lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAEf4BzYCHa0fmjGgwLXq=2Mj6ree3FgjEOynq1DtxC3cJT1cmw@mail.gmail.com>
Date: Tue, 23 Jan 2024 11:51:28 -0800
From: Andrii Nakryiko <andrii.nakryiko@...il.com>
To: Tiezhu Yang <yangtiezhu@...ngson.cn>
Cc: Alexei Starovoitov <ast@...nel.org>, Daniel Borkmann <daniel@...earbox.net>, 
	Andrii Nakryiko <andrii@...nel.org>, Eduard Zingerman <eddyz87@...il.com>, 
	John Fastabend <john.fastabend@...il.com>, Jiri Olsa <jolsa@...nel.org>, 
	Hou Tao <houtao@...weicloud.com>, Song Liu <song@...nel.org>, bpf@...r.kernel.org, 
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH bpf-next v7 2/2] selftests/bpf: Skip callback tests if jit
 is disabled in test_verifier

On Tue, Jan 23, 2024 at 1:04 AM Tiezhu Yang <yangtiezhu@...ngson.cn> wrote:
>
> If CONFIG_BPF_JIT_ALWAYS_ON is not set and bpf_jit_enable is 0, there
> exist 6 failed tests.
>
>   [root@...ux bpf]# echo 0 > /proc/sys/net/core/bpf_jit_enable
>   [root@...ux bpf]# echo 0 > /proc/sys/kernel/unprivileged_bpf_disabled
>   [root@...ux bpf]# ./test_verifier | grep FAIL
>   #106/p inline simple bpf_loop call FAIL
>   #107/p don't inline bpf_loop call, flags non-zero FAIL
>   #108/p don't inline bpf_loop call, callback non-constant FAIL
>   #109/p bpf_loop_inline and a dead func FAIL
>   #110/p bpf_loop_inline stack locations for loop vars FAIL
>   #111/p inline bpf_loop call in a big program FAIL
>   Summary: 768 PASSED, 15 SKIPPED, 6 FAILED
>
> The test log shows that callbacks are not allowed in non-JITed programs,
> interpreter doesn't support them yet, thus these tests should be skipped
> if jit is disabled.
>
> Add an explicit flag F_NEEDS_JIT_ENABLED to those tests to mark that they
> require JIT enabled in bpf_loop_inline.c, check the flag and jit_disabled
> at the beginning of do_test_single() to handle this case.
>
> With this patch:
>
>   [root@...ux bpf]# echo 0 > /proc/sys/net/core/bpf_jit_enable
>   [root@...ux bpf]# echo 0 > /proc/sys/kernel/unprivileged_bpf_disabled
>   [root@...ux bpf]# ./test_verifier | grep FAIL
>   Summary: 768 PASSED, 21 SKIPPED, 0 FAILED
>
> Suggested-by: Andrii Nakryiko <andrii@...nel.org>
> Signed-off-by: Tiezhu Yang <yangtiezhu@...ngson.cn>
> ---
>  tools/testing/selftests/bpf/test_verifier.c           | 11 +++++++++++
>  .../testing/selftests/bpf/verifier/bpf_loop_inline.c  |  6 ++++++
>  2 files changed, 17 insertions(+)
>
> diff --git a/tools/testing/selftests/bpf/test_verifier.c b/tools/testing/selftests/bpf/test_verifier.c
> index 1a09fc34d093..c65915188d7c 100644
> --- a/tools/testing/selftests/bpf/test_verifier.c
> +++ b/tools/testing/selftests/bpf/test_verifier.c
> @@ -67,6 +67,7 @@
>
>  #define F_NEEDS_EFFICIENT_UNALIGNED_ACCESS     (1 << 0)
>  #define F_LOAD_WITH_STRICT_ALIGNMENT           (1 << 1)
> +#define F_NEEDS_JIT_ENABLED                    (1 << 2)
>
>  /* need CAP_BPF, CAP_NET_ADMIN, CAP_PERFMON to load progs */
>  #define ADMIN_CAPS (1ULL << CAP_NET_ADMIN |    \
> @@ -74,6 +75,7 @@
>                     1ULL << CAP_BPF)
>  #define UNPRIV_SYSCTL "kernel/unprivileged_bpf_disabled"
>  static bool unpriv_disabled = false;
> +static bool jit_disabled;
>  static int skips;
>  static bool verbose = false;
>  static int verif_log_level = 0;
> @@ -1524,6 +1526,13 @@ static void do_test_single(struct bpf_test *test, bool unpriv,
>         __u32 pflags;
>         int i, err;
>
> +       if ((test->flags & F_NEEDS_JIT_ENABLED) && jit_disabled) {
> +               printf("SKIP (callbacks are not allowed in non-JITed programs)\n");

This should be more generic "SKIP (test requires JIT)" or something.
Whoever will apply this can fix it up, don't resend.

