lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Mon, 11 Oct 2021 22:27:01 -0700
From:   John Fastabend <john.fastabend@...il.com>
To:     "liujian (CE)" <liujian56@...wei.com>,
        John Fastabend <john.fastabend@...il.com>,
        "daniel@...earbox.net" <daniel@...earbox.net>,
        "jakub@...udflare.com" <jakub@...udflare.com>,
        "lmb@...udflare.com" <lmb@...udflare.com>,
        "davem@...emloft.net" <davem@...emloft.net>,
        "kuba@...nel.org" <kuba@...nel.org>,
        "ast@...nel.org" <ast@...nel.org>,
        "andrii@...nel.org" <andrii@...nel.org>,
        "kafai@...com" <kafai@...com>,
        "songliubraving@...com" <songliubraving@...com>,
        "yhs@...com" <yhs@...com>,
        "kpsingh@...nel.org" <kpsingh@...nel.org>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "bpf@...r.kernel.org" <bpf@...r.kernel.org>,
        "xiyou.wangcong@...il.com" <xiyou.wangcong@...il.com>
Subject: RE: [PATCH v4] skmsg: lose offset info in sk_psock_skb_ingress

[...]

> > > Thanks. Please add Fixes tags so we can track these I've added it here.
> > >
> > > This has been broken from the initial patches and after a quick glance
> > > I suspect this will need manual backports if we need it. Also all the
> > > I use and all the selftests set parser to a nop by returning skb->len.
> > >
> > > Can you also create a test so we can ensure we don't break this again?
> > Okay, I will do this after the holiday.
> 
> 
> Hi John, 
> I checked selftests, there are have one test case named " test_txmsg_ingress_parser".
> But with this patch and ktls, the test failed, this because ktls parser(tls_read_size) return value is 285 not 256.
> the case like this: 
> tls_sk1 --> redir_sk --> tls_sk2
> tls_sk1 sent out 512 bytes data, after tls related processing redir_sk recved 570 btyes data,
> and redirect 512 (skb_use_parser) bytes data to tls_sk2; but tls_sk2 needs 285 * 2 bytes data, receive timeout occurred.
> I fix this as below:

Ah good catch.

> --- a/tools/testing/selftests/bpf/test_sockmap.c
> +++ b/tools/testing/selftests/bpf/test_sockmap.c
> @@ -1680,6 +1680,8 @@ static void test_txmsg_ingress_parser(int cgrp, struct sockmap_options *opt)
>  {
>         txmsg_pass = 1;
>         skb_use_parser = 512;
> +       if (ktls == 1)
> +               skb_use_parser = 570;
>         opt->iov_length = 256;
>         opt->iov_count = 1;
>         opt->rate = 2;
> 
> 
> And i add one new test as below, is it ok?


Yes looks good to me.

> 
> --- a/tools/testing/selftests/bpf/test_sockmap.c
> +++ b/tools/testing/selftests/bpf/test_sockmap.c
> @@ -139,6 +139,7 @@ struct sockmap_options {
>         bool sendpage;
>         bool data_test;
>         bool drop_expected;
> +       bool check_recved_len;
>         int iov_count;
>         int iov_length;
>         int rate;
> @@ -556,8 +557,12 @@ static int msg_loop(int fd, int iov_count, int iov_length, int cnt,
>         int err, i, flags = MSG_NOSIGNAL;
>         bool drop = opt->drop_expected;
>         bool data = opt->data_test;
> +       int iov_alloc_length = iov_length;
>  
> -       err = msg_alloc_iov(&msg, iov_count, iov_length, data, tx);
> +       if (!tx && opt->check_recved_len)
> +               iov_alloc_length *= 2;
> +
> +       err = msg_alloc_iov(&msg, iov_count, iov_alloc_length, data, tx);
>         if (err)
>                 goto out_errno;
>         if (peek_flag) {
> @@ -665,6 +670,13 @@ static int msg_loop(int fd, int iov_count, int iov_length, int cnt,
>  
>                         s->bytes_recvd += recv;
>  
> +                       if (opt->check_recved_len && s->bytes_recvd > total_bytes) {
> +                               errno = EMSGSIZE;
> +                               fprintf(stderr, "recv failed(), bytes_recvd:%zd, total_bytes:%f\n",
> +                                               s->bytes_recvd, total_bytes);
> +                               goto out_errno;
> +                       }
> +
>                         if (data) {
>                                 int chunk_sz = opt->sendpage ?
>                                                 iov_length * cnt :
> @@ -744,7 +756,8 @@ static int sendmsg_test(struct sockmap_options *opt)
>  
>         rxpid = fork();
>         if (rxpid == 0) {
> -               iov_buf -= (txmsg_pop - txmsg_start_pop + 1);
> +               if (txmsg_pop || txmsg_start_pop)
> +                       iov_buf -= (txmsg_pop - txmsg_start_pop + 1);
>                 if (opt->drop_expected || txmsg_ktls_skb_drop)
>                         _exit(0);
>  
> @@ -1688,6 +1701,19 @@ static void test_txmsg_ingress_parser(int cgrp, struct sockmap_options *opt)
>         test_exec(cgrp, opt);
>  }
>  
> +static void test_txmsg_ingress_parser2(int cgrp, struct sockmap_options *opt)
> +{
> +       if (ktls == 1)
> +               return;
> +       skb_use_parser = 10;
> +       opt->iov_length = 20;
> +       opt->iov_count = 1;
> +       opt->rate = 1;
> +       opt->check_recved_len = true;
> +       test_exec(cgrp, opt);
> +       opt->check_recved_len = false;
> +}
> +
>  char *map_names[] = {
>         "sock_map",
>         "sock_map_txmsg",
> @@ -1786,7 +1812,8 @@ struct _test test[] = {
>         {"txmsg test pull-data", test_txmsg_pull},
>         {"txmsg test pop-data", test_txmsg_pop},
>         {"txmsg test push/pop data", test_txmsg_push_pop},
> -       {"txmsg text ingress parser", test_txmsg_ingress_parser},
> +       {"txmsg test ingress parser", test_txmsg_ingress_parser},
> +       {"txmsg test ingress parser2", test_txmsg_ingress_parser2},
>  };
> 

Great, please post as a series.

Powered by blists - more mailing lists