| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 17 Dec 2018 10:25:48 -0800
From: Stanislav Fomichev <sdf@...gle.com>
To: netdev@...r.kernel.org, ast@...nel.org
Cc: davem@...emloft.net, daniel@...earbox.net, ecree@...arflare.com,
quentin.monnet@...ronome.com, Stanislav Fomichev <sdf@...gle.com>
Subject: [PATCH bpf-next v2 0/6] skip verifier/map tests if kernel support is missing
If test_maps/test_verifier is running against the kernel which doesn't
have _all_ BPF features enabled, it fails with an error. This patch
series tries to probe kernel support for each failed test and skip
it instead. This lets users run BPF selftests in the not-all-bpf-yes
environments and received correct PASS/NON-PASS result.
See https://www.spinics.net/lists/netdev/msg539331.html for more
context.
The series goes like this:
* patch #1 adds bpf_prog_type_supported() and
bpf_map_type_supported() which query the kernel (insert 'return 0'
program or try to create empty map with correct key/value sizes) and
return supported/unsupported.
Note: this functionality can later be reimplemented on top of Quentin's
recent 'bpftool feature' patchset if he decides to move the probes
into libbpf.
* patch #2 skips sockmap tests in test_maps.c if BPF_MAP_TYPE_SOCKMAP
map is not supported (if bpf_create_map fails, we probe the kernel
for support)
* patch #3 skips verifier tests if test->prog_type is not supported (if
bpf_verify_program fails, we probe the kernel for support)
* patch #4 skips verifier tests if test fixup map is not supported (if
create_map fails, we probe the kernel for support)
Note: we can probably move this probe into create_map helper and
return some argument instead of adding skip_unsupported_map()
to each fixup; but I'm not sure it's better.
Also note: in current implementation we still print 'Failed to
create hash map' from the create_map, but still skip the test.
* next patches fix various small issues that arise from the first four:
* patch #5 sets "unknown func bpf_trace_printk#6" prog_type to
BPF_PROG_TYPE_TRACEPOINT so it is correctly skipped in
CONFIG_BPF_EVENTS=n case
* patch #6 exposes BPF_PROG_TYPE_CGROUP_{SKB,SOCK,SOCK_ADDR} only when
CONFIG_CGROUP_BPF=y, this makes verifier correctly skip appropriate
tests
v2 changes:
* don't sprinkle "ifdef CONFIG_CGROUP_BPF" all around net/core/filter.c,
doing it only in the bpf_types.h is enough to disable
BPF_PROG_TYPE_CGROUP_{SKB,SOCK,SOCK_ADDR} prog types for non-cgroup
enabled kernels
Stanislav Fomichev (6):
selftests/bpf: add map/prog type probe helpers
selftests/bpf: skip sockmap in test_maps if kernel doesn't have
support
selftests/bpf: skip verifier tests for unsupported program types
selftests/bpf: skip verifier tests for unsupported map types
selftests/bpf: mark verifier test that uses bpf_trace_printk as
BPF_PROG_TYPE_TRACEPOINT
bpf: BPF_PROG_TYPE_CGROUP_{SKB,SOCK,SOCK_ADDR} require cgroups enabled
include/linux/bpf_types.h | 2 +
tools/testing/selftests/bpf/Makefile | 2 +
tools/testing/selftests/bpf/probe_helpers.c | 68 +++++++++++++++++++++
tools/testing/selftests/bpf/probe_helpers.h | 10 +++
tools/testing/selftests/bpf/test_maps.c | 14 ++++-
tools/testing/selftests/bpf/test_verifier.c | 44 +++++++++++--
6 files changed, 135 insertions(+), 5 deletions(-)
create mode 100644 tools/testing/selftests/bpf/probe_helpers.c
create mode 100644 tools/testing/selftests/bpf/probe_helpers.h
--
2.20.0.405.gbc1bbc6f85-goog
Powered by blists - more mailing lists