for below case on Arm64 platform: metric expr 100 * (STALL_SLOT_BACKEND / (CPU_CYCLES * #slots) - BR_MIS_PRED * 3 / CPU_CYCLES) for backend_bound parsing metric: 100 * (STALL_SLOT_BACKEND / (CPU_CYCLES * #slots) - BR_MIS_PRED * 3 / CPU_CYCLES) Failure to read '#slots' literal: #slots = nan syntax error Convert positive parser returns in expr__find_ids() to -EINVAL, as a result, the error value will be respected by callers. Before: perf stat -C 5 Failure to read '#slots'Failure to read '#slots'Failure to read '#slots'Failure to read '#slots'Segmentation fault After: perf stat -C 5 Failure to read '#slots'Cannot find metric or group `Default' Fixes: ded80bda8bc9 ("perf expr: Migrate expr ids table to a hashmap") Signed-off-by: Leo Yan <leo.yan@arm.com> Reviewed-by: Ian Rogers <irogers@google.com> Signed-off-by: Namhyung Kim <namhyung@kernel.org>
2026-04-02selftests/bpf: Improve task local data documentation and fix potential ↵Amery Hung
memory leak If TLD_FREE_DATA_ON_THREAD_EXIT is not enabled in a translation unit that calls __tld_create_key() first, another translation unit that enables it will not get the auto cleanup feature as pthread key is only created once when allocation metadata. Fix it by always try to create the pthread key when __tld_create_key() is called. Also improve the documentation: - Discourage user from using different options in different translation units - Specify calling tld_free() before thread exit as undefined behavior Signed-off-by: Amery Hung <ameryhung@gmail.com> Link: https://lore.kernel.org/r/20260331213555.1993883-6-ameryhung@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2026-04-02selftests/bpf: Remove TLD_READ_ONCE() in the user space headerAmery Hung
TLD_READ_ONCE() is redundant as the only reference passed to it is defined as _Atomic. The load is guaranteed to be atomic in C11 standard (6.2.6.1). Drop the macro. Signed-off-by: Amery Hung <ameryhung@gmail.com> Acked-by: Sun Jian <sun.jian.kdev@gmail.com> Link: https://lore.kernel.org/r/20260331213555.1993883-5-ameryhung@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2026-04-02selftests/bpf: Make sure TLD_DEFINE_KEY runs firstAmery Hung
Without specifying constructor priority of the hidden constructor function defined by TLD_DEFINE_KEY, __tld_create_key(..., dyn_data = false) may run after tld_get_data() called from other constructors. Threads calling tld_get_data() before __tld_create_key(..., dyn_data = false) will not allocate enough memory for all TLDs and later result in OOB access. Therefore, set it to the lowest value available to users. Note that lower means higher priority and 0-100 is reserved to the compiler. Acked-by: Mykyta Yatsenko <yatsenko@meta.com> Signed-off-by: Amery Hung <ameryhung@gmail.com> Acked-by: Sun Jian <sun.jian.kdev@gmail.com> Link: https://lore.kernel.org/r/20260331213555.1993883-4-ameryhung@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2026-04-02selftests/bpf: Simplify task_local_data memory allocationAmery Hung
Simplify data allocation by always using aligned_alloc() and passing size_pot, size rounded up to the closest power of two to alignment. Currently, aligned_alloc(page_size, size) is only intended to be used with memory allocators that can fulfill the request without rounding size up to page_size to conserve memory. This is enabled by defining TLD_DATA_USE_ALIGNED_ALLOC. The reason to align to page_size is due to the limitation of UPTR where only a page can be pinned to the kernel. Otherwise, malloc(size * 2) is used to allocate memory for data. However, we don't need to call aligned_alloc(page_size, size) to get a contiguous memory of size bytes within a page. aligned_alloc(size_pot, ...) will also do the trick. Therefore, just use aligned_alloc(size_pot, ...) universally. As for the size argument, create a new option, TLD_DONT_ROUND_UP_DATA_SIZE, to specify not rounding up the size. This preserves the current TLD_DATA_USE_ALIGNED_ALLOC behavior, allowing memory allocators with low overhead aligned_alloc() to not waste memory. To enable this, users need to make sure it is not an undefined behavior for the memory allocator to have size not being an integral multiple of alignment. Compared to the current implementation, !TLD_DATA_USE_ALIGNED_ALLOC used to always waste size-byte of memory due to malloc(size * 2). Now the worst case becomes size - 1 and the best case is 0 when the size is already a power of two. Signed-off-by: Amery Hung <ameryhung@gmail.com> Link: https://lore.kernel.org/r/20260331213555.1993883-3-ameryhung@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2026-04-02selftests/bpf: Fix task_local_data data allocation sizeAmery Hung
Currently, when allocating memory for data, size of tld_data_u->start is not taken into account. This may cause OOB access. Fixed it by adding the non-flexible array part of tld_data_u. Besides, explicitly align tld_data_u->data to 8 bytes in case some fields are added before data in the future. It could break the assumption that every data field is 8 byte aligned and sizeof(tld_data_u) will no longer be equal to offsetof(struct tld_data_u, data), which we use interchangeably. Signed-off-by: Amery Hung <ameryhung@gmail.com> Acked-by: Sun Jian <sun.jian.kdev@gmail.com> Link: https://lore.kernel.org/r/20260331213555.1993883-2-ameryhung@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2026-04-02selftests/bpf: Add test for raw-address single kprobe attachHoyeon Lee
