lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Fri, 29 Apr 2022 16:22:11 -0700 (PDT)
From:   Mat Martineau <mathew.j.martineau@...ux.intel.com>
To:     Geliang Tang <geliang.tang@...e.com>, netdev@...r.kernel.org,
        bpf@...r.kernel.org
cc:     ast@...nel.org, daniel@...earbox.net, andrii@...nel.org,
        mptcp@...ts.linux.dev,
        Matthieu Baerts <matthieu.baerts@...sares.net>
Subject: Re: [PATCH bpf-next v2 7/8] selftests: bpf: verify ca_name of struct
 mptcp_sock

On Fri, 29 Apr 2022, Mat Martineau wrote:

> From: Geliang Tang <geliang.tang@...e.com>
>
> This patch verifies another member of struct mptcp_sock, ca_name. Add a
> new function get_msk_ca_name() to read the sysctl tcp_congestion_control
> and verify it in verify_msk().
>
> Acked-by: Matthieu Baerts <matthieu.baerts@...sares.net>
> Signed-off-by: Geliang Tang <geliang.tang@...e.com>
> Signed-off-by: Mat Martineau <mathew.j.martineau@...ux.intel.com>
> ---
> .../testing/selftests/bpf/bpf_mptcp_helpers.h |  1 +
> tools/testing/selftests/bpf/bpf_tcp_helpers.h |  4 ++++
> .../testing/selftests/bpf/prog_tests/mptcp.c  | 24 +++++++++++++++++++
> .../testing/selftests/bpf/progs/mptcp_sock.c  |  4 ++++
> 4 files changed, 33 insertions(+)
>
> diff --git a/tools/testing/selftests/bpf/bpf_mptcp_helpers.h b/tools/testing/selftests/bpf/bpf_mptcp_helpers.h
> index 87e15810997d..463e4e061c96 100644
> --- a/tools/testing/selftests/bpf/bpf_mptcp_helpers.h
> +++ b/tools/testing/selftests/bpf/bpf_mptcp_helpers.h
> @@ -10,6 +10,7 @@ struct mptcp_sock {
> 	struct inet_connection_sock	sk;
>
> 	__u32		token;
> +	char		ca_name[TCP_CA_NAME_MAX];
> } __attribute__((preserve_access_index));
>
> #endif
> diff --git a/tools/testing/selftests/bpf/bpf_tcp_helpers.h b/tools/testing/selftests/bpf/bpf_tcp_helpers.h
> index b1ede6f0b821..89750d732cfa 100644
> --- a/tools/testing/selftests/bpf/bpf_tcp_helpers.h
> +++ b/tools/testing/selftests/bpf/bpf_tcp_helpers.h
> @@ -16,6 +16,10 @@ BPF_PROG(name, args)
> #define SOL_TCP 6
> #endif
>
> +#ifndef TCP_CA_NAME_MAX
> +#define TCP_CA_NAME_MAX	16
> +#endif
> +
> #define tcp_jiffies32 ((__u32)bpf_jiffies64())
>
> struct sock_common {
> diff --git a/tools/testing/selftests/bpf/prog_tests/mptcp.c b/tools/testing/selftests/bpf/prog_tests/mptcp.c
> index c5d96ba81e04..4518aa6e661e 100644
> --- a/tools/testing/selftests/bpf/prog_tests/mptcp.c
> +++ b/tools/testing/selftests/bpf/prog_tests/mptcp.c
> @@ -5,10 +5,15 @@
> #include "cgroup_helpers.h"
> #include "network_helpers.h"
>
> +#ifndef TCP_CA_NAME_MAX
> +#define TCP_CA_NAME_MAX	16
> +#endif
> +
> struct mptcp_storage {
> 	__u32 invoked;
> 	__u32 is_mptcp;
> 	__u32 token;
> +	char ca_name[TCP_CA_NAME_MAX];
> };
>
> static char monitor_log_path[64];
> @@ -79,11 +84,22 @@ static __u32 get_msk_token(void)
> 	return token;
> }
>
> +void get_msk_ca_name(char ca_name[])
> +{
> +	FILE *stream = popen("sysctl -b net.ipv4.tcp_congestion_control", "r");

The BPF CI is failing because it uses busybox for the sysctl command, 
which doesn't support all the command line parameters that procps-ng 
sysctl does:

https://github.com/kernel-patches/bpf/runs/6235741017?check_suite_focus=true#step:6:4259


Geliang, can you update this self test to instead read the default 
congestion control string from /proc/sys/net/ipv4/tcp_congestion_control?

Thanks,

Mat

> +
> +	if (!fgets(ca_name, TCP_CA_NAME_MAX, stream))
> +		log_err("Failed to read ca_name");
> +
> +	pclose(stream);
> +}
> +
> static int verify_msk(int map_fd, int client_fd)
> {
> 	char *msg = "MPTCP subflow socket";
> 	int err = 0, cfd = client_fd;
> 	struct mptcp_storage val;
> +	char ca_name[TCP_CA_NAME_MAX];
> 	__u32 token;
>
> 	token = get_msk_token();
> @@ -92,6 +108,8 @@ static int verify_msk(int map_fd, int client_fd)
> 		return -1;
> 	}
>
> +	get_msk_ca_name(ca_name);
> +
> 	if (CHECK_FAIL(bpf_map_lookup_elem(map_fd, &cfd, &val) < 0)) {
> 		perror("Failed to read socket storage");
> 		return -1;
> @@ -115,6 +133,12 @@ static int verify_msk(int map_fd, int client_fd)
> 		err++;
> 	}
>
> +	if (strncmp(val.ca_name, ca_name, TCP_CA_NAME_MAX)) {
> +		log_err("Unexpected mptcp_sock.ca_name %s != %s",
> +			val.ca_name, ca_name);
> +		err++;
> +	}
> +
> 	return err;
> }
>
> diff --git a/tools/testing/selftests/bpf/progs/mptcp_sock.c b/tools/testing/selftests/bpf/progs/mptcp_sock.c
> index c58c191d8416..226571673800 100644
> --- a/tools/testing/selftests/bpf/progs/mptcp_sock.c
> +++ b/tools/testing/selftests/bpf/progs/mptcp_sock.c
> @@ -1,6 +1,7 @@
> // SPDX-License-Identifier: GPL-2.0
> /* Copyright (c) 2020, Tessares SA. */
>
> +#include <string.h>
> #include <linux/bpf.h>
> #include <bpf/bpf_helpers.h>
> #include "bpf_mptcp_helpers.h"
> @@ -13,6 +14,7 @@ struct mptcp_storage {
> 	__u32 invoked;
> 	__u32 is_mptcp;
> 	__u32 token;
> +	char ca_name[TCP_CA_NAME_MAX];
> };
>
> struct {
> @@ -49,6 +51,7 @@ int _sockops(struct bpf_sock_ops *ctx)
> 			return 1;
>
> 		storage->token = 0;
> +		bzero(storage->ca_name, TCP_CA_NAME_MAX);
> 	} else {
> 		if (!CONFIG_MPTCP)
> 			return 1;
> @@ -63,6 +66,7 @@ int _sockops(struct bpf_sock_ops *ctx)
> 			return 1;
>
> 		storage->token = msk->token;
> +		memcpy(storage->ca_name, msk->ca_name, TCP_CA_NAME_MAX);
> 	}
> 	storage->invoked++;
> 	storage->is_mptcp = tcp_sk->is_mptcp;
> -- 
> 2.36.0
>
>

--
Mat Martineau
Intel

Powered by blists - more mailing lists