lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sat, 8 Jan 2022 11:32:39 -0800
From:   Alexei Starovoitov <alexei.starovoitov@...il.com>
To:     Toke Høiland-Jørgensen <toke@...hat.com>
Cc:     Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        "David S. Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>,
        Jesper Dangaard Brouer <hawk@...nel.org>,
        John Fastabend <john.fastabend@...il.com>,
        Andrii Nakryiko <andrii@...nel.org>,
        Martin KaFai Lau <kafai@...com>,
        Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
        KP Singh <kpsingh@...nel.org>, Shuah Khan <shuah@...nel.org>,
        Network Development <netdev@...r.kernel.org>,
        bpf <bpf@...r.kernel.org>
Subject: Re: [PATCH bpf-next v7 3/3] selftests/bpf: Add selftest for
 XDP_REDIRECT in bpf_prog_run()

On Fri, Jan 7, 2022 at 1:54 PM Toke Høiland-Jørgensen <toke@...hat.com> wrote:
> +
> +#define NUM_PKTS 1000000

It takes 7 seconds on my kvm with kasan and lockdep
and will take much longer in BPF CI.
So it needs to be lower otherwise CI will struggle.

> +       /* The XDP program we run with bpf_prog_run() will cycle through all
> +        * three xmit (PASS/TX/REDIRECT) return codes starting from above, and
> +        * ending up with PASS, so we should end up with two packets on the dst
> +        * iface and NUM_PKTS-2 in the TC hook. We match the packets on the UDP
> +        * payload.
> +        */

could you keep cycling through all return codes?
That should make the test stronger.

> +
> +       /* We enable forwarding in the test namespace because that will cause
> +        * the packets that go through the kernel stack (with XDP_PASS) to be
> +        * forwarded back out the same interface (because of the packet dst
> +        * combined with the interface addresses). When this happens, the
> +        * regular forwarding path will end up going through the same
> +        * veth_xdp_xmit() call as the XDP_REDIRECT code, which can cause a
> +        * deadlock if it happens on the same CPU. There's a local_bh_disable()
> +        * in the test_run code to prevent this, but an earlier version of the
> +        * code didn't have this, so we keep the test behaviour to make sure the
> +        * bug doesn't resurface.
> +        */
> +       SYS("sysctl -qw net.ipv6.conf.all.forwarding=1");

Does it mean that without forwarding=1 the kernel will dead lock ?!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