| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 23 Jan 2024 11:51:28 -0800
From: Andrii Nakryiko <andrii.nakryiko@...il.com>
To: Tiezhu Yang <yangtiezhu@...ngson.cn>
Cc: Alexei Starovoitov <ast@...nel.org>, Daniel Borkmann <daniel@...earbox.net>,
Andrii Nakryiko <andrii@...nel.org>, Eduard Zingerman <eddyz87@...il.com>,
John Fastabend <john.fastabend@...il.com>, Jiri Olsa <jolsa@...nel.org>,
Hou Tao <houtao@...weicloud.com>, Song Liu <song@...nel.org>, bpf@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH bpf-next v7 2/2] selftests/bpf: Skip callback tests if jit
is disabled in test_verifier
On Tue, Jan 23, 2024 at 1:04 AM Tiezhu Yang <yangtiezhu@...ngson.cn> wrote:
>
> If CONFIG_BPF_JIT_ALWAYS_ON is not set and bpf_jit_enable is 0, there
> exist 6 failed tests.
>
> [root@...ux bpf]# echo 0 > /proc/sys/net/core/bpf_jit_enable
> [root@...ux bpf]# echo 0 > /proc/sys/kernel/unprivileged_bpf_disabled
> [root@...ux bpf]# ./test_verifier | grep FAIL
> #106/p inline simple bpf_loop call FAIL
> #107/p don't inline bpf_loop call, flags non-zero FAIL
> #108/p don't inline bpf_loop call, callback non-constant FAIL
> #109/p bpf_loop_inline and a dead func FAIL
> #110/p bpf_loop_inline stack locations for loop vars FAIL
> #111/p inline bpf_loop call in a big program FAIL
> Summary: 768 PASSED, 15 SKIPPED, 6 FAILED
>
> The test log shows that callbacks are not allowed in non-JITed programs,
> interpreter doesn't support them yet, thus these tests should be skipped
> if jit is disabled.
>
> Add an explicit flag F_NEEDS_JIT_ENABLED to those tests to mark that they
> require JIT enabled in bpf_loop_inline.c, check the flag and jit_disabled
> at the beginning of do_test_single() to handle this case.
>
> With this patch:
>
> [root@...ux bpf]# echo 0 > /proc/sys/net/core/bpf_jit_enable
> [root@...ux bpf]# echo 0 > /proc/sys/kernel/unprivileged_bpf_disabled
> [root@...ux bpf]# ./test_verifier | grep FAIL
> Summary: 768 PASSED, 21 SKIPPED, 0 FAILED
>
> Suggested-by: Andrii Nakryiko <andrii@...nel.org>
> Signed-off-by: Tiezhu Yang <yangtiezhu@...ngson.cn>
> ---
> tools/testing/selftests/bpf/test_verifier.c | 11 +++++++++++
> .../testing/selftests/bpf/verifier/bpf_loop_inline.c | 6 ++++++
> 2 files changed, 17 insertions(+)
>
> diff --git a/tools/testing/selftests/bpf/test_verifier.c b/tools/testing/selftests/bpf/test_verifier.c
> index 1a09fc34d093..c65915188d7c 100644
> --- a/tools/testing/selftests/bpf/test_verifier.c
> +++ b/tools/testing/selftests/bpf/test_verifier.c
> @@ -67,6 +67,7 @@
>
> #define F_NEEDS_EFFICIENT_UNALIGNED_ACCESS (1 << 0)
> #define F_LOAD_WITH_STRICT_ALIGNMENT (1 << 1)
> +#define F_NEEDS_JIT_ENABLED (1 << 2)
>
> /* need CAP_BPF, CAP_NET_ADMIN, CAP_PERFMON to load progs */
> #define ADMIN_CAPS (1ULL << CAP_NET_ADMIN | \
> @@ -74,6 +75,7 @@
> 1ULL << CAP_BPF)
> #define UNPRIV_SYSCTL "kernel/unprivileged_bpf_disabled"
> static bool unpriv_disabled = false;
> +static bool jit_disabled;
> static int skips;
> static bool verbose = false;
> static int verif_log_level = 0;
> @@ -1524,6 +1526,13 @@ static void do_test_single(struct bpf_test *test, bool unpriv,
> __u32 pflags;
> int i, err;
>
> + if ((test->flags & F_NEEDS_JIT_ENABLED) && jit_disabled) {
> + printf("SKIP (callbacks are not allowed in non-JITed programs)\n");
This should be more generic "SKIP (test requires JIT)" or something.