Currently, attach_probe covers manual single-kprobe attaches by func_name, but not the raw-address form that the PMU-based single-kprobe path can accept. This commit adds PERF and LINK raw-address coverage. It resolves SYS_NANOSLEEP_KPROBE_NAME through kallsyms, passes the absolute address in bpf_kprobe_opts.offset with func_name = NULL, and verifies that kprobe and kretprobe are still triggered. It also verifies that LEGACY rejects the same form. Signed-off-by: Hoyeon Lee <hoyeon.lee@suse.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Acked-by: Jiri Olsa <jolsa@kernel.org> Link: https://lore.kernel.org/bpf/20260401143116.185049-4-hoyeon.lee@suse.com
2026-04-02libbpf: Clarify raw-address single kprobe attach behaviorHoyeon Lee
bpf_program__attach_kprobe_opts() documents single-kprobe attach through func_name, with an optional offset. For the PMU-based path, func_name = NULL with an absolute address in offset already works as well, but that is not described in the API. This commit clarifies this existing non-legacy behavior. For PMU-based attach, callers can use func_name = NULL with an absolute address in offset as the raw-address form. For legacy tracefs/debugfs kprobes, reject this form explicitly. Signed-off-by: Hoyeon Lee <hoyeon.lee@suse.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Acked-by: Jiri Olsa <jolsa@kernel.org> Link: https://lore.kernel.org/bpf/20260401143116.185049-3-hoyeon.lee@suse.com
2026-04-02libbpf: Use direct error codes for kprobe/uprobe attachHoyeon Lee
perf_event_open_probe() and perf_event_{k,u}probe_open_legacy() helpers are returning negative error codes directly on failure. This commit changes bpf_program__attach_{k,u}probe_opts() to use those return values directly instead of re-reading possibly changed errno. Signed-off-by: Hoyeon Lee <hoyeon.lee@suse.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Acked-by: Jiri Olsa <jolsa@kernel.org> Link: https://lore.kernel.org/bpf/20260401143116.185049-2-hoyeon.lee@suse.com
2026-04-02libbpf: Fix BTF handling in bpf_program__clone()Mykyta Yatsenko
Align bpf_program__clone() with bpf_object_load_prog() by gating BTF func/line info on FEAT_BTF_FUNC kernel support, and resolve caller-provided prog_btf_fd before checking obj->btf so that callers with their own BTF can use clone() even when the object has no BTF loaded. While at it, treat func_info and line_info fields as atomic groups to prevent mismatches between pointer and count from different sources. Move bpf_program__clone() to libbpf 1.8. Fixes: 970bd2dced35 ("libbpf: Introduce bpf_program__clone()") Signed-off-by: Mykyta Yatsenko <yatsenko@meta.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Link: https://lore.kernel.org/bpf/20260401151640.356419-1-mykyta.yatsenko5@gmail.com
2026-04-02perf test: Skip perf data type profiling tests for s390Thomas Richter
Test case 'perf data type profiling tests' fails on s390 with this error: # ./perf mem record -- ./perf test -w code_with_type failed: no PMU supports the memory events # echo $? 255 # because s390 does not support memory events at all. According to the man page, perf annotate --code-with-type only works with memory instructions only. As command 'perf mem record ...' is not supported on s390, skip this test for s390. Output before: # ./perf test 'perf data type profiling tests' 77: perf data type profiling tests : FAILED! Output after: # ./perf test 'perf data type profiling tests' 77: perf data type profiling tests : Skip Fixes: f60a5c22967b8 ("perf tests: Test annotate with data type profiling and rust") Signed-off-by: Thomas Richter <tmricht@linux.ibm.com> Reviewed-by: Ian Rogers <irogers@google.com> Cc: Dmitrii Dolgov <9erthalion6@gmail.com> Suggested-by: Namhyung Kim <namhyung@kernel.org> Suggested-by: Ian Rogers <irogers@google.com> Signed-off-by: Namhyung Kim <namhyung@kernel.org>
2026-04-02perf tools: prevent null dsos from being addedAnubhav Shelat
When sorting the dso array we sometimes get a crash due to null comparisons in comparator functions. So prevent __dsos__add from adding null to the dso array to avoid out-of-memory related errors. Signed-off-by: Anubhav Shelat <ashelat@redhat.com> Reviewed-by: Ian Rogers <irogers@google.com> Signed-off-by: Namhyung Kim <namhyung@kernel.org>
2026-04-02perf test: Fix ratio_to_prev event parsing testThomas Falcon
test__ratio_to_prev() assumed the first event in a group is the leader, which is not the case when the event is expanded into two event groups on hybrid PMU's with auto counter reload support. Instead, iterate over the event group generated for each core PMU. Also update "wrong leader" test to check that the subordinate event has the correct leader instead of checking that it is not the group leader. Finally, do not exit immediately if a PMU without auto counter reload support is found. Signed-off-by: Thomas Falcon <thomas.falcon@intel.com> Reviewed-by: Dapeng Mi <dapeng1.mi@linux.intel.com> Reviewed-by: Ian Rogers <irogers@google.com> Fixes: 56be0fe5f62c ("perf record: Add auto counter reload parse and regression tests") Signed-off-by: Namhyung Kim <namhyung@kernel.org>
2026-04-02perf tools: Fix module symbol resolution for non-zero .text sh_addrChuck Lever
