| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 24 Jul 2019 15:33:09 -0700
From: Song Liu <liu.song.a23@...il.com>
To: Stanislav Fomichev <sdf@...gle.com>
Cc: Networking <netdev@...r.kernel.org>, bpf <bpf@...r.kernel.org>,
"David S . Miller" <davem@...emloft.net>,
Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Willem de Bruijn <willemb@...gle.com>,
Petar Penkov <ppenkov@...gle.com>
Subject: Re: [PATCH bpf-next 3/7] bpf/flow_dissector: support flags in BPF_PROG_TEST_RUN
On Wed, Jul 24, 2019 at 10:11 AM Stanislav Fomichev <sdf@...gle.com> wrote:
>
> This will allow us to write tests for those flags.
>
> Cc: Willem de Bruijn <willemb@...gle.com>
> Cc: Petar Penkov <ppenkov@...gle.com>
> Signed-off-by: Stanislav Fomichev <sdf@...gle.com>
Acked-by: Song Liu <songliubraving@...com>
> ---
> net/bpf/test_run.c | 39 +++++++++++++++++++++++++++++++++++----
> 1 file changed, 35 insertions(+), 4 deletions(-)
>
> diff --git a/net/bpf/test_run.c b/net/bpf/test_run.c
> index 4e41d15a1098..444a7baed791 100644
> --- a/net/bpf/test_run.c
> +++ b/net/bpf/test_run.c
> @@ -377,6 +377,22 @@ int bpf_prog_test_run_xdp(struct bpf_prog *prog, const union bpf_attr *kattr,
> return ret;
> }
>
> +static int verify_user_bpf_flow_keys(struct bpf_flow_keys *ctx)
> +{
> + /* make sure the fields we don't use are zeroed */
> + if (!range_is_zero(ctx, 0, offsetof(struct bpf_flow_keys, flags)))
> + return -EINVAL;
> +
> + /* flags is allowed */
> +
> + if (!range_is_zero(ctx, offsetof(struct bpf_flow_keys, flags) +
> + FIELD_SIZEOF(struct bpf_flow_keys, flags),
> + sizeof(struct bpf_flow_keys)))
> + return -EINVAL;
> +
> + return 0;
> +}
> +
> int bpf_prog_test_run_flow_dissector(struct bpf_prog *prog,
> const union bpf_attr *kattr,
> union bpf_attr __user *uattr)
> @@ -384,9 +400,11 @@ int bpf_prog_test_run_flow_dissector(struct bpf_prog *prog,
> u32 size = kattr->test.data_size_in;
> struct bpf_flow_dissector ctx = {};
> u32 repeat = kattr->test.repeat;
> + struct bpf_flow_keys *user_ctx;
> struct bpf_flow_keys flow_keys;
> u64 time_start, time_spent = 0;
> const struct ethhdr *eth;
> + unsigned int flags = 0;
> u32 retval, duration;
> void *data;
> int ret;
> @@ -395,9 +413,6 @@ int bpf_prog_test_run_flow_dissector(struct bpf_prog *prog,
> if (prog->type != BPF_PROG_TYPE_FLOW_DISSECTOR)
> return -EINVAL;
>
> - if (kattr->test.ctx_in || kattr->test.ctx_out)
> - return -EINVAL;
> -
> if (size < ETH_HLEN)
> return -EINVAL;
>
> @@ -410,6 +425,18 @@ int bpf_prog_test_run_flow_dissector(struct bpf_prog *prog,
> if (!repeat)
> repeat = 1;
>
> + user_ctx = bpf_ctx_init(kattr, sizeof(struct bpf_flow_keys));
> + if (IS_ERR(user_ctx)) {
> + kfree(data);
> + return PTR_ERR(user_ctx);
> + }
> + if (user_ctx) {
> + ret = verify_user_bpf_flow_keys(user_ctx);
> + if (ret)
> + goto out;
> + flags = user_ctx->flags;
> + }
> +
> ctx.flow_keys = &flow_keys;
> ctx.data = data;
> ctx.data_end = (__u8 *)data + size;
> @@ -419,7 +446,7 @@ int bpf_prog_test_run_flow_dissector(struct bpf_prog *prog,
> time_start = ktime_get_ns();
> for (i = 0; i < repeat; i++) {
> retval = bpf_flow_dissect(prog, &ctx, eth->h_proto, ETH_HLEN,
> - size, 0);
> + size, flags);
>
> if (signal_pending(current)) {
> preempt_enable();
> @@ -450,8 +477,12 @@ int bpf_prog_test_run_flow_dissector(struct bpf_prog *prog,
>
> ret = bpf_test_finish(kattr, uattr, &flow_keys, sizeof(flow_keys),
> retval, duration);
> + if (!ret)
> + ret = bpf_ctx_finish(kattr, uattr, user_ctx,
> + sizeof(struct bpf_flow_keys));
>
> out:
> kfree(data);
> + kfree(user_ctx);
nit: it is not really necessary now, but maybe put kfree(user_ctx)
before kfree(data).
> return ret;
> }
> --
> 2.22.0.657.g960e92d24f-goog
>
Powered by blists - more mailing lists