| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <18bed458-0128-d434-8b7a-bf676a0ea863@linux.dev>
Date: Thu, 22 Dec 2022 16:40:03 -0800
From: Martin KaFai Lau <martin.lau@...ux.dev>
To: Stanislav Fomichev <sdf@...gle.com>
Cc: ast@...nel.org, daniel@...earbox.net, andrii@...nel.org,
song@...nel.org, yhs@...com, john.fastabend@...il.com,
kpsingh@...nel.org, haoluo@...gle.com, jolsa@...nel.org,
David Ahern <dsahern@...il.com>,
Jakub Kicinski <kuba@...nel.org>,
Willem de Bruijn <willemb@...gle.com>,
Jesper Dangaard Brouer <brouer@...hat.com>,
Anatoly Burakov <anatoly.burakov@...el.com>,
Alexander Lobakin <alexandr.lobakin@...el.com>,
Magnus Karlsson <magnus.karlsson@...il.com>,
Maryam Tahhan <mtahhan@...hat.com>, xdp-hints@...-project.net,
netdev@...r.kernel.org, bpf@...r.kernel.org
Subject: Re: [PATCH bpf-next v5 11/17] selftests/bpf: Verify xdp_metadata
xdp->af_xdp path
On 12/20/22 2:20 PM, Stanislav Fomichev wrote:
> +static int open_xsk(const char *ifname, struct xsk *xsk)
> +{
> + int mmap_flags = MAP_PRIVATE | MAP_ANONYMOUS | MAP_NORESERVE;
> + const struct xsk_socket_config socket_config = {
> + .rx_size = XSK_RING_PROD__DEFAULT_NUM_DESCS,
> + .tx_size = XSK_RING_PROD__DEFAULT_NUM_DESCS,
> + .libbpf_flags = XSK_LIBBPF_FLAGS__INHIBIT_PROG_LOAD,
> + .xdp_flags = XDP_FLAGS,
> + .bind_flags = XDP_COPY,
> + };
> + const struct xsk_umem_config umem_config = {
> + .fill_size = XSK_RING_PROD__DEFAULT_NUM_DESCS,
> + .comp_size = XSK_RING_CONS__DEFAULT_NUM_DESCS,
> + .frame_size = XSK_UMEM__DEFAULT_FRAME_SIZE,
> + .flags = XDP_UMEM_UNALIGNED_CHUNK_FLAG,
> + };
> + __u32 idx;
> + u64 addr;
> + int ret;
> + int i;
> +
> + xsk->umem_area = mmap(NULL, UMEM_SIZE, PROT_READ | PROT_WRITE, mmap_flags, -1, 0);
> + if (!ASSERT_NEQ(xsk->umem_area, MAP_FAILED, "mmap"))
> + return -1;
> +
> + ret = xsk_umem__create(&xsk->umem,
> + xsk->umem_area, UMEM_SIZE,
> + &xsk->fill,
> + &xsk->comp,
> + &umem_config);
> + if (!ASSERT_OK(ret, "xsk_umem__create"))
> + return ret;
> +
> + ret = xsk_socket__create(&xsk->socket, ifname, QUEUE_ID,
> + xsk->umem,
> + &xsk->rx,
> + &xsk->tx,
> + &socket_config);
> + if (!ASSERT_OK(ret, "xsk_socket__create"))
> + return ret;
> +
> + /* First half of umem is for TX. This way address matches 1-to-1
> + * to the completion queue index.
> + */
> +
> + for (i = 0; i < UMEM_NUM / 2; i++) {
> + addr = i * UMEM_FRAME_SIZE;
> + printf("%p: tx_desc[%d] -> %lx\n", xsk, i, addr);
Do you still need this verbose printf which is in a loop? Also, how about other
printf in this test?