When perf resolves symbols from kernel module ELF files (ET_REL), it converts symbol addresses to file offsets so that sample IPs can be matched to the correct symbol. The conversion adjusts each symbol's st_value: sym->st_value -= shdr->sh_addr - shdr->sh_offset; For vmlinux (ET_EXEC), st_value is a virtual address and sh_addr is the section's virtual base, so subtracting sh_addr and adding sh_offset correctly yields a file offset. For kernel modules (ET_REL), st_value is a section-relative offset. The module loader ignores sh_addr entirely and places symbols at module_base + st_value. Converting to file offset requires only adding sh_offset; subtracting sh_addr introduces an error equal to sh_addr bytes. When .text has sh_addr == 0 -- the historical norm for simple modules -- both formulas produce the same result and the bug is latent. As modules gain more metadata sections before .text (.note, .static_call.text, etc.), the linker assigns .text a non-zero sh_addr, exposing the defect. For example, nfsd.ko on this kernel has sh_addr=0xa80, kvm-intel.ko has sh_addr=0x1e90. The effect is that all .text symbols in affected modules shift by sh_addr bytes relative to sample IPs, causing perf report to attribute samples to incorrect, nearby symbols. This was observed as 13% of LLC-load-miss samples misattributed to nfsd_file_get_dio_attrs when the actual hot function was nfsd_cache_lookup, approximately 0xa80 bytes away in the symbol table. Use the existing dso__rel() flag (already set for ET_REL modules) to select the correct adjustment: add sh_offset for ET_REL, subtract (sh_addr - sh_offset) for ET_EXEC/ET_DYN. Fixes: 0131c4ec794a ("perf tools: Make it possible to read object code from kernel modules") Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Reviewed-by: Ian Rogers <irogers@google.com> Tested-by: Thomas Richter <tmricht@linux.ibm.com> Signed-off-by: Namhyung Kim <namhyung@kernel.org>
2026-04-02perf trace: Skip unnecessary synthesis for summary-only modeNamhyung Kim
It needs to synthesize task info for the comm name. The mmap information is only needed for callchain symbolization which is not used by the summary mode. Also total or cgroup summary mode don't require the task info. Let's skip the processing if possible. Reviewed-by: Ian Rogers <irogers@google.com> Signed-off-by: Namhyung Kim <namhyung@kernel.org>
2026-04-02perf stat: Fix crash on arm64Breno Leitao
Perf stat is crashing on arm64 hosts with the following issue: # make -C tools/perf DEBUG=1 # perf stat sleep 1 perf: util/evsel.c:2034: get_group_fd: Assertion `!(!leader->core.fd)' failed. [1] 1220794 IOT instruction (core dumped) ./perf stat The sorting function introduced by commit a745c0831c15c ("perf stat: Sort default events/metrics") compares events based on their individual properties. This can cause events from different groups to be interleaved, resulting in group members appearing before their leaders in the sorted evlist. When the iterator opens events in list order, a group member may be processed before its leader has been opened. For example, CPU_CYCLES (idx=32) with leader STALL_SLOT_BACKEND (idx=37) could be sorted before its leader, causing the crash when CPU_CYCLES tries to get its group fd from the not-yet-opened leader. Fix this by comparing events based on their leader's attributes instead of their own attributes when the events are in different groups. This ensures all members of a group share the same sort key as their leader, keeping groups together and guaranteeing leaders are opened before their members. Fixes: a745c0831c15c ("perf stat: Sort default events/metrics") Reported-by: Denis Yaroshevskiy <dyaroshev@meta.com> Tested-by: Dmitry Ilvokhin <d@ilvokhin.com> Tested-by: Ian Rogers <irogers@google.com> Signed-off-by: Breno Leitao <leitao@debian.org> Signed-off-by: Namhyung Kim <namhyung@kernel.org>
2026-04-02Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski
Cross-merge networking fixes after downstream PR (net-7.0-rc7). Conflicts: net/vmw_vsock/af_vsock.c b18c83388874 ("vsock: initialize child_ns_mode_locked in vsock_net_init()") 0de607dc4fd8 ("vsock: add G2H fallback for CIDs not owned by H2G transport") Adjacent changes: drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c ceee35e5674a ("bnxt_en: Refactor some basic ring setup and adjustment logic") 57cdfe0dc70b ("bnxt_en: Resize RSS contexts on channel count change") drivers/net/wireless/intel/iwlwifi/mld/mac80211.c 4d56037a02bd ("wifi: iwlwifi: mld: block EMLSR during TDLS connections") 687a95d204e7 ("wifi: iwlwifi: mld: correctly set wifi generation data") drivers/net/wireless/intel/iwlwifi/mld/scan.h b6045c899e37 ("wifi: iwlwifi: mld: Refactor scan command handling") ec66ec6a5a8f ("wifi: iwlwifi: mld: Fix MLO scan timing") drivers/net/wireless/intel/iwlwifi/mvm/fw.c 078df640ef05 ("wifi: iwlwifi: mld: add support for iwl_mcc_allowed_ap_type_cmd v 2") 323156c3541e ("wifi: iwlwifi: mvm: don't send a 6E related command when not supported") Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-04-02selftests/bpf: Add more precision tracking tests for atomicsDaniel Borkmann
