9 files changed, 85 insertions, 39 deletions

diff --git a/testcases/kernel/syscalls/keyctl/keyctl01.c b/testcases/kernel/syscalls/keyctl/keyctl01.c
index 55e069c68..674094eec 100644
--- a/testcases/kernel/syscalls/keyctl/keyctl01.c
+++ b/testcases/kernel/syscalls/keyctl/keyctl01.c
@@ -2,14 +2,17 @@
 /*
  * Copyright (c) Crackerjack Project., 2007
  * Copyright (c) 2017 Fujitsu Ltd.
+ * Copyright (c) Linux Test Project, 2009-2024
+ * Ported by Manas Kumar Nayak maknayak@in.ibm.com>
+ * Modified by Guangwen Feng <fenggw-fnst@cn.fujitsu.com>
  */
 
-/*
- * Description: This tests the keyctl() syscall
- *		Manipulate the kernel's key management facility
+/*\
+ * [Description]
  *
- * Ported by Manas Kumar Nayak maknayak@in.ibm.com>
- * Modified by Guangwen Feng <fenggw-fnst@cn.fujitsu.com>
+ * Tests the keyctl(2) syscall.
+ *
+ * Manipulate the kernel's key management facility.
  */
 
 #include <errno.h>
diff --git a/testcases/kernel/syscalls/keyctl/keyctl02.c b/testcases/kernel/syscalls/keyctl/keyctl02.c
index 35cc2838d..fd3f86bbc 100644
--- a/testcases/kernel/syscalls/keyctl/keyctl02.c
+++ b/testcases/kernel/syscalls/keyctl/keyctl02.c
@@ -1,11 +1,14 @@
 // SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * Copyright (c) 2017 Fujitsu Ltd.
- *  Ported: Guangwen Feng <fenggw-fnst@cn.fujitsu.com>
+ * Copyright (c) Linux Test Project, 2017-2024
+ * Ported: Guangwen Feng <fenggw-fnst@cn.fujitsu.com>
  */
 
-/*
- * This is a regression test for the race between keyctl_read() and
+/*\
+ * [Description]
+ *
+ * Regression test for the race between keyctl_read() and
  * keyctl_revoke(), if the revoke happens between keyctl_read()
  * checking the validity of a key and the key's semaphore being taken,
  * then the key type read method will see a revoked key.
@@ -14,13 +17,8 @@
  * assumes in its read method that there will always be a payload
  * in a non-revoked key and doesn't check for a NULL pointer.
  *
- * This test can crash the buggy kernel, and the bug was fixed in:
- *
- *  commit b4a1b4f5047e4f54e194681125c74c0aa64d637d
- *  Author: David Howells <dhowells@redhat.com>
- *  Date:   Fri Dec 18 01:34:26 2015 +0000
- *
- *  KEYS: Fix race between read and revoke
+ * Bug was fixed in commit
+ * b4a1b4f5047e ("KEYS: Fix race between read and revoke")
  */
 
 #include <errno.h>
@@ -29,6 +27,7 @@
 
 #include "tst_safe_pthread.h"
 #include "tst_test.h"
+#include "tst_kconfig.h"
 #include "lapi/keyctl.h"
 
 #define LOOPS	20000
@@ -36,6 +35,7 @@
 #define PATH_KEY_COUNT_QUOTA	"/proc/sys/kernel/keys/root_maxkeys"
 
 static int orig_maxkeys;
+static int realtime_kernel;
 
 static void *do_read(void *arg)
 {
@@ -86,6 +86,15 @@ static void do_test(void)
 			tst_res(TINFO, "Runtime exhausted, exiting after %d loops", i);
 			break;
 		}
+
+		/*
+		 * Realtime kernel has deferred post-join thread cleanup which
+		 * may result in exhaustion of cgroup thread limit. Add delay
+		 * to limit the maximum number of stale threads to 4000
+		 * even with CONFIG_HZ=100.
+		 */
+		if (realtime_kernel)
+			usleep(100);
 	}
 
