lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAEf4BzZK4vW0-sP7sF7vo2=fbw=mpvyGLN+v6v7KbkkL9bva9A@mail.gmail.com>
Date:   Mon, 30 Aug 2021 15:28:30 -0700
From:   Andrii Nakryiko <andrii.nakryiko@...il.com>
To:     Song Liu <songliubraving@...com>
Cc:     bpf <bpf@...r.kernel.org>,
        open list <linux-kernel@...r.kernel.org>,
        Arnaldo Carvalho de Melo <acme@...nel.org>,
        Peter Ziljstra <peterz@...radead.org>,
        Ingo Molnar <mingo@...hat.com>,
        Kajol Jain <kjain@...ux.ibm.com>,
        Kernel Team <kernel-team@...com>
Subject: Re: [PATCH v3 bpf-next 3/3] selftests/bpf: add test for bpf_get_branch_snapshot

On Mon, Aug 30, 2021 at 2:44 PM Song Liu <songliubraving@...com> wrote:
>
> This test uses bpf_get_branch_snapshot from a fexit program. The test uses
> a target kernel function (bpf_fexit_loop_test1) and compares the record
> against kallsyms. If there isn't enough record matching kallsyms, the
> test fails.
>
> Signed-off-by: Song Liu <songliubraving@...com>
> ---
>  net/bpf/test_run.c                            |  15 ++-
>  .../bpf/prog_tests/get_branch_snapshot.c      | 106 ++++++++++++++++++
>  .../selftests/bpf/progs/get_branch_snapshot.c |  41 +++++++
>  tools/testing/selftests/bpf/trace_helpers.c   |  30 +++++
>  tools/testing/selftests/bpf/trace_helpers.h   |   5 +
>  5 files changed, 196 insertions(+), 1 deletion(-)
>  create mode 100644 tools/testing/selftests/bpf/prog_tests/get_branch_snapshot.c
>  create mode 100644 tools/testing/selftests/bpf/progs/get_branch_snapshot.c
>
> diff --git a/net/bpf/test_run.c b/net/bpf/test_run.c
> index 2eb0e55ef54d2..6cc179a532c9c 100644
> --- a/net/bpf/test_run.c
> +++ b/net/bpf/test_run.c
> @@ -231,6 +231,18 @@ struct sock * noinline bpf_kfunc_call_test3(struct sock *sk)
>         return sk;
>  }
>
> +noinline int bpf_fexit_loop_test1(int n)

We have bpf_testmod as part of selftests now, which allows us to add
whatever in-kernel functionality we need, without polluting the kernel
itself. fentry/fexit attach to kernel functions works as well, so do
you think we can use that here for testing?

> +{
> +       int i, sum = 0;
> +
> +       /* the primary goal of this test is to test LBR. Create a lot of
> +        * branches in the function, so we can catch it easily.
> +        */
> +       for (i = 0; i < n; i++)
> +               sum += i;
> +       return sum;
> +}
> +
>  __diag_pop();
>
>  ALLOW_ERROR_INJECTION(bpf_modify_return_test, ERRNO);
> @@ -293,7 +305,8 @@ int bpf_prog_test_run_tracing(struct bpf_prog *prog,
>                     bpf_fentry_test5(11, (void *)12, 13, 14, 15) != 65 ||
>                     bpf_fentry_test6(16, (void *)17, 18, 19, (void *)20, 21) != 111 ||
>                     bpf_fentry_test7((struct bpf_fentry_test_t *)0) != 0 ||
> -                   bpf_fentry_test8(&arg) != 0)
> +                   bpf_fentry_test8(&arg) != 0 ||
> +                   bpf_fexit_loop_test1(101) != 5050)
>                         goto out;
>                 break;
>         case BPF_MODIFY_RETURN:
> diff --git a/tools/testing/selftests/bpf/prog_tests/get_branch_snapshot.c b/tools/testing/selftests/bpf/prog_tests/get_branch_snapshot.c
> new file mode 100644
> index 0000000000000..9bb16826418fb
> --- /dev/null
> +++ b/tools/testing/selftests/bpf/prog_tests/get_branch_snapshot.c
> @@ -0,0 +1,106 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/* Copyright (c) 2021 Facebook */
> +#include <test_progs.h>
> +#include "get_branch_snapshot.skel.h"
> +
> +static int *pfd_array;
> +static int cpu_cnt;
> +
> +static int create_perf_events(void)
> +{
> +       struct perf_event_attr attr = {0};
> +       int cpu;
> +
> +       /* create perf event */
> +       attr.size = sizeof(attr);
> +       attr.type = PERF_TYPE_RAW;
> +       attr.config = 0x1b00;
> +       attr.sample_type = PERF_SAMPLE_BRANCH_STACK;
> +       attr.branch_sample_type = PERF_SAMPLE_BRANCH_KERNEL |
> +               PERF_SAMPLE_BRANCH_USER | PERF_SAMPLE_BRANCH_ANY;
> +
> +       cpu_cnt = libbpf_num_possible_cpus();
> +       pfd_array = malloc(sizeof(int) * cpu_cnt);
> +       if (!pfd_array) {
> +               cpu_cnt = 0;
> +               return 1;
> +       }
> +
> +       for (cpu = 0; cpu < libbpf_num_possible_cpus(); cpu++) {

nit: use cpu_cnt from above?

