lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAEf4BzaHeT5+JQaJdF70THve7e7UxYoL58iVWKCGG6XmQCbxYA@mail.gmail.com>
Date:   Tue, 13 Dec 2022 15:26:07 -0800
From:   Andrii Nakryiko <andrii.nakryiko@...il.com>
To:     Toke Høiland-Jørgensen <toke@...hat.com>
Cc:     Andrii Nakryiko <andrii@...nel.org>,
        Mykola Lysenko <mykolal@...com>,
        Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        Martin KaFai Lau <martin.lau@...ux.dev>,
        Song Liu <song@...nel.org>, Yonghong Song <yhs@...com>,
        John Fastabend <john.fastabend@...il.com>,
        KP Singh <kpsingh@...nel.org>,
        Stanislav Fomichev <sdf@...gle.com>,
        Hao Luo <haoluo@...gle.com>, Jiri Olsa <jolsa@...nel.org>,
        "David S. Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>,
        Jesper Dangaard Brouer <hawk@...nel.org>,
        Shuah Khan <shuah@...nel.org>, bpf@...r.kernel.org,
        netdev@...r.kernel.org
Subject: Re: [PATCH bpf v3 2/2] selftests/bpf: Add a test for using a cpumap
 from an freplace-to-XDP program

On Tue, Dec 13, 2022 at 3:24 PM Toke Høiland-Jørgensen <toke@...hat.com> wrote:
>
> This adds a simple test for inserting an XDP program into a cpumap that is
> "owned" by an XDP program that was loaded as PROG_TYPE_EXT (as libxdp
> does). Prior to the kernel fix this would fail because the map type
> ownership would be set to PROG_TYPE_EXT instead of being resolved to
> PROG_TYPE_XDP.
>
> v3:
> - Update comment to better explain the cause
> - Add Yonghong's ACK
>
> Acked-by: Yonghong Song <yhs@...com>
> Signed-off-by: Toke Høiland-Jørgensen <toke@...hat.com>
> ---

what a race, I just replied a few minutes ago on your v2. Let's use
modern BPF skeleton approach instead of adding legacy stuff to
testing_helpers