Add verifier precision tracking tests for BPF atomic fetch operations. Validate that backtrack_insn correctly propagates precision from the fetch dst_reg to the stack slot for {fetch_add,xchg,cmpxchg} atomics. For the first two src_reg gets the old memory value, and for the last one r0. The fetched register is used for pointer arithmetic to trigger backtracking. Also add coverage for fetch_{or,and,xor} flavors which exercises the bitwise atomic fetch variants going through the same insn->imm & BPF_FETCH check but with different imm values. Add dual-precision regression tests for fetch_add and cmpxchg where both the fetched value and a reread of the same stack slot are tracked for precision. After the atomic operation, the stack slot is STACK_MISC, so the ldx does not set INSN_F_STACK_ACCESS. These tests verify that stack precision propagates solely through the atomic fetch's load side. Add map-based tests for fetch_add and cmpxchg which validate that non- stack atomic fetch completes precision tracking without falling back to mark_all_scalars_precise. Lastly, add 32-bit variants for {fetch_add, cmpxchg} on map values to cover the second valid atomic operand size. # LDLIBS=-static PKG_CONFIG='pkg-config --static' ./vmtest.sh -- ./test_progs -t verifier_precision [...] + /etc/rcS.d/S50-startup ./test_progs -t verifier_precision [ 1.697105] bpf_testmod: loading out-of-tree module taints kernel. [ 1.700220] bpf_testmod: module verification failed: signature and/or required key missing - tainting kernel [ 1.777043] tsc: Refined TSC clocksource calibration: 3407.986 MHz [ 1.777619] clocksource: tsc: mask: 0xffffffffffffffff max_cycles: 0x311fc6d7268, max_idle_ns: 440795260133 ns [ 1.778658] clocksource: Switched to clocksource tsc #633/1 verifier_precision/bpf_neg:OK #633/2 verifier_precision/bpf_end_to_le:OK #633/3 verifier_precision/bpf_end_to_be:OK #633/4 verifier_precision/bpf_end_bswap:OK #633/5 verifier_precision/bpf_load_acquire:OK #633/6 verifier_precision/bpf_store_release:OK #633/7 verifier_precision/state_loop_first_last_equal:OK #633/8 verifier_precision/bpf_cond_op_r10:OK #633/9 verifier_precision/bpf_cond_op_not_r10:OK #633/10 verifier_precision/bpf_atomic_fetch_add_precision:OK #633/11 verifier_precision/bpf_atomic_xchg_precision:OK #633/12 verifier_precision/bpf_atomic_fetch_or_precision:OK #633/13 verifier_precision/bpf_atomic_fetch_and_precision:OK #633/14 verifier_precision/bpf_atomic_fetch_xor_precision:OK #633/15 verifier_precision/bpf_atomic_cmpxchg_precision:OK #633/16 verifier_precision/bpf_atomic_fetch_add_dual_precision:OK #633/17 verifier_precision/bpf_atomic_cmpxchg_dual_precision:OK #633/18 verifier_precision/bpf_atomic_fetch_add_map_precision:OK #633/19 verifier_precision/bpf_atomic_cmpxchg_map_precision:OK #633/20 verifier_precision/bpf_atomic_fetch_add_32bit_precision:OK #633/21 verifier_precision/bpf_atomic_cmpxchg_32bit_precision:OK #633/22 verifier_precision/bpf_neg_2:OK #633/23 verifier_precision/bpf_neg_3:OK #633/24 verifier_precision/bpf_neg_4:OK #633/25 verifier_precision/bpf_neg_5:OK #633 verifier_precision:OK Summary: 1/25 PASSED, 0 SKIPPED, 0 FAILED Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Link: https://lore.kernel.org/r/20260331222020.401848-2-daniel@iogearbox.net Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2026-04-02Merge tag 'net-7.0-rc7' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net Pull networking fixes from Jakub Kicinski: "With fixes from wireless, bluetooth and netfilter included we're back to each PR carrying 30%+ more fixes than in previous era. The good news is that so far none of the "extra" fixes are themselves causing real regressions. Not sure how much comfort that is. Current release - fix to a fix: - netdevsim: fix build if SKB_EXTENSIONS=n - eth: stmmac: skip VLAN restore when VLAN hash ops are missing Previous releases - regressions: - wifi: iwlwifi: mvm: don't send a 6E related command when not supported Previous releases - always broken: - some info leak fixes - add missing clearing of skb->cb[] on ICMP paths from tunnels - ipv6: - flowlabel: defer exclusive option free until RCU teardown - avoid overflows in ip6_datagram_send_ctl() - mpls: add seqcount to protect platform_labels from OOB access - bridge: improve safety of parsing ND options - bluetooth: fix leaks, overflows and races in hci_sync - netfilter: add more input validation, some to address bugs directly some to prevent exploits from cooking up broken configurations - wifi: - ath: avoid poor performance due to stopping the wrong aggregation session - virt_wifi: remove SET_NETDEV_DEV to avoid use-after-free - eth: - fec: fix the PTP periodic output sysfs interface - enetc: safely reinitialize TX BD ring when it has unsent frames" * tag 'net-7.0-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (95 commits) eth: fbnic: Increase FBNIC_QUEUE_SIZE_MIN to 64 ipv6: avoid overflows in ip6_datagram_send_ctl() net: hsr: fix VLAN add unwind on slave errors net: hsr: serialize seq_blocks merge across nodes vsock: initialize child_ns_mode_locked in vsock_net_init() selftests/tc-testing: add tests for cls_fw and cls_flow on shared blocks net/sched: cls_flow: fix NULL pointer dereference on shared blocks net/sched: cls_fw: fix NULL pointer dereference on shared blocks net/x25: Fix overflow when accumulating packets net/x25: Fix potential double free of skb bnxt_en: Restore default stat ctxs for ULP when resource is available bnxt_en: Don't assume XDP is never enabled in bnxt_init_dflt_ring_mode() bnxt_en: Refactor some basic ring setup and adjustment logic net/mlx5: Fix switchdev mode rollback in case of failure net/mlx5: Avoid "No data available" when FW version queries fail net/mlx5: lag: Check for LAG device before creating debugfs net: macb: properly unregister fixed rate clocks net: macb: fix clk handling on PCI glue driver removal virtio_net: clamp rss_max_key_size to NETDEV_RSS_KEY_LEN net/sched: sch_netem: fix out-of-bounds access in packet corruption ...
