lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 4 Sep 2020 12:49:04 -0700
From:   Andrii Nakryiko <andrii.nakryiko@...il.com>
To:     Hao Luo <haoluo@...gle.com>
Cc:     Networking <netdev@...r.kernel.org>, bpf <bpf@...r.kernel.org>,
        open list <linux-kernel@...r.kernel.org>,
        "open list:KERNEL SELFTEST FRAMEWORK" 
        <linux-kselftest@...r.kernel.org>, Shuah Khan <shuah@...nel.org>,
        Alexei Starovoitov <ast@...nel.org>,
        Andrii Nakryiko <andriin@...com>,
        Daniel Borkmann <daniel@...earbox.net>,
        Martin KaFai Lau <kafai@...com>,
        Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
        John Fastabend <john.fastabend@...il.com>,
        KP Singh <kpsingh@...omium.org>,
        Quentin Monnet <quentin@...valent.com>,
        Steven Rostedt <rostedt@...dmis.org>,
        Ingo Molnar <mingo@...hat.com>, Andrey Ignatov <rdna@...com>,
        Jakub Sitnicki <jakub@...udflare.com>
Subject: Re: [PATCH bpf-next v2 3/6] bpf/selftests: ksyms_btf to test typed ksyms

On Thu, Sep 3, 2020 at 3:35 PM Hao Luo <haoluo@...gle.com> wrote:
>
> Selftests for typed ksyms. Tests two types of ksyms: one is a struct,
> the other is a plain int. This tests two paths in the kernel. Struct
> ksyms will be converted into PTR_TO_BTF_ID by the verifier while int
> typed ksyms will be converted into PTR_TO_MEM.
>
> Signed-off-by: Hao Luo <haoluo@...gle.com>
> ---
>  .../testing/selftests/bpf/prog_tests/ksyms.c  | 31 +++------
>  .../selftests/bpf/prog_tests/ksyms_btf.c      | 63 +++++++++++++++++++
>  .../selftests/bpf/progs/test_ksyms_btf.c      | 23 +++++++
>  tools/testing/selftests/bpf/trace_helpers.c   | 26 ++++++++
>  tools/testing/selftests/bpf/trace_helpers.h   |  4 ++
>  5 files changed, 123 insertions(+), 24 deletions(-)
>  create mode 100644 tools/testing/selftests/bpf/prog_tests/ksyms_btf.c
>  create mode 100644 tools/testing/selftests/bpf/progs/test_ksyms_btf.c
>

[...]

> diff --git a/tools/testing/selftests/bpf/prog_tests/ksyms_btf.c b/tools/testing/selftests/bpf/prog_tests/ksyms_btf.c
> new file mode 100644
> index 000000000000..7b6846342449
> --- /dev/null
> +++ b/tools/testing/selftests/bpf/prog_tests/ksyms_btf.c
> @@ -0,0 +1,63 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/* Copyright (c) 2020 Google */
> +
> +#include <test_progs.h>
> +#include <bpf/libbpf.h>
> +#include <bpf/btf.h>
> +#include "test_ksyms_btf.skel.h"
> +
> +static int duration;
> +
> +void test_ksyms_btf(void)
> +{
> +       __u64 runqueues_addr, bpf_prog_active_addr;
> +       struct test_ksyms_btf *skel;
> +       struct test_ksyms_btf__data *data;
> +       struct btf *btf;
> +       int percpu_datasec;
> +       int err;
> +
> +       err = kallsyms_find("runqueues", &runqueues_addr);
> +       if (CHECK(err == -ENOENT, "kallsyms_fopen", "failed to open: %d\n", errno))
> +               return;
> +       if (CHECK(err == -EINVAL, "ksym_find", "symbol 'runqueues' not found\n"))
> +               return;
> +
> +       err = kallsyms_find("bpf_prog_active", &bpf_prog_active_addr);
> +       if (CHECK(err == -EINVAL, "ksym_find", "symbol 'bpf_prog_active' not found\n"))
> +               return;
> +
> +       btf = libbpf_find_kernel_btf();
> +       if (CHECK(IS_ERR(btf), "btf_exists", "failed to load kernel BTF: %ld\n",
> +                 PTR_ERR(btf)))
> +               return;
> +
> +       percpu_datasec = btf__find_by_name_kind(btf, ".data..percpu",
> +                                               BTF_KIND_DATASEC);
> +       if (percpu_datasec < 0) {
> +               printf("%s:SKIP:no PERCPU DATASEC in kernel btf\n",
> +                      __func__);
> +               test__skip();

leaking btf here

> +               return;
> +       }
> +
> +       skel = test_ksyms_btf__open_and_load();
> +       if (CHECK(!skel, "skel_open", "failed to open and load skeleton\n"))