> +               pfd_array[cpu] = syscall(__NR_perf_event_open, &attr,
> +                                        -1, cpu, -1, PERF_FLAG_FD_CLOEXEC);
> +               if (pfd_array[cpu] < 0)
> +                       break;
> +       }
> +
> +       return cpu == 0;
> +}
> +
> +static void close_perf_events(void)
> +{
> +       int cpu = 0;
> +       int fd;
> +
> +       while (cpu++ < cpu_cnt) {
> +               fd = pfd_array[cpu];
> +               if (fd < 0)
> +                       break;
> +               close(fd);
> +       }
> +       free(pfd_array);
> +}
> +
> +void test_get_branch_snapshot(void)
> +{
> +       struct get_branch_snapshot *skel;
> +       int err, prog_fd;
> +       __u32 retval;
> +
> +       if (create_perf_events()) {
> +               test__skip();  /* system doesn't support LBR */
> +               goto cleanup;

Cleanup inside create_perf_events() and just return here. Or at least
initialize skel to NULL above, otherwise __destroy() below will cause
SIGSEGV, most probably.

> +       }
> +
> +       skel = get_branch_snapshot__open_and_load();
> +       if (!ASSERT_OK_PTR(skel, "get_branch_snapshot__open_and_load"))
> +               goto cleanup;
> +
> +       err = kallsyms_find("bpf_fexit_loop_test1", &skel->bss->address_low);
> +       if (!ASSERT_OK(err, "kallsyms_find"))
> +               goto cleanup;
> +
> +       err = kallsyms_find_next("bpf_fexit_loop_test1", &skel->bss->address_high);
> +       if (!ASSERT_OK(err, "kallsyms_find_next"))
> +               goto cleanup;
> +
> +       err = get_branch_snapshot__attach(skel);
> +       if (!ASSERT_OK(err, "get_branch_snapshot__attach"))
> +               goto cleanup;
> +
> +       prog_fd = bpf_program__fd(skel->progs.test1);
> +       err = bpf_prog_test_run(prog_fd, 1, NULL, 0,
> +                               NULL, 0, &retval, NULL);
> +
> +       if (!ASSERT_OK(err, "bpf_prog_test_run"))
> +               goto cleanup;
> +
> +       if (skel->bss->total_entries < 16) {
> +               /* too few entries for the hit/waste test */
> +               test__skip();
> +               goto cleanup;
> +       }
> +
> +       ASSERT_GT(skel->bss->test1_hits, 5, "find_test1_in_lbr");
> +
> +       /* Given we stop LBR in software, we will waste a few entries.
> +        * But we should try to waste as few as possibleentries. We are at

s/possibleentries/possible entries/

> +        * about 7 on x86_64 systems.
> +        * Add a check for < 10 so that we get heads-up when something
> +        * changes and wastes too many entries.
> +        */
> +       ASSERT_LT(skel->bss->wasted_entries, 10, "check_wasted_entries");
> +
> +cleanup:
> +       get_branch_snapshot__destroy(skel);
> +       close_perf_events();
> +}
> diff --git a/tools/testing/selftests/bpf/progs/get_branch_snapshot.c b/tools/testing/selftests/bpf/progs/get_branch_snapshot.c
> new file mode 100644
> index 0000000000000..9c944e7480b95
> --- /dev/null
> +++ b/tools/testing/selftests/bpf/progs/get_branch_snapshot.c
> @@ -0,0 +1,41 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/* Copyright (c) 2021 Facebook */
> +#include "vmlinux.h"
> +#include <bpf/bpf_helpers.h>
> +#include <bpf/bpf_tracing.h>
> +
> +char _license[] SEC("license") = "GPL";
> +
> +__u64 test1_hits = 0;
> +__u64 address_low = 0;
> +__u64 address_high = 0;
> +int wasted_entries = 0;
> +long total_entries = 0;
> +
> +#define MAX_LBR_ENTRIES 32

see my comment on another patch, if kernel defines this constant as
enum, we'll automatically get it from vmlinux.h.

> +
> +struct perf_branch_entry entries[MAX_LBR_ENTRIES] = {};
> +
> +
> +static inline bool in_range(__u64 val)
> +{
> +       return (val >= address_low) && (val < address_high);
> +}
> +

[...]

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