 	/*
@@ -126,8 +135,19 @@ static void do_test(void)
 
 static void setup(void)
 {
+	unsigned int i;
+	struct tst_kconfig_var rt_kconfigs[] = {
+		TST_KCONFIG_INIT("CONFIG_PREEMPT_RT"),
+		TST_KCONFIG_INIT("CONFIG_PREEMPT_RT_FULL")
+	};
+
 	SAFE_FILE_SCANF(PATH_KEY_COUNT_QUOTA, "%d", &orig_maxkeys);
 	SAFE_FILE_PRINTF(PATH_KEY_COUNT_QUOTA, "%d", orig_maxkeys + LOOPS + 1);
+
+	tst_kconfig_read(rt_kconfigs, ARRAY_SIZE(rt_kconfigs));
+
+	for (i = 0; i < ARRAY_SIZE(rt_kconfigs); i++)
+		realtime_kernel |= rt_kconfigs[i].choice == 'y';
 }
 
 static void cleanup(void)
diff --git a/testcases/kernel/syscalls/keyctl/keyctl03.c b/testcases/kernel/syscalls/keyctl/keyctl03.c
index 9d7b9a0b5..563ee96a9 100644
--- a/testcases/kernel/syscalls/keyctl/keyctl03.c
+++ b/testcases/kernel/syscalls/keyctl/keyctl03.c
@@ -1,19 +1,15 @@
 // SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * Copyright (c) 2017 Fujitsu Ltd.
- *  Ported: Guangwen Feng <fenggw-fnst@cn.fujitsu.com>
+ * Copyright (c) Linux Test Project, 2017-2024
+ * Ported: Guangwen Feng <fenggw-fnst@cn.fujitsu.com>
  */
 
-/*
- * This regression test can crash the buggy kernel,
- * and the bug was fixed in:
- *
- *  commit f05819df10d7b09f6d1eb6f8534a8f68e5a4fe61
- *  Author: David Howells <dhowells@redhat.com>
- *  Date:   Thu Oct 15 17:21:37 2015 +0100
+/*\
+ * [Description]
  *
- *  KEYS: Fix crash when attempt to garbage collect
- *        an uninstantiated keyring
+ * Regression test for commit
+ * f05819df10d7 ("KEYS: Fix crash when attempt to garbage collect an uninstantiated keyring")
  */
 
 #include <errno.h>
diff --git a/testcases/kernel/syscalls/keyctl/keyctl04.c b/testcases/kernel/syscalls/keyctl/keyctl04.c
index 1fed23ca6..50c9244de 100644
--- a/testcases/kernel/syscalls/keyctl/keyctl04.c
+++ b/testcases/kernel/syscalls/keyctl/keyctl04.c
@@ -1,9 +1,12 @@
 // SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * Copyright (c) 2017 Google, Inc.
+ * Copyright (c) Linux Test Project, 2017-2024
  */
 
-/*
+/*\
+ * [Description]
+ *
  * Regression test for commit c9f838d104fe ("KEYS: fix
  * keyctl_set_reqkey_keyring() to not leak thread keyrings"), a.k.a.
  * CVE-2017-7472.  This bug could be used to exhaust kernel memory, though it
diff --git a/testcases/kernel/syscalls/keyctl/keyctl05.c b/testcases/kernel/syscalls/keyctl/keyctl05.c
index 7d7c076c0..0ad106774 100644
--- a/testcases/kernel/syscalls/keyctl/keyctl05.c
+++ b/testcases/kernel/syscalls/keyctl/keyctl05.c
@@ -1,9 +1,12 @@
 // SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * Copyright (c) 2017 Google, Inc.
+ * Copyright (c) Linux Test Project, 2017-2024
  */
 
-/*
+/*\
+ * [Description]
+ *
  * Regression test for commit 63a0b0509e70 ("KEYS: fix freeing uninitialized
  * memory in key_update()").  Try to reproduce the crash in two different ways:
  *
@@ -31,6 +34,8 @@
 #include "tst_test.h"
 #include "lapi/keyctl.h"
 
+#define MODULE "dns_resolver"
+
 /*
  * A valid payload for the "asymmetric" key type.  This is an x509 certificate
  * in DER format, generated using:
@@ -190,6 +195,9 @@ static void test_update_setperm_race(void)
 
 static void setup(void)
 {
+	/* There is no way to trigger automatic dns_resolver module loading. */
+	tst_cmd((const char*[]){"modprobe", MODULE, NULL}, NULL, NULL, 0);
+
 	fips_enabled = tst_fips_enabled();
 }
 