2026-04-02selftests/bpf: Add test to verify the fix of kprobe_write_ctx abuseLeon Hwang
Add a test to verify the issue: kprobe_write_ctx can be abused to modify struct pt_regs of kernel functions via kprobe_write_ctx=true freplace progs. Without the fix, the issue is verified: kprobe_write_ctx=true freplace prog is allowed to attach to kprobe_write_ctx=false kprobe prog. Then, the first arg of bpf_fentry_test1 will be set as 0, and bpf_prog_test_run_opts() gets -EFAULT instead of 0. With the fix, the issue is rejected at attach time. Acked-by: Jiri Olsa <jolsa@kernel.org> Signed-off-by: Leon Hwang <leon.hwang@linux.dev> Link: https://lore.kernel.org/r/20260331145353.87606-3-leon.hwang@linux.dev Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2026-04-02x86/cpufeatures: Add AMD CPPC Performance Priority feature.Gautham R. Shenoy
Some future AMD processors have feature named "CPPC Performance Priority" which lets userspace specify different floor performance levels for different CPUs. The platform firmware takes these different floor performance levels into consideration while throttling the CPUs under power/thermal constraints. The presence of this feature is indicated by bit 16 of the EDX register for CPUID leaf 0x80000007. More details can be found in AMD Publication titled "AMD64 Collaborative Processor Performance Control (CPPC) Performance Priority" Revision 1.10. Define a new feature bit named X86_FEATURE_CPPC_PERF_PRIO to map to CPUID 0x80000007.EDX[16]. Reviewed-by: Borislav Petkov (AMD) <bp@alien8.de> Signed-off-by: Gautham R. Shenoy <gautham.shenoy@amd.com> Signed-off-by: Mario Limonciello (AMD) <superm1@kernel.org>
2026-04-02KVM: riscv: selftests: Implement kvm_arch_has_default_irqchipMayuresh Chitale
kvm_arch_has_default_irqchip is required for irqfd_test and returns true if an in-kernel interrupt controller is supported. Fixes: a133052666bed ("KVM: selftests: Fix irqfd_test for non-x86 architectures") Signed-off-by: Mayuresh Chitale <mayuresh.chitale@oss.qualcomm.com> Link: https://lore.kernel.org/r/20260402101818.2982071-1-mayuresh.chitale@oss.qualcomm.com Signed-off-by: Anup Patel <anup@brainfault.org>
2026-04-02tools/nolibc: explicitly list architecture headersThomas Weißschuh
Relying on $(wildcard) is brittle and non-deterministic. similar to all the other headers. Switch the list of architecture headers to an explicit list, Link: https://patch.msgid.link/20260401-nolibc-cleanup-v1-4-bcf4c9f5c1be@weissschuh.net Signed-off-by: Thomas Weißschuh <linux@weissschuh.net>
2026-04-02tools/nolibc: drop superfluous definition of QThomas Weißschuh
Q is already defined by tools/scripts/Makefile.include which is included at the top of tools/include/nolibc/Makefile. Signed-off-by: Thomas Weißschuh <linux@weissschuh.net> Link: https://patch.msgid.link/20260401-nolibc-cleanup-v1-3-bcf4c9f5c1be@weissschuh.net
2026-04-02tools/nolibc: drop superfluous invocation of mkdirThomas Weißschuh
The call to 'mkdir -p $(OUTPUT)sysroot/include' will also create the sysroot directory. Drop the unnecessary explicit invocation of mkdir. Signed-off-by: Thomas Weißschuh <linux@weissschuh.net> Link: https://patch.msgid.link/20260401-nolibc-cleanup-v1-2-bcf4c9f5c1be@weissschuh.net
2026-04-02tools/nolibc: drop superfluous invocation of 'make headers'Thomas Weißschuh
The headers_install target of the toplevel Makefile will already make sure that the headers are up-to-date. Drop the superfluous explicit invocation. Signed-off-by: Thomas Weißschuh <linux@weissschuh.net> Link: https://patch.msgid.link/20260401-nolibc-cleanup-v1-1-bcf4c9f5c1be@weissschuh.net
2026-04-02tracing: selftests: Extend hotplug testing for trace remotesVincent Donnefort
The hotplug testing only tries reading a trace remote buffer, loaded before a CPU is offline. Extend this testing to cover: * A trace remote buffer loaded after a CPU is offline. * A trace remote buffer loaded before a CPU is online. Because of these added test cases, move the hotplug testing into a separate hotplug.tc file. Acked-by: Steven Rostedt (Google) <rostedt@goodmis.org> Signed-off-by: Vincent Donnefort <vdonnefort@google.com> Link: https://patch.msgid.link/20260401045100.3394299-3-vdonnefort@google.com Signed-off-by: Marc Zyngier <maz@kernel.org>
2026-04-02selftests/tc-testing: add tests for cls_fw and cls_flow on shared blocksXiang Mei
Regression tests for the shared-block NULL derefs fixed in the previous two patches: - fw: attempt to attach an empty fw filter to a shared block and verify the configuration is rejected with EINVAL. - flow: create a flow filter on a shared block without a baseclass and verify the configuration is rejected with EINVAL. Signed-off-by: Xiang Mei <xmei5@asu.edu> Acked-by: Jamal Hadi Salim <jhs@mojatatu.com> Reviewed-by: Victor Nogueira <victor@mojatatu.com> Link: https://patch.msgid.link/20260331050217.504278-3-xmei5@asu.edu Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2026-04-02selftests: drivers: hw: add test for the ethtool standard countersIoana Ciornei
