lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 21 May 2020 12:03:44 -0700
From:   John Fastabend <john.fastabend@...il.com>
To:     Andrii Nakryiko <andrii.nakryiko@...il.com>,
        John Fastabend <john.fastabend@...il.com>
Cc:     Yonghong Song <yhs@...com>, Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        Lorenz Bauer <lmb@...udflare.com>, bpf <bpf@...r.kernel.org>,
        Jakub Sitnicki <jakub@...udflare.com>,
        Networking <netdev@...r.kernel.org>
Subject: Re: [bpf-next PATCH v3 4/5] bpf: selftests, add sk_msg helpers load
 and attach test

Andrii Nakryiko wrote:
> On Thu, May 21, 2020 at 7:36 AM John Fastabend <john.fastabend@...il.com> wrote:
> >
> > The test itself is not particularly useful but it encodes a common
> > pattern we have.
> >
> > Namely do a sk storage lookup then depending on data here decide if
> > we need to do more work or alternatively allow packet to PASS. Then
> > if we need to do more work consult task_struct for more information
> > about the running task. Finally based on this additional information
> > drop or pass the data. In this case the suspicious check is not so
> > realisitic but it encodes the general pattern and uses the helpers
> > so we test the workflow.
> >
> > This is a load test to ensure verifier correctly handles this case.
> >
> > Signed-off-by: John Fastabend <john.fastabend@...il.com>
> > ---
> >  .../selftests/bpf/prog_tests/sockmap_basic.c       |   57 ++++++++++++++++++++
> >  .../selftests/bpf/progs/test_skmsg_load_helpers.c  |   48 +++++++++++++++++
> >  2 files changed, 105 insertions(+)
> >  create mode 100644 tools/testing/selftests/bpf/progs/test_skmsg_load_helpers.c
> >
> > diff --git a/tools/testing/selftests/bpf/prog_tests/sockmap_basic.c b/tools/testing/selftests/bpf/prog_tests/sockmap_basic.c
> > index aa43e0b..cacb4ad 100644
> > --- a/tools/testing/selftests/bpf/prog_tests/sockmap_basic.c
> > +++ b/tools/testing/selftests/bpf/prog_tests/sockmap_basic.c
> > @@ -1,13 +1,46 @@
> >  // SPDX-License-Identifier: GPL-2.0
> >  // Copyright (c) 2020 Cloudflare
> > +#include <error.h>
> >
> >  #include "test_progs.h"
> > +#include "test_skmsg_load_helpers.skel.h"
> >
> >  #define TCP_REPAIR             19      /* TCP sock is under repair right now */
> >
> >  #define TCP_REPAIR_ON          1
> >  #define TCP_REPAIR_OFF_NO_WP   -1      /* Turn off without window probes */
> >
> > +#define _FAIL(errnum, fmt...)                                                  \
> > +       ({                                                                     \
> > +               error_at_line(0, (errnum), __func__, __LINE__, fmt);           \
> > +               CHECK_FAIL(true);                                              \
> > +       })
> > +#define FAIL(fmt...) _FAIL(0, fmt)
> > +#define FAIL_ERRNO(fmt...) _FAIL(errno, fmt)
> > +#define FAIL_LIBBPF(err, msg)                                                  \
> > +       ({                                                                     \
> > +               char __buf[MAX_STRERR_LEN];                                    \
> > +               libbpf_strerror((err), __buf, sizeof(__buf));                  \
> > +               FAIL("%s: %s", (msg), __buf);                                  \
> > +       })
> > +
> > +#define xbpf_prog_attach(prog, target, type, flags)                            \
> > +       ({                                                                     \
> > +               int __ret =                                                    \
> > +                       bpf_prog_attach((prog), (target), (type), (flags));    \
> > +               if (__ret == -1)                                               \
> > +                       FAIL_ERRNO("prog_attach(" #type ")");                  \
> > +               __ret;                                                         \
> > +       })
> > +
> > +#define xbpf_prog_detach2(prog, target, type)                                  \
> > +       ({                                                                     \
> > +               int __ret = bpf_prog_detach2((prog), (target), (type));        \
> > +               if (__ret == -1)                                               \
> > +                       FAIL_ERRNO("prog_detach2(" #type ")");                 \
> > +               __ret;                                                         \
> > +       })
> 
> I'm not convinced we need these macro, can you please just use CHECKs?
> I'd rather not learn each specific test's custom macros.

Will just remove the entire block above.

> 
> > +
> >  static int connected_socket_v4(void)
> >  {
> >         struct sockaddr_in addr = {
> > @@ -70,10 +103,34 @@ static void test_sockmap_create_update_free(enum bpf_map_type map_type)
> >         close(s);
> >  }
> >
> > +static void test_skmsg_helpers(enum bpf_map_type map_type)
> > +{
> > +       struct test_skmsg_load_helpers *skel;
> > +       int err, map, verdict;
> > +
> > +       skel = test_skmsg_load_helpers__open_and_load();
> > +       if (!skel) {
> > +               FAIL("skeleton open/load failed");
> > +               return;
> > +       }
> > +
> > +       verdict = bpf_program__fd(skel->progs.prog_msg_verdict);
> > +       map = bpf_map__fd(skel->maps.sock_map);
> > +
> > +       err = xbpf_prog_attach(verdict, map, BPF_SK_MSG_VERDICT, 0);
> > +       if (err)
> > +               return;
> > +       xbpf_prog_detach2(verdict, map, BPF_SK_MSG_VERDICT);
> 
> no cleanup in this test, at all

Guess we need __destroy(skel) here.

As an aside how come if the program closes and refcnt drops the entire
thing isn't destroyed. I didn't think there was any pinning happening
in the __open_and_load piece.

> 
> > +}
> > +
> 
> [...]
> 
> > +
> > +int _version SEC("version") = 1;
> 
> version not needed
> 
> > +char _license[] SEC("license") = "GPL";
> >


Powered by blists - more mailing lists