@@ -198,8 +206,12 @@ static void do_test(unsigned int i)
 	/*
 	 * We need to pass check in dns_resolver_preparse(),
 	 * give it dummy server list request.
+	 * From v6.8-rc1 commit acc657692aed438e9931438f8c923b2b107aebf9:
+	 * the incoming data for add_key() sysdall should be not less than 6
+	 * bytes, because struct dns_server_list_v1_header is 6 bytes.
+	 * The minimum payload will be tested here for boundary testing.
 	 */
-	static char dns_res_payload[] = { 0x00, 0x00, 0x01, 0xff, 0x00 };
+	static char dns_res_payload[] = { 0x00, 0x00, 0x01, 0xff, 0x00, 0x00 };
 
 	switch (i) {
 	case 0:
@@ -207,7 +219,7 @@ static void do_test(unsigned int i)
 					 x509_cert, sizeof(x509_cert));
 		break;
 	case 1:
-		test_update_nonupdatable("dns_resolver", dns_res_payload,
+		test_update_nonupdatable(MODULE, dns_res_payload,
 			sizeof(dns_res_payload));
 		break;
 	case 2:
@@ -217,12 +229,14 @@ static void do_test(unsigned int i)
 }
 
 static struct tst_test test = {
+	.needs_root = 1,
 	.tcnt = 3,
 	.setup = setup,
 	.test = do_test,
 	.forks_child = 1,
 	.tags = (const struct tst_tag[]) {
 		{"linux-git", "63a0b0509e70"},
+		{"linux-git", "acc657692aed"},
 		{}
 	}
 };
diff --git a/testcases/kernel/syscalls/keyctl/keyctl06.c b/testcases/kernel/syscalls/keyctl/keyctl06.c
index f76a85ff2..4564601d1 100644
--- a/testcases/kernel/syscalls/keyctl/keyctl06.c
+++ b/testcases/kernel/syscalls/keyctl/keyctl06.c
@@ -1,19 +1,19 @@
 // SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * Copyright (c) 2017 Google, Inc.
+ * Copyright (c) Linux Test Project, 2017-2024
  */
 
-/*
- * Regression test for:
+/*\
+ * [Description]
  *
- *	commit e645016abc80 ("KEYS: fix writing past end of user-supplied buffer
- *	in keyring_read()").
+ * Regression test for commit:
  *
- * as well as its follow-on fix:
+ * e645016abc80 ("KEYS: fix writing past end of user-supplied buffer in keyring_read()")
  *
- *	commit 3239b6f29bdf ("KEYS: return full count in keyring_read() if
- *	buffer is too small")
+ * as well as its follow-on fix:
  *
+ * commit 3239b6f29bdf ("KEYS: return full count in keyring_read() if buffer is too small")
  */
 
 #include <errno.h>
diff --git a/testcases/kernel/syscalls/keyctl/keyctl07.c b/testcases/kernel/syscalls/keyctl/keyctl07.c
index d9e20db5f..8b10ee803 100644
--- a/testcases/kernel/syscalls/keyctl/keyctl07.c
+++ b/testcases/kernel/syscalls/keyctl/keyctl07.c
@@ -1,9 +1,12 @@
 // SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * Copyright (c) 2017 Google, Inc.
+ * Copyright (c) Linux Test Project, 2018-2024
  */
 
-/*
+/*\
+ * [Description]
+ *
  * Regression test for commit 37863c43b2c6 ("KEYS: prevent KEYCTL_READ on
  * negative key").  This is CVE-2017-12192.
  */
diff --git a/testcases/kernel/syscalls/keyctl/keyctl08.c b/testcases/kernel/syscalls/keyctl/keyctl08.c
index be4b23b14..30e077c50 100644
--- a/testcases/kernel/syscalls/keyctl/keyctl08.c
+++ b/testcases/kernel/syscalls/keyctl/keyctl08.c
@@ -1,10 +1,16 @@
 // SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * Copyright (c) 2017 Richard Palethorpe <rpalethorpe@suse.com>
+ * Copyright (c) Linux Test Project, 2019-2024
  */
-/* Check for CVE-2016-9604; that keys beginning with "." are disallowed.
+
+/*\
+ * [Description]
+ *
+ * Test for CVE-2016-9604, checks that keys beginning with "." are disallowed.
  *
- * See commit ee8f844e3c5a73b999edf733df1c529d6503ec2f
+ * See commit
+ * ee8f844e3c5a ("KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings")
  */
 
 #include <errno.h>
diff --git a/testcases/kernel/syscalls/keyctl/keyctl09.c b/testcases/kernel/syscalls/keyctl/keyctl09.c
index cfd5f7e5f..1f24f804a 100644
--- a/testcases/kernel/syscalls/keyctl/keyctl09.c
+++ b/testcases/kernel/syscalls/keyctl/keyctl09.c
@@ -1,6 +1,7 @@
 // SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * Copyright (c) 2022 Google, Inc.
+ * Copyright (c) Linux Test Project, 2023
  */
 
 /*\