Add a new selftest - ethtool_std_stats.sh - which validates the eth-ctrl, eth-mac and pause standard statistics exported by an interface. Collision related eth-mac counters as well as the error ones will be checked against zero since that is the most likely correct scenario. The central part of this patch is the traffic_test() function which gathers the 'before' counter values, sends a batch of traffic and then interrogates again the same counters in order to determine if the delta is on target. The function receives an array through which the caller can request what counters to be interrogated and, for each of them, what is their target delta value. The output from this selftest looks as follows on a LX2160ARDB board: $ ./run_kselftest.sh -t drivers/net/hw:ethtool_std_stats.sh TAP version 13 1..1 # timeout set to 0 # selftests: drivers/net/hw: ethtool_std_stats.sh # TAP version 13 # 1..26 # ok 1 ethtool_std_stats.eth-ctrl-MACControlFramesTransmitted # ok 2 ethtool_std_stats.eth-ctrl-MACControlFramesReceived # ok 3 ethtool_std_stats.eth-mac-FrameCheckSequenceErrors # ok 4 ethtool_std_stats.eth-mac-AlignmentErrors # ok 5 ethtool_std_stats.eth-mac-FramesLostDueToIntMACXmitError # ok 6 ethtool_std_stats.eth-mac-CarrierSenseErrors # SKIP # ok 7 ethtool_std_stats.eth-mac-FramesLostDueToIntMACRcvError # ok 8 ethtool_std_stats.eth-mac-InRangeLengthErrors # SKIP # ok 9 ethtool_std_stats.eth-mac-OutOfRangeLengthField # SKIP # ok 10 ethtool_std_stats.eth-mac-FrameTooLongErrors # SKIP # ok 11 ethtool_std_stats.eth-mac-FramesAbortedDueToXSColls # SKIP # ok 12 ethtool_std_stats.eth-mac-SingleCollisionFrames # SKIP # ok 13 ethtool_std_stats.eth-mac-MultipleCollisionFrames # SKIP # ok 14 ethtool_std_stats.eth-mac-FramesWithDeferredXmissions # SKIP # ok 15 ethtool_std_stats.eth-mac-LateCollisions # SKIP # ok 16 ethtool_std_stats.eth-mac-FramesWithExcessiveDeferral # SKIP # ok 17 ethtool_std_stats.eth-mac-BroadcastFramesXmittedOK # ok 18 ethtool_std_stats.eth-mac-OctetsTransmittedOK # ok 19 ethtool_std_stats.eth-mac-BroadcastFramesReceivedOK # ok 20 ethtool_std_stats.eth-mac-OctetsReceivedOK # ok 21 ethtool_std_stats.eth-mac-FramesTransmittedOK # ok 22 ethtool_std_stats.eth-mac-MulticastFramesXmittedOK # ok 23 ethtool_std_stats.eth-mac-FramesReceivedOK # ok 24 ethtool_std_stats.eth-mac-MulticastFramesReceivedOK # ok 25 ethtool_std_stats.pause-tx_pause_frames # ok 26 ethtool_std_stats.pause-rx_pause_frames # # 10 skipped test(s) detected. Consider enabling relevant config options to improve coverage. # # Totals: pass:16 fail:0 xfail:0 xpass:0 skip:10 error:0 ok 1 selftests: drivers/net/hw: ethtool_std_stats.sh Please note that not all MACs are counting the software injected pause frames as real Tx pause. For example, on a LS1028ARDB the selftest output will reflect the fact that neither the ENETC MAC, nor the Felix switch MAC are able to detect Tx pause frames injected by software. $ ./run_kselftest.sh -t drivers/net/hw:ethtool_std_stats.sh (...) # # software sent pause frames not detected # ok 25 ethtool_std_stats.pause-tx_pause_frames # XFAIL # ok 26 ethtool_std_stats.pause-rx_pause_frames Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com> Acked-by: Petr Machata <petrm@nvidia.com> Link: https://patch.msgid.link/20260330152933.2195885-10-ioana.ciornei@nxp.com Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2026-04-02selftests: drivers: hw: update ethtool_rmon to work with a single local ↵Ioana Ciornei
interface This patch finalizes the transition to work with a single local interface for the ethtool_rmon.sh test. Each 'ip link' and 'ethtool' command used by the test is annotated with the necessary run_on in order to be executed on the necessary target system, be it local, in another network namespace or through ssh. Since we need NETIF up and running also for control traffic, we now expect that the interfaces are up and running and do not touch bring them up or down at the end of the test. This is also documented in the drivers/net/README.rst. The ethtool_rmon.sh script can still be used in the older fashion by passing two interfaces as command line arguments, the only restriction is that those interfaces need to be already up. $ DRIVER_TEST_CONFORMANT=no ./ethtool_rmon.sh eth0 eth1 As part of the kselftest infrastructure, this test can be run in the following manner: $ make -C tools/testing/selftests/ TARGETS="drivers/net drivers/net/hw" \ install INSTALL_PATH=/tmp/ksft-net-drv $ cd /tmp/ksft-net-drv/ $ cat > ./drivers/net/net.config <<EOF NETIF=endpmac17 LOCAL_V4=17.0.0.1 REMOTE_V4=17.0.0.2 REMOTE_TYPE=ssh REMOTE_ARGS=root@192.168.5.200 EOF $ ./run_kselftest.sh -t drivers/net/hw:ethtool_rmon.sh TAP version 13 1..1 # timeout set to 0 # selftests: drivers/net/hw: ethtool_rmon.sh # TAP version 13 # 1..14 # ok 1 ethtool_rmon.rx-pkts64to64 # ok 2 ethtool_rmon.rx-pkts65to127 # ok 3 ethtool_rmon.rx-pkts128to255 # ok 4 ethtool_rmon.rx-pkts256to511 # ok 5 ethtool_rmon.rx-pkts512to1023 # ok 6 ethtool_rmon.rx-pkts1024to1518 # ok 7 ethtool_rmon.rx-pkts1519to10240 # ok 8 ethtool_rmon.tx-pkts64to64 # ok 9 ethtool_rmon.tx-pkts65to127 # ok 10 ethtool_rmon.tx-pkts128to255 # ok 11 ethtool_rmon.tx-pkts256to511 # ok 12 ethtool_rmon.tx-pkts512to1023 # ok 13 ethtool_rmon.tx-pkts1024to1518 # ok 14 ethtool_rmon.tx-pkts1519to10240 # # Totals: pass:14 fail:0 xfail:0 xpass:0 skip:0 error:0 ok 1 selftests: drivers/net/hw: ethtool_rmon.sh Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com> Reviewed-by: Petr Machata <petrm@nvidia.com> Link: https://patch.msgid.link/20260330152933.2195885-9-ioana.ciornei@nxp.com Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2026-04-02selftests: drivers: hw: move to KTAP outputIoana Ciornei
