lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 8 Jan 2022 11:32:39 -0800 From: Alexei Starovoitov <alexei.starovoitov@...il.com> To: Toke Høiland-Jørgensen <toke@...hat.com> Cc: Alexei Starovoitov <ast@...nel.org>, Daniel Borkmann <daniel@...earbox.net>, "David S. Miller" <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>, Jesper Dangaard Brouer <hawk@...nel.org>, John Fastabend <john.fastabend@...il.com>, Andrii Nakryiko <andrii@...nel.org>, Martin KaFai Lau <kafai@...com>, Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>, KP Singh <kpsingh@...nel.org>, Shuah Khan <shuah@...nel.org>, Network Development <netdev@...r.kernel.org>, bpf <bpf@...r.kernel.org> Subject: Re: [PATCH bpf-next v7 3/3] selftests/bpf: Add selftest for XDP_REDIRECT in bpf_prog_run() On Fri, Jan 7, 2022 at 1:54 PM Toke Høiland-Jørgensen <toke@...hat.com> wrote: > + > +#define NUM_PKTS 1000000 It takes 7 seconds on my kvm with kasan and lockdep and will take much longer in BPF CI. So it needs to be lower otherwise CI will struggle. > + /* The XDP program we run with bpf_prog_run() will cycle through all > + * three xmit (PASS/TX/REDIRECT) return codes starting from above, and > + * ending up with PASS, so we should end up with two packets on the dst > + * iface and NUM_PKTS-2 in the TC hook. We match the packets on the UDP > + * payload. > + */ could you keep cycling through all return codes? That should make the test stronger. > + > + /* We enable forwarding in the test namespace because that will cause > + * the packets that go through the kernel stack (with XDP_PASS) to be > + * forwarded back out the same interface (because of the packet dst > + * combined with the interface addresses). When this happens, the > + * regular forwarding path will end up going through the same > + * veth_xdp_xmit() call as the XDP_REDIRECT code, which can cause a > + * deadlock if it happens on the same CPU. There's a local_bh_disable() > + * in the test_run code to prevent this, but an earlier version of the > + * code didn't have this, so we keep the test behaviour to make sure the > + * bug doesn't resurface. > + */ > + SYS("sysctl -qw net.ipv6.conf.all.forwarding=1"); Does it mean that without forwarding=1 the kernel will dead lock ?!
Powered by blists - more mailing lists