| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 26 Jun 2020 09:52:31 -0700
From: Stanislav Fomichev <sdf@...gle.com>
To: netdev@...r.kernel.org, bpf@...r.kernel.org
Cc: davem@...emloft.net, ast@...nel.org, daniel@...earbox.net,
Stanislav Fomichev <sdf@...gle.com>
Subject: [PATCH bpf-next v2 4/4] selftests/bpf: test BPF_CGROUP_INET_SOCK_RELEASE
Simple test that enforces a single SOCK_DGRAM socker per cgroup.
Signed-off-by: Stanislav Fomichev <sdf@...gle.com>
---
.../selftests/bpf/prog_tests/udp_limit.c | 71 +++++++++++++++++++
tools/testing/selftests/bpf/progs/udp_limit.c | 42 +++++++++++
2 files changed, 113 insertions(+)
create mode 100644 tools/testing/selftests/bpf/prog_tests/udp_limit.c
create mode 100644 tools/testing/selftests/bpf/progs/udp_limit.c
diff --git a/tools/testing/selftests/bpf/prog_tests/udp_limit.c b/tools/testing/selftests/bpf/prog_tests/udp_limit.c
new file mode 100644
index 000000000000..fe359a927d92
--- /dev/null
+++ b/tools/testing/selftests/bpf/prog_tests/udp_limit.c
@@ -0,0 +1,71 @@
+// SPDX-License-Identifier: GPL-2.0
+#include <test_progs.h>
+#include "udp_limit.skel.h"
+
+#include <sys/types.h>
+#include <sys/socket.h>
+
+void test_udp_limit(void)
+{
+ struct udp_limit *skel;
+ int cgroup_fd;
+ int fd1, fd2;
+ int err;
+
+ cgroup_fd = test__join_cgroup("/udp_limit");
+ if (CHECK_FAIL(cgroup_fd < 0))
+ return;
+
+ skel = udp_limit__open_and_load();
+ if (CHECK_FAIL(!skel))
+ goto close_cgroup_fd;
+
+ err = bpf_prog_attach(bpf_program__fd(skel->progs.sock),
+ cgroup_fd, BPF_CGROUP_INET_SOCK_CREATE, 0);
+ if (CHECK_FAIL(err))
+ goto close_skeleton;
+
+ err = bpf_prog_attach(bpf_program__fd(skel->progs.sock_release),
+ cgroup_fd, BPF_CGROUP_INET_SOCK_RELEASE, 0);
+ if (CHECK_FAIL(err))
+ goto close_skeleton;
+
+ /* BPF program enforces a single UDP socket per cgroup,
+ * verify that.
+ */
+ fd1 = socket(AF_INET, SOCK_DGRAM, 0);
+ if (CHECK_FAIL(fd1 < 0))
+ goto close_skeleton;
+
+ fd2 = socket(AF_INET, SOCK_DGRAM, 0);
+ if (CHECK_FAIL(fd2 != -1))
+ goto close_fd1;
+
+ /* We can reopen again after close. */
+ close(fd1);
+
+ fd1 = socket(AF_INET, SOCK_DGRAM, 0);
+ if (CHECK_FAIL(fd1 < 0))
+ goto close_skeleton;
+
+ /* Make sure the program was invoked the expected
+ * number of times:
+ * - open fd1 - BPF_CGROUP_INET_SOCK_CREATE
+ * - attempt to openfd2 - BPF_CGROUP_INET_SOCK_CREATE
+ * - close fd1 - BPF_CGROUP_INET_SOCK_RELEASE
+ * - open fd1 again - BPF_CGROUP_INET_SOCK_CREATE
+ */
+ if (CHECK_FAIL(skel->bss->invocations != 4))
+ goto close_fd1;
+
+ /* We should still have a single socket in use */
+ if (CHECK_FAIL(skel->bss->in_use != 1))
+ goto close_fd1;
+
+close_fd1:
+ close(fd1);
+close_skeleton:
+ udp_limit__destroy(skel);
+close_cgroup_fd:
+ close(cgroup_fd);
+}
diff --git a/tools/testing/selftests/bpf/progs/udp_limit.c b/tools/testing/selftests/bpf/progs/udp_limit.c
new file mode 100644
index 000000000000..98fe294d9c21
--- /dev/null
+++ b/tools/testing/selftests/bpf/progs/udp_limit.c
@@ -0,0 +1,42 @@
+// SPDX-License-Identifier: GPL-2.0-only
+
+#include <sys/socket.h>
+#include <linux/bpf.h>
+#include <bpf/bpf_helpers.h>
+
+int invocations, in_use;
+
+SEC("cgroup/sock")
+int sock(struct bpf_sock *ctx)
+{
+ __u32 key;
+
+ if (ctx->type != SOCK_DGRAM)
+ return 1;
+
+ __sync_fetch_and_add(&invocations, 1);
+
+ if (&in_use > 0) {
+ /* BPF_CGROUP_INET_SOCK_RELEASE is _not_ called
+ * when we return an error from the BPF
+ * program!
+ */
+ return 0;
+ }
+
+ __sync_fetch_and_add(&in_use, 1);
+ return 1;
+}
+
+SEC("cgroup/sock_release")
+int sock_release(struct bpf_sock *ctx)
+{
+ __u32 key;
+
+ if (ctx->type != SOCK_DGRAM)
+ return 1;
+
+ __sync_fetch_and_add(&invocations, 1);
+ __sync_fetch_and_add(&in_use, -1);
+ return 1;
+}
--
2.27.0.212.ge8ba1cc988-goog
Powered by blists - more mailing lists