Whoever will apply this can fix it up, don't resend.
> + skips++;
> + sched_yield();
not sure why we need sched_yield(), tbh? It probably won't hurt, though.
> + return;
> + }
> +
> fd_prog = -1;
> for (i = 0; i < MAX_NR_MAPS; i++)
> map_fds[i] = -1;
> @@ -1844,6 +1853,8 @@ int main(int argc, char **argv)
> return EXIT_FAILURE;
> }
>
> + jit_disabled = !is_jit_enabled();
> +
> /* Use libbpf 1.0 API mode */
> libbpf_set_strict_mode(LIBBPF_STRICT_ALL);
>
> diff --git a/tools/testing/selftests/bpf/verifier/bpf_loop_inline.c b/tools/testing/selftests/bpf/verifier/bpf_loop_inline.c
> index a535d41dc20d..59125b22ae39 100644
> --- a/tools/testing/selftests/bpf/verifier/bpf_loop_inline.c
> +++ b/tools/testing/selftests/bpf/verifier/bpf_loop_inline.c
> @@ -57,6 +57,7 @@
> .expected_insns = { PSEUDO_CALL_INSN() },
> .unexpected_insns = { HELPER_CALL_INSN() },
> .prog_type = BPF_PROG_TYPE_TRACEPOINT,
> + .flags = F_NEEDS_JIT_ENABLED,
> .result = ACCEPT,
> .runs = 0,
> .func_info = { { 0, MAIN_TYPE }, { 12, CALLBACK_TYPE } },
> @@ -90,6 +91,7 @@
> .expected_insns = { HELPER_CALL_INSN() },
> .unexpected_insns = { PSEUDO_CALL_INSN() },
> .prog_type = BPF_PROG_TYPE_TRACEPOINT,
> + .flags = F_NEEDS_JIT_ENABLED,
> .result = ACCEPT,
> .runs = 0,
> .func_info = { { 0, MAIN_TYPE }, { 16, CALLBACK_TYPE } },
> @@ -127,6 +129,7 @@
> .expected_insns = { HELPER_CALL_INSN() },
> .unexpected_insns = { PSEUDO_CALL_INSN() },
> .prog_type = BPF_PROG_TYPE_TRACEPOINT,
> + .flags = F_NEEDS_JIT_ENABLED,
> .result = ACCEPT,
> .runs = 0,
> .func_info = {
> @@ -165,6 +168,7 @@
> .expected_insns = { PSEUDO_CALL_INSN() },
> .unexpected_insns = { HELPER_CALL_INSN() },
> .prog_type = BPF_PROG_TYPE_TRACEPOINT,
> + .flags = F_NEEDS_JIT_ENABLED,
> .result = ACCEPT,
> .runs = 0,
> .func_info = {
> @@ -235,6 +239,7 @@
> },
> .unexpected_insns = { HELPER_CALL_INSN() },
> .prog_type = BPF_PROG_TYPE_TRACEPOINT,
> + .flags = F_NEEDS_JIT_ENABLED,
> .result = ACCEPT,
> .func_info = {
> { 0, MAIN_TYPE },
> @@ -252,6 +257,7 @@
> .unexpected_insns = { HELPER_CALL_INSN() },
> .result = ACCEPT,
> .prog_type = BPF_PROG_TYPE_TRACEPOINT,
> + .flags = F_NEEDS_JIT_ENABLED,
> .func_info = { { 0, MAIN_TYPE }, { 16, CALLBACK_TYPE } },
> .func_info_cnt = 2,
> BTF_TYPES
> --
> 2.42.0
>
Powered by blists - more mailing lists