lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 9 Oct 2019 09:33:41 -0700
From:   Stanislav Fomichev <sdf@...ichev.me>
To:     Jakub Sitnicki <jakub@...udflare.com>
Cc:     bpf@...r.kernel.org, netdev@...r.kernel.org,
        kernel-team@...udflare.com, Stanislav Fomichev <sdf@...gle.com>
Subject: Re: [PATH bpf-next 2/2] selftests/bpf: Check that flow dissector can
 be re-attached

On 10/09, Jakub Sitnicki wrote:
> Make sure a new flow dissector program can be attached to replace the old
> one with a single syscall. Also check that attaching the same program twice
> is prohibited.
Overall the series looks good, left a bunch of nits/questions below.

> Signed-off-by: Jakub Sitnicki <jakub@...udflare.com>
> ---
>  .../bpf/prog_tests/flow_dissector_reattach.c  | 93 +++++++++++++++++++
>  1 file changed, 93 insertions(+)
>  create mode 100644 tools/testing/selftests/bpf/prog_tests/flow_dissector_reattach.c
> 
> diff --git a/tools/testing/selftests/bpf/prog_tests/flow_dissector_reattach.c b/tools/testing/selftests/bpf/prog_tests/flow_dissector_reattach.c
> new file mode 100644
> index 000000000000..0f0006c93956
> --- /dev/null
> +++ b/tools/testing/selftests/bpf/prog_tests/flow_dissector_reattach.c
> @@ -0,0 +1,93 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * Test that the flow_dissector program can be updated with a single
> + * syscall by attaching a new program that replaces the existing one.
> + *
> + * Corner case - the same program cannot be attached twice.
> + */
> +#include <errno.h>
> +#include <fcntl.h>
> +#include <stdbool.h>
> +#include <unistd.h>
> +
> +#include <linux/bpf.h>
> +#include <bpf/bpf.h>
> +
> +#include "test_progs.h"
> +
[..]
> +/* Not used here. For CHECK macro sake only. */
> +static int duration;
nit: you can use CHECK_FAIL macro instead which doesn't require this.

if (CHECK_FAIL(expr)) {
	printf("something bad has happened\n");
	return/goto;
}

It may be more verbose than doing CHECK() with its embedded error
message, so I leave it up to you to decide on whether you want to switch
to CHECK_FAIL or stick to CHECK.

> +static bool is_attached(void)
> +{
> +	bool attached = true;
> +	int err, net_fd = -1;
nit: maybe don't need to initialize net_fd to -1 here as well.

> +	__u32 cnt;
> +
> +	net_fd = open("/proc/self/ns/net", O_RDONLY);
> +	if (net_fd < 0)
> +		goto out;
> +
> +	err = bpf_prog_query(net_fd, BPF_FLOW_DISSECTOR, 0, NULL, NULL, &cnt);
> +	if (CHECK(err, "bpf_prog_query", "ret %d errno %d\n", err, errno))
> +		goto out;
> +
> +	attached = (cnt > 0);
> +out:
> +	close(net_fd);
> +	return attached;
> +}
> +
> +static int load_prog(void)
> +{
> +	struct bpf_insn prog[] = {
> +		BPF_MOV64_IMM(BPF_REG_0, BPF_OK),
> +		BPF_EXIT_INSN(),
> +	};
> +	int fd;
> +
> +	fd = bpf_load_program(BPF_PROG_TYPE_FLOW_DISSECTOR, prog,
> +			      ARRAY_SIZE(prog), "GPL", 0, NULL, 0);
> +	CHECK(fd < 0, "bpf_load_program", "ret %d errno %d\n", fd, errno);
> +
> +	return fd;
> +}
> +
> +void test_flow_dissector_reattach(void)
> +{
> +	int prog_fd[2] = { -1, -1 };
> +	int err;
> +
> +	if (is_attached())
> +		return;
Should we call test__skip() here to indicate that the test has been
skipped?
Also, do we need to run this test against non-root namespace as well?

> +	prog_fd[0] = load_prog();
> +	if (prog_fd[0] < 0)
> +		return;
> +
> +	prog_fd[1] = load_prog();
> +	if (prog_fd[1] < 0)
> +		goto out_close;
> +
> +	err = bpf_prog_attach(prog_fd[0], 0, BPF_FLOW_DISSECTOR, 0);
> +	if (CHECK(err, "bpf_prog_attach-0", "ret %d errno %d\n", err, errno))
> +		goto out_close;
> +
> +	/* Expect success when attaching a different program */
> +	err = bpf_prog_attach(prog_fd[1], 0, BPF_FLOW_DISSECTOR, 0);
> +	if (CHECK(err, "bpf_prog_attach-1", "ret %d errno %d\n", err, errno))
> +		goto out_detach;
> +
> +	/* Expect failure when attaching the same program twice */
> +	err = bpf_prog_attach(prog_fd[1], 0, BPF_FLOW_DISSECTOR, 0);
> +	CHECK(!err || errno != EINVAL, "bpf_prog_attach-2",
> +	      "ret %d errno %d\n", err, errno);
> +
> +out_detach:
> +	err = bpf_prog_detach(0, BPF_FLOW_DISSECTOR);
> +	CHECK(err, "bpf_prog_detach", "ret %d errno %d\n", err, errno);
> +
> +out_close:
> +	close(prog_fd[1]);
> +	close(prog_fd[0]);
> +}
> -- 
> 2.20.1
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