>  .../selftests/bpf/prog_tests/fexit_bpf2bpf.c  | 57 +++++++++++++++++++
>  .../selftests/bpf/progs/freplace_progmap.c    | 24 ++++++++
>  tools/testing/selftests/bpf/testing_helpers.c | 24 +++++++-
>  tools/testing/selftests/bpf/testing_helpers.h |  2 +
>  4 files changed, 105 insertions(+), 2 deletions(-)
>  create mode 100644 tools/testing/selftests/bpf/progs/freplace_progmap.c
>
> diff --git a/tools/testing/selftests/bpf/prog_tests/fexit_bpf2bpf.c b/tools/testing/selftests/bpf/prog_tests/fexit_bpf2bpf.c
> index d1e32e792536..fa8e129d1a71 100644
> --- a/tools/testing/selftests/bpf/prog_tests/fexit_bpf2bpf.c
> +++ b/tools/testing/selftests/bpf/prog_tests/fexit_bpf2bpf.c
> @@ -500,6 +500,61 @@ static void test_fentry_to_cgroup_bpf(void)
>         bind4_prog__destroy(skel);
>  }
>
> +static void test_func_replace_progmap(void)
> +{
> +       struct bpf_cpumap_val value = { .qsize = 1 };
> +       struct bpf_object *obj, *tgt_obj = NULL;
> +       struct bpf_program *drop, *redirect;
> +       struct bpf_map *cpumap;
> +       int err, tgt_fd;
> +       __u32 key = 0;
> +
> +       err = bpf_prog_test_open("freplace_progmap.bpf.o", BPF_PROG_TYPE_UNSPEC, &obj);
> +       if (!ASSERT_OK(err, "prog_open"))
> +               return;
> +
> +       err = bpf_prog_test_load("xdp_dummy.bpf.o", BPF_PROG_TYPE_UNSPEC, &tgt_obj, &tgt_fd);
> +       if (!ASSERT_OK(err, "tgt_prog_load"))
> +               goto out;
> +
> +       drop = bpf_object__find_program_by_name(obj, "xdp_drop_prog");
> +       redirect = bpf_object__find_program_by_name(obj, "xdp_cpumap_prog");
> +       cpumap = bpf_object__find_map_by_name(obj, "cpu_map");
> +
> +       if (!ASSERT_OK_PTR(drop, "drop") || !ASSERT_OK_PTR(redirect, "redirect") ||
> +           !ASSERT_OK_PTR(cpumap, "cpumap"))
> +               goto out;
> +
> +       /* Change the 'redirect' program type to be a PROG_TYPE_EXT
> +        * with an XDP target
> +        */
> +       bpf_program__set_type(redirect, BPF_PROG_TYPE_EXT);
> +       bpf_program__set_expected_attach_type(redirect, 0);
> +       err = bpf_program__set_attach_target(redirect, tgt_fd, "xdp_dummy_prog");
> +       if (!ASSERT_OK(err, "set_attach_target"))
> +               goto out;
> +
> +       err = bpf_object__load(obj);
> +       if (!ASSERT_OK(err, "obj_load"))
> +               goto out;
> +
> +       /* Prior to fixing the kernel, loading the PROG_TYPE_EXT 'redirect'
> +        * program above will cause the map owner type of 'cpumap' to be set to
> +        * PROG_TYPE_EXT. This in turn will cause the bpf_map_update_elem()
> +        * below to fail, because the program we are inserting into the map is
> +        * of PROG_TYPE_XDP. After fixing the kernel, the initial ownership will
> +        * be correctly resolved to the *target* of the PROG_TYPE_EXT program
> +        * (i.e., PROG_TYPE_XDP) and the map update will succeed.
> +        */
> +       value.bpf_prog.fd = bpf_program__fd(drop);
> +       err = bpf_map_update_elem(bpf_map__fd(cpumap), &key, &value, 0);
> +       ASSERT_OK(err, "map_update");
> +
> +out:
> +       bpf_object__close(tgt_obj);
> +       bpf_object__close(obj);
> +}
> +
>  /* NOTE: affect other tests, must run in serial mode */
>  void serial_test_fexit_bpf2bpf(void)
>  {
> @@ -525,4 +580,6 @@ void serial_test_fexit_bpf2bpf(void)
>                 test_func_replace_global_func();
>         if (test__start_subtest("fentry_to_cgroup_bpf"))
>                 test_fentry_to_cgroup_bpf();
> +       if (test__start_subtest("func_replace_progmap"))
> +               test_func_replace_progmap();
>  }
> diff --git a/tools/testing/selftests/bpf/progs/freplace_progmap.c b/tools/testing/selftests/bpf/progs/freplace_progmap.c
> new file mode 100644
> index 000000000000..68174c3d7b37
> --- /dev/null
> +++ b/tools/testing/selftests/bpf/progs/freplace_progmap.c
> @@ -0,0 +1,24 @@
> +// SPDX-License-Identifier: GPL-2.0
> +#include <linux/bpf.h>
> +#include <bpf/bpf_helpers.h>
> +
> +struct {
> +       __uint(type, BPF_MAP_TYPE_CPUMAP);
> +       __uint(key_size, sizeof(__u32));
> +       __uint(value_size, sizeof(struct bpf_cpumap_val));
> +       __uint(max_entries, 1);
> +} cpu_map SEC(".maps");
> +
> +SEC("xdp/cpumap")
> +int xdp_drop_prog(struct xdp_md *ctx)
> +{
> +       return XDP_DROP;
> +}
> +
> +SEC("xdp")
> +int xdp_cpumap_prog(struct xdp_md *ctx)
> +{
> +       return bpf_redirect_map(&cpu_map, 0, XDP_PASS);
> +}
> +
> +char _license[] SEC("license") = "GPL";
> diff --git a/tools/testing/selftests/bpf/testing_helpers.c b/tools/testing/selftests/bpf/testing_helpers.c
> index 9695318e8132..2050244e6f24 100644
> --- a/tools/testing/selftests/bpf/testing_helpers.c
> +++ b/tools/testing/selftests/bpf/testing_helpers.c
> @@ -174,8 +174,8 @@ __u32 link_info_prog_id(const struct bpf_link *link, struct bpf_link_info *info)
>
>  int extra_prog_load_log_flags = 0;
>
> -int bpf_prog_test_load(const char *file, enum bpf_prog_type type,
> -                      struct bpf_object **pobj, int *prog_fd)
> +int bpf_prog_test_open(const char *file, enum bpf_prog_type type,
> +                      struct bpf_object **pobj)
>  {
>         LIBBPF_OPTS(bpf_object_open_opts, opts,
>                 .kernel_log_level = extra_prog_load_log_flags,
> @@ -201,6 +201,26 @@ int bpf_prog_test_load(const char *file, enum bpf_prog_type type,
>         flags = bpf_program__flags(prog) | BPF_F_TEST_RND_HI32;
>         bpf_program__set_flags(prog, flags);
>
> +       *pobj = obj;
> +       return 0;
> +err_out:
> +       bpf_object__close(obj);
> +       return err;
> +}
> +
> +int bpf_prog_test_load(const char *file, enum bpf_prog_type type,
> +                      struct bpf_object **pobj, int *prog_fd)
> +{
> +       struct bpf_program *prog;
> +       struct bpf_object *obj;
> +       int err;
> +
> +       err = bpf_prog_test_open(file, type, &obj);
> +       if (err)
> +               return err;
> +
> +       prog = bpf_object__next_program(obj, NULL);
> +
>         err = bpf_object__load(obj);
>         if (err)
>                 goto err_out;
> diff --git a/tools/testing/selftests/bpf/testing_helpers.h b/tools/testing/selftests/bpf/testing_helpers.h
> index 6ec00bf79cb5..977eb520d119 100644
> --- a/tools/testing/selftests/bpf/testing_helpers.h
> +++ b/tools/testing/selftests/bpf/testing_helpers.h
> @@ -6,6 +6,8 @@
>
>  int parse_num_list(const char *s, bool **set, int *set_len);
>  __u32 link_info_prog_id(const struct bpf_link *link, struct bpf_link_info *info);
> +int bpf_prog_test_open(const char *file, enum bpf_prog_type type,
> +                      struct bpf_object **pobj);
>  int bpf_prog_test_load(const char *file, enum bpf_prog_type type,
>                        struct bpf_object **pobj, int *prog_fd);
>  int bpf_test_load_program(enum bpf_prog_type type, const struct bpf_insn *insns,
> --
> 2.38.1
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