Update the ethtool_rmon.sh test so that it uses the KTAP format for its output. This is achieved by using the helpers found in ktap_helpers.sh. An example output can be found below. $ ./ethtool_rmon.sh endpmac3 endpmac4 TAP version 13 1..14 ok 1 ethtool_rmon.rx-pkts64to64 ok 2 ethtool_rmon.rx-pkts65to127 ok 3 ethtool_rmon.rx-pkts128to255 ok 4 ethtool_rmon.rx-pkts256to511 ok 5 ethtool_rmon.rx-pkts512to1023 ok 6 ethtool_rmon.rx-pkts1024to1518 ok 7 ethtool_rmon.rx-pkts1519to10240 ok 8 ethtool_rmon.tx-pkts64to64 ok 9 ethtool_rmon.tx-pkts65to127 ok 10 ethtool_rmon.tx-pkts128to255 ok 11 ethtool_rmon.tx-pkts256to511 ok 12 ethtool_rmon.tx-pkts512to1023 ok 13 ethtool_rmon.tx-pkts1024to1518 ok 14 ethtool_rmon.tx-pkts1519to10240 # Totals: pass:14 fail:0 xfail:0 xpass:0 skip:0 error:0 Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com> Reviewed-by: Petr Machata <petrm@nvidia.com> Link: https://patch.msgid.link/20260330152933.2195885-8-ioana.ciornei@nxp.com Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2026-04-02selftests: drivers: hw: replace counter upper limit with UINT32_MAX in rmon testIoana Ciornei
The ethtool_rmon.sh script checks that the number of packets sent / received during a test matches the expected value with a 1% tolerance. Since in the next patches this test will gain the capability to also be run on systems with a single interface where the traffic generator is accesible through ssh, use the UINT32_MAX as the upper limit. This is necessary since the same interface will be used also for control traffic (the ssh commands) as well as the mausezahn generated one. Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com> Reviewed-by: Petr Machata <petrm@nvidia.com> Link: https://patch.msgid.link/20260330152933.2195885-7-ioana.ciornei@nxp.com Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2026-04-02selftests: drivers: hw: test rmon counters only on first interfaceIoana Ciornei
The selftests in drivers/net are slowly transitioning to being able to be used on systems with a single network interface. The first step for the ethtool_rmon.sh test is to only validate that the rmon counters are properly exported on the first interface supplied as an argument. Remove the rmon_histogram calls which intend to test also the rmon counters on the 2nd interface. This also removes the need for the remote system, which should be used only to inject traffic, to also support rmon counters. Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com> Reviewed-by: Petr Machata <petrm@nvidia.com> Link: https://patch.msgid.link/20260330152933.2195885-6-ioana.ciornei@nxp.com Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2026-04-02selftests: drivers: hw: cleanup shellcheck warnings in the rmon testIoana Ciornei
If run on the ethtool_rmon.sh script, shellcheck generates a bunch of false positive errors. Suppress those checks that generate them. Also cleanup the remaining warnings by using double quoting around the used variables. Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com> Reviewed-by: Petr Machata <petrm@nvidia.com> Link: https://patch.msgid.link/20260330152933.2195885-5-ioana.ciornei@nxp.com Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2026-04-02selftests: net: update some helpers to use run_onIoana Ciornei
Update some helpers so that they are capable to run commands on different targets than the local one. This patch makes the necesasy modification for those helpers / sections of code which are needed for the ethtool_rmon.sh test that will be converted in the next patches. For example, mac_addr_prepare() and mac_addr_restore() used when STABLE_MAC_ADDRS=yes need to ensure stable MAC addresses on interfaces located even in other namespaces. In order to do that, append the 'ip link' commands with a 'run_on $dev' tag. The same run_on is necessary also when verifying if all the interfaces listed in NETIFS are indeed available. Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com> Reviewed-by: Petr Machata <petrm@nvidia.com> Link: https://patch.msgid.link/20260330152933.2195885-4-ioana.ciornei@nxp.com Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2026-04-02selftests: net: extend lib.sh to parse drivers/net/net.configIoana Ciornei
Extend lib.sh so that it's able to parse driver/net/net.config and environment variables such as NETIF, REMOTE_TYPE, LOCAL_V4 etc described in drivers/net/README.rst. In order to make the transition towards running with a single local interface smoother for the bash networking driver tests, beside sourcing the net.config file also translate the new env variables into the old style based on the NETIFS array. Since the NETIFS array only holds the network interface names, also add a new array - TARGETS - which keeps track of the target on which a specific interfaces resides - local, netns or accesible through an ssh command. For example, a net.config which looks like below: NETIF=eth0 LOCAL_V4=192.168.1.1 REMOTE_V4=192.168.1.2 REMOTE_TYPE=ssh REMOTE_ARGS=root@192.168.1.2 will generate the NETIFS and TARGETS arrays with the following data. NETIFS[p1]="eth0" NETIFS[p2]="eth2" TARGETS[eth0]="local:" TARGETS[eth2]="ssh:root@192.168.1.2" The above will be true if on the remote target, the interface which has the 192.168.1.2 address is named eth2. Since the TARGETS array is indexed by the network interface name, document a new restriction README.rst which states that the remote interface cannot have the same name as the local one. Keep the old way of populating the NETIFS variable based on the command line arguments. This will be invoked in case DRIVER_TEST_CONFORMANT = "no". Also add a couple of helpers which can be used by tests which need to run a specific bash command on a different target than the local system, be it either another netns or a remote system accessible through ssh. The __run_on() function is passed through $1 the target on which the command should be executed while run_on() is passed the name of the interface that is then used to retrieve the target from the TARGETS array. Also add a stub run_on() function in net/lib.sh so that users of the net/lib.sh are going through the stub only since neither NETIFS nor TARGETS are valid in that circumstance. Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com> Reviewed-by: Petr Machata <petrm@nvidia.com> Link: https://patch.msgid.link/20260330152933.2195885-3-ioana.ciornei@nxp.com Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2026-04-02selftests: forwarding: extend ethtool_std_stats_get with pause statisticsIoana Ciornei
