| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 6 May 2020 18:09:42 -0700
From: Yonghong Song <yhs@...com>
To: Andrii Nakryiko <andrii.nakryiko@...il.com>
CC: Andrii Nakryiko <andriin@...com>, bpf <bpf@...r.kernel.org>,
Martin KaFai Lau <kafai@...com>,
Networking <netdev@...r.kernel.org>,
Alexei Starovoitov <ast@...com>,
Daniel Borkmann <daniel@...earbox.net>,
Kernel Team <kernel-team@...com>
Subject: Re: [PATCH bpf-next v2 18/20] tools/bpf: selftests: add iterator
programs for ipv6_route and netlink
On 5/5/20 11:01 PM, Andrii Nakryiko wrote:
> On Sun, May 3, 2020 at 11:30 PM Yonghong Song <yhs@...com> wrote:
>>
>> Two bpf programs are added in this patch for netlink and ipv6_route
>> target. On my VM, I am able to achieve identical
>> results compared to /proc/net/netlink and /proc/net/ipv6_route.
>>
>> $ cat /proc/net/netlink
>> sk Eth Pid Groups Rmem Wmem Dump Locks Drops Inode
>> 000000002c42d58b 0 0 00000000 0 0 0 2 0 7
>> 00000000a4e8b5e1 0 1 00000551 0 0 0 2 0 18719
>> 00000000e1b1c195 4 0 00000000 0 0 0 2 0 16422
>> 000000007e6b29f9 6 0 00000000 0 0 0 2 0 16424
>> ....
>> 00000000159a170d 15 1862 00000002 0 0 0 2 0 1886
>> 000000009aca4bc9 15 3918224839 00000002 0 0 0 2 0 19076
>> 00000000d0ab31d2 15 1 00000002 0 0 0 2 0 18683
>> 000000008398fb08 16 0 00000000 0 0 0 2 0 27
>> $ cat /sys/fs/bpf/my_netlink
>> sk Eth Pid Groups Rmem Wmem Dump Locks Drops Inode
>> 000000002c42d58b 0 0 00000000 0 0 0 2 0 7
>> 00000000a4e8b5e1 0 1 00000551 0 0 0 2 0 18719
>> 00000000e1b1c195 4 0 00000000 0 0 0 2 0 16422
>> 000000007e6b29f9 6 0 00000000 0 0 0 2 0 16424
>> ....
>> 00000000159a170d 15 1862 00000002 0 0 0 2 0 1886
>> 000000009aca4bc9 15 3918224839 00000002 0 0 0 2 0 19076
>> 00000000d0ab31d2 15 1 00000002 0 0 0 2 0 18683
>> 000000008398fb08 16 0 00000000 0 0 0 2 0 27
>>
>> $ cat /proc/net/ipv6_route
>> fe800000000000000000000000000000 40 00000000000000000000000000000000 00 00000000000000000000000000000000 00000100 00000001 00000000 00000001 eth0
>> 00000000000000000000000000000000 00 00000000000000000000000000000000 00 00000000000000000000000000000000 ffffffff 00000001 00000000 00200200 lo
>> 00000000000000000000000000000001 80 00000000000000000000000000000000 00 00000000000000000000000000000000 00000000 00000003 00000000 80200001 lo
>> fe80000000000000c04b03fffe7827ce 80 00000000000000000000000000000000 00 00000000000000000000000000000000 00000000 00000002 00000000 80200001 eth0
>> ff000000000000000000000000000000 08 00000000000000000000000000000000 00 00000000000000000000000000000000 00000100 00000003 00000000 00000001 eth0
>> 00000000000000000000000000000000 00 00000000000000000000000000000000 00 00000000000000000000000000000000 ffffffff 00000001 00000000 00200200 lo
>> $ cat /sys/fs/bpf/my_ipv6_route
>> fe800000000000000000000000000000 40 00000000000000000000000000000000 00 00000000000000000000000000000000 00000100 00000001 00000000 00000001 eth0
>> 00000000000000000000000000000000 00 00000000000000000000000000000000 00 00000000000000000000000000000000 ffffffff 00000001 00000000 00200200 lo
>> 00000000000000000000000000000001 80 00000000000000000000000000000000 00 00000000000000000000000000000000 00000000 00000003 00000000 80200001 lo
>> fe80000000000000c04b03fffe7827ce 80 00000000000000000000000000000000 00 00000000000000000000000000000000 00000000 00000002 00000000 80200001 eth0
>> ff000000000000000000000000000000 08 00000000000000000000000000000000 00 00000000000000000000000000000000 00000100 00000003 00000000 00000001 eth0
>> 00000000000000000000000000000000 00 00000000000000000000000000000000 00 00000000000000000000000000000000 ffffffff 00000001 00000000 00200200 lo
>>
>> Signed-off-by: Yonghong Song <yhs@...com>
>> ---
>
> Looks good, but something weird with printf below...