> +               skips++;
> +               sched_yield();

not sure why we need sched_yield(), tbh? It probably won't hurt, though.

> +               return;
> +       }
> +
>         fd_prog = -1;
>         for (i = 0; i < MAX_NR_MAPS; i++)
>                 map_fds[i] = -1;
> @@ -1844,6 +1853,8 @@ int main(int argc, char **argv)
>                 return EXIT_FAILURE;
>         }
>
> +       jit_disabled = !is_jit_enabled();
> +
>         /* Use libbpf 1.0 API mode */
>         libbpf_set_strict_mode(LIBBPF_STRICT_ALL);
>
> diff --git a/tools/testing/selftests/bpf/verifier/bpf_loop_inline.c b/tools/testing/selftests/bpf/verifier/bpf_loop_inline.c
> index a535d41dc20d..59125b22ae39 100644
> --- a/tools/testing/selftests/bpf/verifier/bpf_loop_inline.c
> +++ b/tools/testing/selftests/bpf/verifier/bpf_loop_inline.c
> @@ -57,6 +57,7 @@
>         .expected_insns = { PSEUDO_CALL_INSN() },
>         .unexpected_insns = { HELPER_CALL_INSN() },
>         .prog_type = BPF_PROG_TYPE_TRACEPOINT,
> +       .flags = F_NEEDS_JIT_ENABLED,
>         .result = ACCEPT,
>         .runs = 0,
>         .func_info = { { 0, MAIN_TYPE }, { 12, CALLBACK_TYPE } },
> @@ -90,6 +91,7 @@
>         .expected_insns = { HELPER_CALL_INSN() },
>         .unexpected_insns = { PSEUDO_CALL_INSN() },
>         .prog_type = BPF_PROG_TYPE_TRACEPOINT,
> +       .flags = F_NEEDS_JIT_ENABLED,
>         .result = ACCEPT,
>         .runs = 0,
>         .func_info = { { 0, MAIN_TYPE }, { 16, CALLBACK_TYPE } },
> @@ -127,6 +129,7 @@
>         .expected_insns = { HELPER_CALL_INSN() },
>         .unexpected_insns = { PSEUDO_CALL_INSN() },
>         .prog_type = BPF_PROG_TYPE_TRACEPOINT,
> +       .flags = F_NEEDS_JIT_ENABLED,
>         .result = ACCEPT,
>         .runs = 0,
>         .func_info = {
> @@ -165,6 +168,7 @@
>         .expected_insns = { PSEUDO_CALL_INSN() },
>         .unexpected_insns = { HELPER_CALL_INSN() },
>         .prog_type = BPF_PROG_TYPE_TRACEPOINT,
> +       .flags = F_NEEDS_JIT_ENABLED,
>         .result = ACCEPT,
>         .runs = 0,
>         .func_info = {
> @@ -235,6 +239,7 @@
>         },
>         .unexpected_insns = { HELPER_CALL_INSN() },
>         .prog_type = BPF_PROG_TYPE_TRACEPOINT,
> +       .flags = F_NEEDS_JIT_ENABLED,
>         .result = ACCEPT,
>         .func_info = {
>                 { 0, MAIN_TYPE },
> @@ -252,6 +257,7 @@
>         .unexpected_insns = { HELPER_CALL_INSN() },
>         .result = ACCEPT,
>         .prog_type = BPF_PROG_TYPE_TRACEPOINT,
> +       .flags = F_NEEDS_JIT_ENABLED,
>         .func_info = { { 0, MAIN_TYPE }, { 16, CALLBACK_TYPE } },
>         .func_info_cnt = 2,
>         BTF_TYPES
> --
> 2.42.0
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