lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 15 Jan 2020 14:12:46 +0100 From: "Eelco Chaudron" <echaudro@...hat.com> To: "Andrii Nakryiko" <andrii.nakryiko@...il.com>, maciej.fijalkowski@...el.com Cc: bpf <bpf@...r.kernel.org>, "David S. Miller" <davem@...emloft.net>, "Alexei Starovoitov" <ast@...nel.org>, Networking <netdev@...r.kernel.org> Subject: Re: [PATCH bpf-next v2] selftests/bpf: Add a test for attaching a bpf fentry/fexit trace to an XDP program Andrii and Maciej thanks for your reviews, I’ve addressed all your comments, and will send out a v3 soon… //Eelco On 14 Jan 2020, at 19:49, Andrii Nakryiko wrote: > On Tue, Jan 14, 2020 at 7:58 AM Eelco Chaudron <echaudro@...hat.com> > wrote: >> >> Add a test that will attach a FENTRY and FEXIT program to the XDP >> test >> program. It will also verify data from the XDP context on FENTRY and >> verifies the return code on exit. >> >> Signed-off-by: Eelco Chaudron <echaudro@...hat.com> >> >> --- >> v1 -> v2: >> - Changed code to use the BPF skeleton >> - Replace static volatile with global variable in eBPF code >> >> .../testing/selftests/bpf/prog_tests/xdp_bpf2bpf.c | 69 >> ++++++++++++++++++++ >> .../testing/selftests/bpf/progs/test_xdp_bpf2bpf.c | 44 >> +++++++++++++ >> 2 files changed, 113 insertions(+) >> create mode 100644 >> tools/testing/selftests/bpf/prog_tests/xdp_bpf2bpf.c >> create mode 100644 >> tools/testing/selftests/bpf/progs/test_xdp_bpf2bpf.c >> >> diff --git a/tools/testing/selftests/bpf/prog_tests/xdp_bpf2bpf.c >> b/tools/testing/selftests/bpf/prog_tests/xdp_bpf2bpf.c >> new file mode 100644 >> index 000000000000..e6e849df2632 >> --- /dev/null >> +++ b/tools/testing/selftests/bpf/prog_tests/xdp_bpf2bpf.c >> @@ -0,0 +1,69 @@ >> +// SPDX-License-Identifier: GPL-2.0 >> +#include <test_progs.h> >> +#include <net/if.h> >> +#include "test_xdp.skel.h" >> +#include "test_xdp_bpf2bpf.skel.h" >> + >> +void test_xdp_bpf2bpf(void) >> +{ >> + > > extra line > >> + struct test_xdp *pkt_skel = NULL; >> + struct test_xdp_bpf2bpf *ftrace_skel = NULL; > > something with indentation? > >> + __u64 *ftrace_res; >> + > > variable declarations shouldn't be split, probably? > >> + struct vip key4 = {.protocol = 6, .family = AF_INET}; >> + struct iptnl_info value4 = {.family = AF_INET}; >> + char buf[128]; >> + struct iphdr *iph = (void *)buf + sizeof(struct ethhdr); >> + __u32 duration = 0, retval, size; >> + int err, pkt_fd, map_fd; >> + >> + /* Load XDP program to introspect */ >> + pkt_skel = test_xdp__open_and_load(); >> + if (CHECK(!pkt_skel, "pkt_skel_load", "test_xdp skeleton >> failed\n")) >> + return; >> + >> + pkt_fd = bpf_program__fd(pkt_skel->progs._xdp_tx_iptunnel); >> + >> + map_fd = bpf_map__fd(pkt_skel->maps.vip2tnl); >> + bpf_map_update_elem(map_fd, &key4, &value4, 0); >> + >> + DECLARE_LIBBPF_OPTS(bpf_object_open_opts, opts, >> + .attach_prog_fd = pkt_fd, >> + ); > > DECLARE_LIBBPF_OPTS is a variable declaration, so should go together > with all other declarations. Compiler should complain about this, but > I guess selftests/bpf Makefile doesn't have necessary flags, that > other kernel code has. You can declare opts first and then initialize > some extra fields later: > > DECLARE_LIBBPF_OPTS(bpf_object_open_opts, opts); > > ... later in code ... > > opts.attach_prog_fd = pkt_fd; > > >> + >> + ftrace_skel = test_xdp_bpf2bpf__open_opts(&opts); >> + if (CHECK(!ftrace_skel, "__open", "ftrace skeleton >> failed\n")) >> + goto out; >> + >> + if (CHECK(test_xdp_bpf2bpf__load(ftrace_skel), "__load", >> "ftrace skeleton failed\n")) >> + goto out; > > for consistency with attach check below and for readability, move out > load call into separate statement, it's easy to miss when it is inside > CHECK() > >> + >> + err = test_xdp_bpf2bpf__attach(ftrace_skel); >> + if (CHECK(err, "ftrace_attach", "ftrace attach failed: %d\n", >> err)) >> + goto out; >> + >> + /* Run test program */ >> + err = bpf_prog_test_run(pkt_fd, 1, &pkt_v4, sizeof(pkt_v4), >> + buf, &size, &retval, &duration); >> + >> + CHECK(err || retval != XDP_TX || size != 74 || >> + iph->protocol != IPPROTO_IPIP, "ipv4", >> + "err %d errno %d retval %d size %d\n", >> + err, errno, retval, size); > > should it goto out here as well? > >> + >> + /* Verify test results */ >> + ftrace_res = (__u64 *)ftrace_skel->bss; >> + >> + if (CHECK(ftrace_res[0] != if_nametoindex("lo"), "result", >> + "fentry failed err %llu\n", ftrace_res[0])) >> + goto out; >> + >> + if (CHECK(ftrace_res[1] != XDP_TX, "result", >> + "fexit failed err %llu\n", ftrace_res[1])) >> + goto out; > > why this casting? You can do access those variables much more > naturally with ftrace_skel->bss->test_result_fentry and > ftrace_skel->bss->test_result_fexit without making dangerous > assumptions about their offsets within data section. > > >> + >> +out: >> + test_xdp__destroy(pkt_skel); >> + test_xdp_bpf2bpf__destroy(ftrace_skel); >> +} >> diff --git a/tools/testing/selftests/bpf/progs/test_xdp_bpf2bpf.c >> b/tools/testing/selftests/bpf/progs/test_xdp_bpf2bpf.c >> new file mode 100644 >> index 000000000000..74c78b30ae07 >> --- /dev/null >> +++ b/tools/testing/selftests/bpf/progs/test_xdp_bpf2bpf.c >> @@ -0,0 +1,44 @@ >> +// SPDX-License-Identifier: GPL-2.0 >> +#include <linux/bpf.h> >> +#include "bpf_helpers.h" >> +#include "bpf_trace_helpers.h" >> + >> +struct net_device { >> + /* Structure does not need to contain all entries, >> + * as "preserve_access_index" will use BTF to fix this... >> + */ >> + int ifindex; >> +} __attribute__((preserve_access_index)); >> + >> +struct xdp_rxq_info { >> + /* Structure does not need to contain all entries, >> + * as "preserve_access_index" will use BTF to fix this... >> + */ >> + struct net_device *dev; >> + __u32 queue_index; >> +} __attribute__((preserve_access_index)); >> + >> +struct xdp_buff { >> + void *data; >> + void *data_end; >> + void *data_meta; >> + void *data_hard_start; >> + unsigned long handle; >> + struct xdp_rxq_info *rxq; >> +} __attribute__((preserve_access_index)); >> + >> +__u64 test_result_fentry = 0; >> +BPF_TRACE_1("fentry/_xdp_tx_iptunnel", trace_on_entry, >> + struct xdp_buff *, xdp) > > BPF_TRACE_x is no more, see BPF_PROG and how it's used for > fentry/fexit tests: > > SEC("fentry/_xdp_tx_iptunnel") > int BPF_PROG(trace_on_entry, struct xdp_buff *xdp) > >> +{ >> + test_result_fentry = xdp->rxq->dev->ifindex; >> + return 0; >> +} >> + >> +__u64 test_result_fexit = 0; >> +BPF_TRACE_2("fexit/_xdp_tx_iptunnel", trace_on_exit, >> + struct xdp_buff*, xdp, int, ret) >> +{ >> + test_result_fexit = ret; >> + return 0; >> +} >>
Powered by blists - more mailing lists