| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 25 Mar 2021 15:58:48 -0700
From: Martin KaFai Lau <kafai@...com>
To: Toke Høiland-Jørgensen <toke@...hat.com>
CC: Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Andrii Nakryiko <andrii@...nel.org>,
Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
John Fastabend <john.fastabend@...il.com>,
KP Singh <kpsingh@...nel.org>,
Stanislav Fomichev <sdf@...gle.com>,
"David S. Miller" <davem@...emloft.net>,
Jesper Dangaard Brouer <brouer@...hat.com>,
Andrea Arcangeli <aarcange@...hat.com>,
Clark Williams <williams@...hat.com>, <bpf@...r.kernel.org>,
<netdev@...r.kernel.org>
Subject: Re: [PATCH bpf v2 2/2] bpf/selftests: test that kernel rejects a TCP
CC with an invalid license
On Thu, Mar 25, 2021 at 10:11:22PM +0100, Toke Høiland-Jørgensen wrote:
> This adds a selftest to check that the verifier rejects a TCP CC struct_ops
> with a non-GPL license.
>
> v2:
> - Use a minimal struct_ops BPF program instead of rewriting bpf_dctcp's
> license in memory.
> - Check for the verifier reject message instead of just the return code.
>
> Signed-off-by: Toke Høiland-Jørgensen <toke@...hat.com>
> ---
> .../selftests/bpf/prog_tests/bpf_tcp_ca.c | 44 +++++++++++++++++++
> .../selftests/bpf/progs/bpf_nogpltcp.c | 19 ++++++++
> 2 files changed, 63 insertions(+)
> create mode 100644 tools/testing/selftests/bpf/progs/bpf_nogpltcp.c
>
> diff --git a/tools/testing/selftests/bpf/prog_tests/bpf_tcp_ca.c b/tools/testing/selftests/bpf/prog_tests/bpf_tcp_ca.c
> index 37c5494a0381..a09c716528e1 100644
> --- a/tools/testing/selftests/bpf/prog_tests/bpf_tcp_ca.c
> +++ b/tools/testing/selftests/bpf/prog_tests/bpf_tcp_ca.c
> @@ -6,6 +6,7 @@
> #include <test_progs.h>
> #include "bpf_dctcp.skel.h"
> #include "bpf_cubic.skel.h"
> +#include "bpf_nogpltcp.skel.h"
>
> #define min(a, b) ((a) < (b) ? (a) : (b))
>
> @@ -227,10 +228,53 @@ static void test_dctcp(void)
> bpf_dctcp__destroy(dctcp_skel);
> }
>
> +static char *err_str = NULL;
> +static bool found = false;
Nit. These two inits are not needed.
> +
> +static int libbpf_debug_print(enum libbpf_print_level level,
> + const char *format, va_list args)
> +{
> + char *log_buf;
> +
> + if (level != LIBBPF_WARN ||
> + strcmp(format, "libbpf: \n%s\n")) {
> + vprintf(format, args);
> + return 0;
> + }
> +
> + log_buf = va_arg(args, char *);
> + if (!log_buf)
> + goto out;
> + if (err_str && strstr(log_buf, err_str) != NULL)
> + found = true;
> +out:
> + printf(format, log_buf);
> + return 0;
> +}
> +
> +static void test_invalid_license(void)
> +{
> + libbpf_print_fn_t old_print_fn = NULL;
Nit. Same here. Not need to init NULL.
Others lgtm.
Acked-by: Martin KaFai Lau <kafai@...com>
> + struct bpf_nogpltcp *skel;
> +
> + err_str = "struct ops programs must have a GPL compatible license";
> + old_print_fn = libbpf_set_print(libbpf_debug_print);
> +
> + skel = bpf_nogpltcp__open_and_load();
> + if (CHECK(skel, "bpf_nogplgtcp__open_and_load()", "didn't fail\n"))
> + bpf_nogpltcp__destroy(skel);
> +
> + CHECK(!found, "errmsg check", "expected string '%s'", err_str);
> +
> + libbpf_set_print(old_print_fn);
> +}
Powered by blists - more mailing lists