| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1ba684dd-1fd8-7e71-4798-6abcfbb44eda@iogearbox.net>
Date: Mon, 11 Jan 2021 22:01:18 +0100
From: Daniel Borkmann <daniel@...earbox.net>
To: Yonghong Song <yhs@...com>, ast@...nel.org
Cc: bpf@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: [PATCH bpf-next 2/2] bpf: extend bind v4/v6 selftests for
mark/prio/bindtoifindex
On 1/11/21 9:15 PM, Yonghong Song wrote:
> On 1/11/21 8:17 AM, Daniel Borkmann wrote:
>> Extend existing cgroup bind4/bind6 tests to add coverage for setting and
>> retrieving SO_MARK, SO_PRIORITY and SO_BINDTOIFINDEX at the bind hook.
>>
>> Signed-off-by: Daniel Borkmann <daniel@...earbox.net>
>
> Ack with a minor comments below.
>
> Acked-by: Yonghong Song <yhs@...com>
>
>> ---
>> .../testing/selftests/bpf/progs/bind4_prog.c | 41 +++++++++++++++++--
>> .../testing/selftests/bpf/progs/bind6_prog.c | 41 +++++++++++++++++--
>> 2 files changed, 74 insertions(+), 8 deletions(-)
>>
>> diff --git a/tools/testing/selftests/bpf/progs/bind4_prog.c b/tools/testing/selftests/bpf/progs/bind4_prog.c
>> index c6520f21f5f5..4479ac27b1d3 100644
>> --- a/tools/testing/selftests/bpf/progs/bind4_prog.c
>> +++ b/tools/testing/selftests/bpf/progs/bind4_prog.c
>> @@ -29,18 +29,47 @@ static __inline int bind_to_device(struct bpf_sock_addr *ctx)
>> char veth2[IFNAMSIZ] = "test_sock_addr2";
>> char missing[IFNAMSIZ] = "nonexistent_dev";
>> char del_bind[IFNAMSIZ] = "";
>> + int veth1_idx, veth2_idx;
>> if (bpf_setsockopt(ctx, SOL_SOCKET, SO_BINDTODEVICE,
>> - &veth1, sizeof(veth1)))
>> + &veth1, sizeof(veth1)))
>> + return 1;
>> + if (bpf_getsockopt(ctx, SOL_SOCKET, SO_BINDTOIFINDEX,
>> + &veth1_idx, sizeof(veth1_idx)) || !veth1_idx)
>> return 1;
>> if (bpf_setsockopt(ctx, SOL_SOCKET, SO_BINDTODEVICE,
>> - &veth2, sizeof(veth2)))
>> + &veth2, sizeof(veth2)))
>> + return 1;
>> + if (bpf_getsockopt(ctx, SOL_SOCKET, SO_BINDTOIFINDEX,
>> + &veth2_idx, sizeof(veth2_idx)) || !veth2_idx ||
>> + veth1_idx == veth2_idx)
>> return 1;
>> if (bpf_setsockopt(ctx, SOL_SOCKET, SO_BINDTODEVICE,
>> - &missing, sizeof(missing)) != -ENODEV)
>> + &missing, sizeof(missing)) != -ENODEV)
>> + return 1;
>> + if (bpf_setsockopt(ctx, SOL_SOCKET, SO_BINDTOIFINDEX,
>> + &veth1_idx, sizeof(veth1_idx)))
>> return 1;
>> if (bpf_setsockopt(ctx, SOL_SOCKET, SO_BINDTODEVICE,
>> - &del_bind, sizeof(del_bind)))
>> + &del_bind, sizeof(del_bind)))
>> + return 1;
>> +
>> + return 0;
>> +}
>> +
>> +static __inline int misc_opts(struct bpf_sock_addr *ctx, int opt)
>> +{
>> + int old, tmp, new = 0xeb9f;
>> +
>> + if (bpf_getsockopt(ctx, SOL_SOCKET, opt, &old, sizeof(old)) ||
>> + old == new)
>> + return 1;
>
> Here, we assume old never equals to new. it would be good to add
> a comment to explicitly state this is true. Maybe in the future
> somebody will try to add more misc_opts which might have conflict
> here.
I thought it's obvious, but yes I can add a comment.
> Alternatively, you could pass in "new" values
> from user space with global variables for each option,
> but that may be an overkill.
Agree, that's overkill.
Thanks,
Daniel
Powered by blists - more mailing lists