| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87lfaacks9.fsf@toke.dk>
Date: Fri, 26 Mar 2021 10:43:34 +0100
From: Toke Høiland-Jørgensen <toke@...hat.com>
To: Andrii Nakryiko <andrii.nakryiko@...il.com>
Cc: Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Andrii Nakryiko <andrii@...nel.org>,
Martin KaFai Lau <kafai@...com>,
Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
John Fastabend <john.fastabend@...il.com>,
KP Singh <kpsingh@...nel.org>,
Stanislav Fomichev <sdf@...gle.com>,
"David S. Miller" <davem@...emloft.net>,
Jesper Dangaard Brouer <brouer@...hat.com>,
Andrea Arcangeli <aarcange@...hat.com>,
Clark Williams <williams@...hat.com>,
bpf <bpf@...r.kernel.org>, Networking <netdev@...r.kernel.org>
Subject: Re: [PATCH bpf v2 2/2] bpf/selftests: test that kernel rejects a
TCP CC with an invalid license
Andrii Nakryiko <andrii.nakryiko@...il.com> writes:
> On Thu, Mar 25, 2021 at 2:11 PM Toke Høiland-Jørgensen <toke@...hat.com> wrote:
>>
>> This adds a selftest to check that the verifier rejects a TCP CC struct_ops
>> with a non-GPL license.
>>
>> v2:
>> - Use a minimal struct_ops BPF program instead of rewriting bpf_dctcp's
>> license in memory.
>> - Check for the verifier reject message instead of just the return code.
>>
>> Signed-off-by: Toke Høiland-Jørgensen <toke@...hat.com>
>> ---
>> .../selftests/bpf/prog_tests/bpf_tcp_ca.c | 44 +++++++++++++++++++
>> .../selftests/bpf/progs/bpf_nogpltcp.c | 19 ++++++++
>> 2 files changed, 63 insertions(+)
>> create mode 100644 tools/testing/selftests/bpf/progs/bpf_nogpltcp.c
>>
>> diff --git a/tools/testing/selftests/bpf/prog_tests/bpf_tcp_ca.c b/tools/testing/selftests/bpf/prog_tests/bpf_tcp_ca.c
>> index 37c5494a0381..a09c716528e1 100644
>> --- a/tools/testing/selftests/bpf/prog_tests/bpf_tcp_ca.c
>> +++ b/tools/testing/selftests/bpf/prog_tests/bpf_tcp_ca.c
>> @@ -6,6 +6,7 @@
>> #include <test_progs.h>
>> #include "bpf_dctcp.skel.h"
>> #include "bpf_cubic.skel.h"
>> +#include "bpf_nogpltcp.skel.h"
>
> total nit, but my eyes can't read "nogpltcp"... wouldn't
> "bpf_tcp_nogpl" be a bit easier?
Haha, yeah, good point - my eyes also just lump it into a blob...
>>
>> #define min(a, b) ((a) < (b) ? (a) : (b))
>>
>> @@ -227,10 +228,53 @@ static void test_dctcp(void)
>> bpf_dctcp__destroy(dctcp_skel);
>> }
>>
>> +static char *err_str = NULL;
>> +static bool found = false;
>> +
>> +static int libbpf_debug_print(enum libbpf_print_level level,
>> + const char *format, va_list args)
>> +{
>> + char *log_buf;
>> +
>> + if (level != LIBBPF_WARN ||
>> + strcmp(format, "libbpf: \n%s\n")) {
>> + vprintf(format, args);
>> + return 0;
>> + }
>> +
>> + log_buf = va_arg(args, char *);
>> + if (!log_buf)
>> + goto out;
>> + if (err_str && strstr(log_buf, err_str) != NULL)
>> + found = true;
>> +out:
>> + printf(format, log_buf);
>> + return 0;
>> +}
>> +
>> +static void test_invalid_license(void)
>> +{
>> + libbpf_print_fn_t old_print_fn = NULL;
>> + struct bpf_nogpltcp *skel;
>> +
>> + err_str = "struct ops programs must have a GPL compatible license";
>> + old_print_fn = libbpf_set_print(libbpf_debug_print);
>> +
>> + skel = bpf_nogpltcp__open_and_load();
>> + if (CHECK(skel, "bpf_nogplgtcp__open_and_load()", "didn't fail\n"))
>
> ASSERT_OK_PTR()
>
>> + bpf_nogpltcp__destroy(skel);
>
> you should destroy unconditionally
>
>> +
>> + CHECK(!found, "errmsg check", "expected string '%s'", err_str);
>
> ASSERT_EQ(found, true, "expected_err_msg");
>
> I can never be sure which way CHECK() is checking
Ah, thanks! I always get confused about CHECK() as well! Maybe it should
be renamed to ASSERT()? But that would require flipping all the if()
statements around them as well :/
-Toke
Powered by blists - more mailing lists