Even though pause frame statistics are not exported through the same ethtool command, there is no point in adding another helper just for them. Extent the ethtool_std_stats_get() function so that we are able to interrogate using the same helper all the standard statistics. And since we are touching the function, convert the initial ethtool call as well to the jq --arg form in order to be easier to read. Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com> Reviewed-by: Petr Machata <petrm@nvidia.com> Link: https://patch.msgid.link/20260330152933.2195885-2-ioana.ciornei@nxp.com Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2026-04-02iommufd/selftest: Test dirty tracking on PASIDZhenzhong Duan
Add test case for dirty tracking on a domain attached to PASID, also confirm attachment to PASID fail if device doesn't support dirty tracking. Suggested-by: Lu Baolu <baolu.lu@linux.intel.com> Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com> Reviewed-by: Yi Liu <yi.l.liu@intel.com> Reviewed-by: Kevin Tian <kevin.tian@intel.com> Link: https://lore.kernel.org/r/20260330101108.12594-5-zhenzhong.duan@intel.com Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com> Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
2026-04-01Merge tag 'for-netdev' of ↵Jakub Kicinski
https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next Martin KaFai Lau says: ==================== pull-request: bpf-next 2026-04-01 We've added 2 non-merge commits during the last 2 day(s) which contain a total of 3 files changed, 139 insertions(+), 23 deletions(-). The main changes are: 1) skb_dst_drop(skb) when bpf prog does a encap or decap, from Jakub Kicinski * tag 'for-netdev' of https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next: selftests/bpf: Test that dst is cleared on same-protocol encap net: Clear the dst when performing encap / decap ==================== Link: https://patch.msgid.link/20260401233956.4133413-1-martin.lau@linux.dev Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-04-01perf test: Fix perf stat --bpf-counters on hybrid machinesNamhyung Kim
The test constantly fails on my Intel hybrid machine. The issue was it has two events in the output even if I only gave it one event. $ perf stat -e instructions -- perf test -w sqrtloop Performance counter stats for 'perf test -w sqrtloop': 910,856,421 cpu_atom/instructions/ (28.05%) 14,852,865,997 cpu_core/instructions/ (96.79%) 1.014313341 seconds time elapsed 1.004114000 seconds user 0.008174000 seconds sys Let's modify the awk script to add the values for each line and print the total. The variable 'i' has a number of input lines that have valid output and variable 'c' has the sum of actual counter values. That way it should work on any platforms. Reviewed-by: Ian Rogers <irogers@google.com> Signed-off-by: Namhyung Kim <namhyung@kernel.org>
2026-04-01perf tests: Write test files to tmpdirIan Rogers
Writing to the test output files in the current working directory can fail in various contexts such as continual test. Other tests write to a mktemp-ed file, make the "perf script task-analyszer tests" follow this convention too. Currently this isn't possible for the perf.data file due to a lack of perf script support, add a variable for when this support is available. Signed-off-by: Ian Rogers <irogers@google.com> Signed-off-by: Namhyung Kim <namhyung@kernel.org>
2026-04-01libperf cpumap: Make index and nr types unsignedIan Rogers
The index into the cpumap array and the number of entries within the array can never be negative, so let's make them unsigned. This is prompted by reports that gcc 13 with -O6 is giving a alloc-size-larger-than errors. The change makes the cpumap changes and then updates the declaration of index variables throughout perf and libperf to be unsigned. The two things are hard to separate as compiler warnings about mixing signed and unsigned types breaks the build. Reported-by: Chingbin Li <liqb365@163.com> Closes: https://lore.kernel.org/lkml/20260212025127.841090-1-liqb365@163.com/ Tested-by: Chingbin Li <liqb365@163.com> Signed-off-by: Ian Rogers <irogers@google.com> Signed-off-by: Namhyung Kim <namhyung@kernel.org>
2026-04-01tools/workqueue: add CACHE_SHARD support to wq_dump.pyBreno Leitao
The WQ_AFFN_CACHE_SHARD affinity scope was added to the kernel but wq_dump.py was not updated to enumerate it. Add the missing constant lookup and include it in the affinity scopes iteration so that drgn output shows the CACHE_SHARD pod topology alongside the other scopes. Signed-off-by: Breno Leitao <leitao@debian.org> Signed-off-by: Tejun Heo <tj@kernel.org>
2026-04-01KVM: arm64: selftests: Avoid testing the IMPDEF behaviorZenghui Yu (Huawei)
It turned out that we can't really force KVM to use the "slow" path when emulating AT instructions [1]. We should therefore avoid testing the IMPDEF behavior (i.e., TEST_ACCESS_FLAG - address translation instructions are permitted to update AF but not required). Remove it and improve the comment a bit. [1] https://lore.kernel.org/r/b951dcfb-0ad1-4d7b-b6ce-d54b272dd9be@linux.dev Signed-off-by: Zenghui Yu (Huawei) <zenghui.yu@linux.dev> Link: https://patch.msgid.link/20260317131558.52751-1-zenghui.yu@linux.dev Signed-off-by: Marc Zyngier <maz@kernel.org>