lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 23 Jan 2018 11:22:55 -0800
From:   Jakub Kicinski <jakub.kicinski@...ronome.com>
To:     davem@...emloft.net, alexei.starovoitov@...il.com,
        daniel@...earbox.net
Cc:     netdev@...r.kernel.org, oss-drivers@...ronome.com,
        Quentin Monnet <quentin.monnet@...ronome.com>
Subject: [PATCH net-next 4/5] selftests/bpf: check bpf verifier log buffer usage works for HW offload

From: Quentin Monnet <quentin.monnet@...ronome.com>

Make netdevsim print a message to the BPF verifier log buffer when a
program is offloaded.

Then use this message in hardware offload selftests to make sure that
using this buffer actually prints the message to the console for
eBPF hardware offload.

The message is appended after the last instruction is processed with the
verifying function from netdevsim. Output looks like the following:

    $ tc filter add dev foo ingress bpf obj sample_ret0.o \
        sec .text verbose skip_sw

    Prog section '.text' loaded (5)!
     - Type:         3
     - Instructions: 2 (0 over limit)
     - License:

    Verifier analysis:

    0: (b7) r0 = 0
    1: (95) exit
    [netdevsim] Hello from netdevsim!
    processed 2 insns, stack depth 0

"verbose" flag is required to see it in the console since netdevsim does
not throw an error after printing the message.

Signed-off-by: Quentin Monnet <quentin.monnet@...ronome.com>
Reviewed-by: Jakub Kicinski <jakub.kicinski@...ronome.com>
---
 drivers/net/netdevsim/bpf.c                 |  6 ++++++
 tools/testing/selftests/bpf/test_offload.py | 24 +++++++++++++++++++-----
 2 files changed, 25 insertions(+), 5 deletions(-)

diff --git a/drivers/net/netdevsim/bpf.c b/drivers/net/netdevsim/bpf.c
index 940c63eeebf9..8166f121bbcc 100644
--- a/drivers/net/netdevsim/bpf.c
+++ b/drivers/net/netdevsim/bpf.c
@@ -23,6 +23,9 @@
 
 #include "netdevsim.h"
 
+#define pr_vlog(env, fmt, ...)	\
+	bpf_verifier_log_write(env, "[netdevsim] " fmt, ##__VA_ARGS__)
+
 struct nsim_bpf_bound_prog {
 	struct netdevsim *ns;
 	struct bpf_prog *prog;
@@ -77,6 +80,9 @@ nsim_bpf_verify_insn(struct bpf_verifier_env *env, int insn_idx, int prev_insn)
 	if (state->ns->bpf_bind_verifier_delay && !insn_idx)
 		msleep(state->ns->bpf_bind_verifier_delay);
 
+	if (insn_idx == env->prog->len - 1)
+		pr_vlog(env, "Hello from netdevsim!\n");
+
 	return 0;
 }
 
diff --git a/tools/testing/selftests/bpf/test_offload.py b/tools/testing/selftests/bpf/test_offload.py
index 8dca4dc6c193..d128a16ee9a8 100755
--- a/tools/testing/selftests/bpf/test_offload.py
+++ b/tools/testing/selftests/bpf/test_offload.py
@@ -362,8 +362,10 @@ netns = [] # net namespaces to be removed
         return ip("link set dev %s mtu %d" % (self.dev["ifname"], mtu),
                   fail=fail)
 
-    def set_xdp(self, bpf, mode, force=False, JSON=True,
+    def set_xdp(self, bpf, mode, force=False, JSON=True, verbose=False,
                 fail=True, include_stderr=False):
+        if verbose:
+            bpf += " verbose"
         return ip("link set dev %s xdp%s %s" % (self.dev["ifname"], mode, bpf),
                   force=force, JSON=JSON,
                   fail=fail, include_stderr=include_stderr)
@@ -427,11 +429,13 @@ netns = [] # net namespaces to be removed
                  (len(filters), expected))
         return filters
 
-    def cls_bpf_add_filter(self, bpf, da=False, skip_sw=False, skip_hw=False,
-                           fail=True, include_stderr=False):
+    def cls_bpf_add_filter(self, bpf, da=False, verbose=False, skip_sw=False,
+                           skip_hw=False, fail=True, include_stderr=False):
         params = ""
         if da:
             params += " da"
+        if verbose:
+            params += " verbose"
         if skip_sw:
             params += " skip_sw"
         if skip_hw:
@@ -520,6 +524,13 @@ netns = [] # net namespaces to be removed
 def check_extack_nsim(output, reference, args):
     check_extack(output, "Error: netdevsim: " + reference, args)
 
+def check_verifier_log(output, reference):
+    lines = output.split("\n")
+    for l in reversed(lines):
+        if l == reference:
+            return
+    fail(True, "Missing or incorrect message from netdevsim in verifier log")
+
 # Parse command line
 parser = argparse.ArgumentParser()
 parser.add_argument("--log", help="output verbose log to given file")
@@ -634,8 +645,10 @@ netns = []
     sim.wait_for_flush()
 
     start_test("Test TC offloads work...")
-    ret, _ = sim.cls_bpf_add_filter(obj, skip_sw=True, fail=False)
+    ret, _, err = sim.cls_bpf_add_filter(obj, verbose=True, skip_sw=True,
+                                         fail=False, include_stderr=True)
     fail(ret != 0, "TC filter did not load with TC offloads enabled")
+    check_verifier_log(err, "[netdevsim] Hello from netdevsim!")
 
     start_test("Test TC offload basics...")
     dfs = sim.dfs_get_bound_progs(expected=1)
@@ -744,12 +757,13 @@ netns = []
 
     sim.wait_for_flush()
     start_test("Test XDP offload...")
-    sim.set_xdp(obj, "offload")
+    _, _, err = sim.set_xdp(obj, "offload", verbose=True, include_stderr=True)
     ipl = sim.ip_link_show(xdp=True)
     link_xdp = ipl["xdp"]["prog"]
     progs = bpftool_prog_list(expected=1)
     prog = progs[0]
     fail(link_xdp["id"] != prog["id"], "Loaded program has wrong ID")
+    check_verifier_log(err, "[netdevsim] Hello from netdevsim!")
 
     start_test("Test XDP offload is device bound...")
     dfs = sim.dfs_get_bound_progs(expected=1)
-- 
2.15.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