| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 24 May 2020 09:50:12 -0700
From: John Fastabend <john.fastabend@...il.com>
To: yhs@...com, andrii.nakryiko@...il.com, ast@...nel.org,
daniel@...earbox.net
Cc: netdev@...r.kernel.org, bpf@...r.kernel.org,
john.fastabend@...il.com
Subject: [bpf-next PATCH v5 0/5] bpf: Add sk_msg and networking helpers
This series adds helpers for sk_msg program type and based on feedback
from v1 adds *_task_* helpers and probe_* helpers to all networking
programs with perfmon_capable() capabilities.
The list of helpers breaks down as follows,
Networking with perfmon_capable() guard (patch2):
BPF_FUNC_get_current_task
BPF_FUNC_probe_read_user
BPF_FUNC_probe_read_kernel
BPF_FUNC_probe_read_user_str
BPF_FUNC_probe_read_kernel_str
Added to sk_msg program types (patch1,3):
BPF_FUNC_perf_event_output
BPF_FUNC_get_current_uid_gid
BPF_FUNC_get_current_pid_tgid
BPF_FUNC_get_current_cgroup_id
BPF_FUNC_get_current_ancestor_cgroup_id
BPF_FUNC_get_cgroup_classid
BPF_FUNC_sk_storage_get
BPF_FUNC_sk_storage_delete
For testing we create two tests. One specifically for the sk_msg
program types which encodes a common pattern we use to test verifier
logic now and as the verifier evolves.
Next we have skb classifier test. This uses the test run infra to
run a test which uses the get_current_task, current_task_under_cgroup,
probe_read_kernel, and probe_reak_kernel_str.
Note we dropped the old probe_read variants probe_read() and
probe_read_str() in v2.
v4->v5:
Remove BPF_FUNC_current_task_under_cgroup because it requires a
valid current and at least at the moment seems less usable in all
contexts. It also probably doesn't need to be guarded by perfoman_cap.
We can add it on a per type basis when its needed or decide later
after some more experience that its universally useful.
v3->v4:
patch4, remove macros and put code inline, add test cleanup, remove
version in bpf program.
patch5, use ctask returned from task_under_cgroup so that we avoid
any potential compiler warnings, add test cleanup, use BTF style
maps.
v2->v3:
Pulled header update of tools sk_msg_md{} structure into patch3 for
easier review. ACKs from Yonghong pushed into v3
v1->v2:
Pulled generic helpers *current_task* and probe_* into the
base func helper so they can be used more widely in networking scope.
BPF capabilities patch is now in bpf-next so use perfmon_capable() check
instead of CAP_SYS_ADMIN.
Drop old probe helpers, probe_read() and probe_read_str()
Added tests.
Thanks to Daniel, Yonghong, and Andrii for review and feedback.
---
John Fastabend (5):
bpf, sk_msg: add some generic helpers that may be useful from sk_msg
bpf: extend bpf_base_func_proto helpers with probe_* and *current_task*
bpf, sk_msg: add get socket storage helpers
bpf, selftests: add sk_msg helpers load and attach test
bpf, selftests: test probe_* helpers from SCHED_CLS
include/uapi/linux/bpf.h | 2 +
kernel/bpf/helpers.c | 24 ++++++++++
kernel/trace/bpf_trace.c | 10 ++--
net/core/filter.c | 31 +++++++++++++
tools/include/uapi/linux/bpf.h | 2 +
.../testing/selftests/bpf/prog_tests/skb_helpers.c | 30 +++++++++++++
.../selftests/bpf/prog_tests/sockmap_basic.c | 35 +++++++++++++++
.../testing/selftests/bpf/progs/test_skb_helpers.c | 28 ++++++++++++
.../selftests/bpf/progs/test_skmsg_load_helpers.c | 47 ++++++++++++++++++++
9 files changed, 204 insertions(+), 5 deletions(-)
create mode 100644 tools/testing/selftests/bpf/prog_tests/skb_helpers.c
create mode 100644 tools/testing/selftests/bpf/progs/test_skb_helpers.c
create mode 100644 tools/testing/selftests/bpf/progs/test_skmsg_load_helpers.c
--
Signature
Powered by blists - more mailing lists