>
> Acked-by: Andrii Nakryiko <andriin@...com>
>
>> .../selftests/bpf/progs/bpf_iter_ipv6_route.c | 63 ++++++++++++++++
>> .../selftests/bpf/progs/bpf_iter_netlink.c | 74 +++++++++++++++++++
>> 2 files changed, 137 insertions(+)
>> create mode 100644 tools/testing/selftests/bpf/progs/bpf_iter_ipv6_route.c
>> create mode 100644 tools/testing/selftests/bpf/progs/bpf_iter_netlink.c
>>
>> diff --git a/tools/testing/selftests/bpf/progs/bpf_iter_ipv6_route.c b/tools/testing/selftests/bpf/progs/bpf_iter_ipv6_route.c
>> new file mode 100644
>> index 000000000000..0dee4629298f
>> --- /dev/null
>> +++ b/tools/testing/selftests/bpf/progs/bpf_iter_ipv6_route.c
>> @@ -0,0 +1,63 @@
>> +// SPDX-License-Identifier: GPL-2.0
>> +/* Copyright (c) 2020 Facebook */
>> +#include "vmlinux.h"
>> +#include <bpf/bpf_helpers.h>
>> +#include <bpf/bpf_tracing.h>
>> +#include <bpf/bpf_endian.h>
>> +
>> +char _license[] SEC("license") = "GPL";
>> +
>> +extern bool CONFIG_IPV6_SUBTREES __kconfig __weak;
>> +
>> +#define RTF_GATEWAY 0x0002
>> +#define IFNAMSIZ 16
>
> nit: these look weirdly unaligned :)
>
>> +#define fib_nh_gw_family nh_common.nhc_gw_family
>> +#define fib_nh_gw6 nh_common.nhc_gw.ipv6
>> +#define fib_nh_dev nh_common.nhc_dev
>> +
>
> [...]
>
>
>> + dev = fib6_nh->fib_nh_dev;
>> + if (dev)
>> + BPF_SEQ_PRINTF(seq, "%08x %08x %08x %08x %8s\n", rt->fib6_metric,
>> + rt->fib6_ref.refs.counter, 0, flags, dev->name);
>> + else
>> + BPF_SEQ_PRINTF(seq, "%08x %08x %08x %08x %8s\n", rt->fib6_metric,
>> + rt->fib6_ref.refs.counter, 0, flags);
>
> hmm... how does it work? you specify 4 params, but format string
> expects 5. Shouldn't this fail?
Thanks for catching this. Unfortunately, we can only detech this at
runtime when BPF_SEQ_PRINTF is executed since only then we do
format/argument checking.
In the above, if I flip condition "if (dev)" to "if (!dev)", the
BPF_SEQ_PRRINTF will not print anything and returns -EINVAL.
I am wondering whether verifier should do some verification at prog load
time to ensure
# of args in packed u64 array >= # of format specifier
This should capture this case. Or we just assume users should do
adequate testing to capture such cases.
Note that this won't affect safety of the program so it is totally
okay for verifier to delay the checking to runtime.
>
>> +
>> + return 0;
>> +}
>> diff --git a/tools/testing/selftests/bpf/progs/bpf_iter_netlink.c b/tools/testing/selftests/bpf/progs/bpf_iter_netlink.c
>> new file mode 100644
>> index 000000000000..0a85a621a36d
>> --- /dev/null
>> +++ b/tools/testing/selftests/bpf/progs/bpf_iter_netlink.c
>> @@ -0,0 +1,74 @@
>> +// SPDX-License-Identifier: GPL-2.0
>> +/* Copyright (c) 2020 Facebook */
>> +#include "vmlinux.h"
>> +#include <bpf/bpf_helpers.h>
>> +#include <bpf/bpf_tracing.h>
>> +#include <bpf/bpf_endian.h>
>> +
>> +char _license[] SEC("license") = "GPL";
>> +
>> +#define sk_rmem_alloc sk_backlog.rmem_alloc
>> +#define sk_refcnt __sk_common.skc_refcnt
>> +
>> +#define offsetof(TYPE, MEMBER) ((size_t)&((TYPE *)0)->MEMBER)
>> +#define container_of(ptr, type, member) \
>> + ({ \
>> + void *__mptr = (void *)(ptr); \
>> + ((type *)(__mptr - offsetof(type, member))); \
>> + })
>
> we should probably put offsetof(), offsetofend() and container_of()
> macro into bpf_helpers.h, seems like universal things for kernel
> datastructs :)
>
> [...]
>
Powered by blists - more mailing lists