here

> +               return;
> +
> +       err = test_ksyms_btf__attach(skel);
> +       if (CHECK(err, "skel_attach", "skeleton attach failed: %d\n", err))
> +               goto cleanup;
> +
> +       /* trigger tracepoint */
> +       usleep(1);
> +
> +       data = skel->data;
> +       CHECK(data->out__runqueues != runqueues_addr, "runqueues",
> +             "got %llu, exp %llu\n", data->out__runqueues, runqueues_addr);
> +       CHECK(data->out__bpf_prog_active != bpf_prog_active_addr, "bpf_prog_active",
> +             "got %llu, exp %llu\n", data->out__bpf_prog_active, bpf_prog_active_addr);

u64 is not %llu on some arches, please cast explicitly to (unsigned long long)

> +
> +cleanup:

... and here (I suggest to just jump from all those locations here for cleanup)

> +       test_ksyms_btf__destroy(skel);
> +}
> diff --git a/tools/testing/selftests/bpf/progs/test_ksyms_btf.c b/tools/testing/selftests/bpf/progs/test_ksyms_btf.c
> new file mode 100644
> index 000000000000..e04e31117f84
> --- /dev/null
> +++ b/tools/testing/selftests/bpf/progs/test_ksyms_btf.c
> @@ -0,0 +1,23 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/* Copyright (c) 2020 Google */
> +
> +#include "vmlinux.h"
> +
> +#include <bpf/bpf_helpers.h>
> +
> +__u64 out__runqueues = -1;
> +__u64 out__bpf_prog_active = -1;

this is addresses, not values, so _addr part would make it clearer.

> +
> +extern const struct rq runqueues __ksym; /* struct type global var. */
> +extern const int bpf_prog_active __ksym; /* int type global var. */

When we add non-per-CPU kernel variables, I wonder if the fact that we
have both per-CPU and global kernel variables under the same __ksym
section would cause any problems and confusion? It's not clear to me
if we need to have a special __percpu_ksym section or not?..

> +
> +SEC("raw_tp/sys_enter")
> +int handler(const void *ctx)
> +{
> +       out__runqueues = (__u64)&runqueues;
> +       out__bpf_prog_active = (__u64)&bpf_prog_active;
> +
> +       return 0;
> +}
> +
> +char _license[] SEC("license") = "GPL";
> diff --git a/tools/testing/selftests/bpf/trace_helpers.c b/tools/testing/selftests/bpf/trace_helpers.c
> index 4d0e913bbb22..ade555fe8294 100644
> --- a/tools/testing/selftests/bpf/trace_helpers.c
> +++ b/tools/testing/selftests/bpf/trace_helpers.c
> @@ -90,6 +90,32 @@ long ksym_get_addr(const char *name)
>         return 0;
>  }
>
> +/* open kallsyms and read symbol addresses on the fly. Without caching all symbols,
> + * this is faster than load + find. */
> +int kallsyms_find(const char *sym, unsigned long long *addr)
> +{
> +       char type, name[500];
> +       unsigned long long value;
> +       int err = 0;
> +       FILE *f;
> +
> +       f = fopen("/proc/kallsyms", "r");
> +       if (!f)
> +               return -ENOENT;
> +
> +       while (fscanf(f, "%llx %c %499s%*[^\n]\n", &value, &type, name) > 0) {
> +               if (strcmp(name, sym) == 0) {
> +                       *addr = value;
> +                       goto out;
> +               }
> +       }
> +       err = -EINVAL;

These error codes seem backward to me. If you fail to open
/proc/kallsyms, that's an unexpected and invalid situation, so EINVAL
makes a bit more sense there. But -ENOENT is clearly for cases where
you didn't find what you were looking for, which is exactly this case.


> +
> +out:
> +       fclose(f);
> +       return err;
> +}
> +
>  void read_trace_pipe(void)
>  {
>         int trace_fd;
> diff --git a/tools/testing/selftests/bpf/trace_helpers.h b/tools/testing/selftests/bpf/trace_helpers.h
> index 25ef597dd03f..f62fdef9e589 100644
> --- a/tools/testing/selftests/bpf/trace_helpers.h
> +++ b/tools/testing/selftests/bpf/trace_helpers.h
> @@ -12,6 +12,10 @@ struct ksym {
>  int load_kallsyms(void);
>  struct ksym *ksym_search(long key);
>  long ksym_get_addr(const char *name);
> +
> +/* open kallsyms and find addresses on the fly, faster than load + search. */
> +int kallsyms_find(const char *sym, unsigned long long *addr);
> +
>  void read_trace_pipe(void);
>
>  #endif
> --
> 2.28.0.526.ge36021eeef-goog
>

Powered by blists - more mailing lists