> + }
> +
> + /* Second half of umem is for RX. */
> +
> + ret = xsk_ring_prod__reserve(&xsk->fill, UMEM_NUM / 2, &idx);
> + if (!ASSERT_EQ(UMEM_NUM / 2, ret, "xsk_ring_prod__reserve"))
> + return ret;
> + if (!ASSERT_EQ(idx, 0, "fill idx != 0"))
> + return -1;
> +
> + for (i = 0; i < UMEM_NUM / 2; i++) {
> + addr = (UMEM_NUM / 2 + i) * UMEM_FRAME_SIZE;
> + printf("%p: rx_desc[%d] -> %lx\n", xsk, i, addr);
> + *xsk_ring_prod__fill_addr(&xsk->fill, i) = addr;
> + }
> + xsk_ring_prod__submit(&xsk->fill, ret);
> +
> + return 0;
> +}
> +
[ ... ]
> +void test_xdp_metadata(void)
> +{
> + struct xdp_metadata2 *bpf_obj2 = NULL;
> + struct xdp_metadata *bpf_obj = NULL;
> + struct bpf_program *new_prog, *prog;
> + struct nstoken *tok = NULL;
> + __u32 queue_id = QUEUE_ID;
> + struct bpf_map *prog_arr;
> + struct xsk tx_xsk = {};
> + struct xsk rx_xsk = {};
> + __u32 val, key = 0;
> + int retries = 10;
> + int rx_ifindex;
> + int sock_fd;
> + int ret;
> +
> + /* Setup new networking namespace, with a veth pair. */
> +
> + SYS("ip netns add xdp_metadata");
> + tok = open_netns("xdp_metadata");
> + SYS("ip link add numtxqueues 1 numrxqueues 1 " TX_NAME
> + " type veth peer " RX_NAME " numtxqueues 1 numrxqueues 1");
> + SYS("ip link set dev " TX_NAME " address 00:00:00:00:00:01");
> + SYS("ip link set dev " RX_NAME " address 00:00:00:00:00:02");
> + SYS("ip link set dev " TX_NAME " up");
> + SYS("ip link set dev " RX_NAME " up");
> + SYS("ip addr add " TX_ADDR "/" PREFIX_LEN " dev " TX_NAME);
> + SYS("ip addr add " RX_ADDR "/" PREFIX_LEN " dev " RX_NAME);
> +
> + rx_ifindex = if_nametoindex(RX_NAME);
> +
> + /* Setup separate AF_XDP for TX and RX interfaces. */
> +
> + ret = open_xsk(TX_NAME, &tx_xsk);
> + if (!ASSERT_OK(ret, "open_xsk(TX_NAME)"))
> + goto out;
> +
> + ret = open_xsk(RX_NAME, &rx_xsk);
> + if (!ASSERT_OK(ret, "open_xsk(RX_NAME)"))
> + goto out;
> +
> + bpf_obj = xdp_metadata__open();
> + if (!ASSERT_OK_PTR(bpf_obj, "open skeleton"))
> + goto out;
> +
> + prog = bpf_object__find_program_by_name(bpf_obj->obj, "rx");
> + bpf_program__set_ifindex(prog, rx_ifindex);
> + bpf_program__set_flags(prog, BPF_F_XDP_DEV_BOUND_ONLY);
> +
> + if (!ASSERT_OK(xdp_metadata__load(bpf_obj), "load skeleton"))
> + goto out;
> +
> + /* Make sure we can't add dev-bound programs to prog maps. */
> + prog_arr = bpf_object__find_map_by_name(bpf_obj->obj, "prog_arr");
> + if (!ASSERT_OK_PTR(prog_arr, "no prog_arr map"))
> + goto out;
> +
> + val = bpf_program__fd(prog);
> + if (!ASSERT_ERR(bpf_map__update_elem(prog_arr, &key, sizeof(key),
> + &val, sizeof(val), BPF_ANY),
> + "update prog_arr"))
> + goto out;
> +
> + /* Attach BPF program to RX interface. */
> +
> + ret = bpf_xdp_attach(rx_ifindex,
> + bpf_program__fd(bpf_obj->progs.rx),
> + XDP_FLAGS, NULL);
> + if (!ASSERT_GE(ret, 0, "bpf_xdp_attach"))
> + goto out;
> +
> + sock_fd = xsk_socket__fd(rx_xsk.socket);
> + ret = bpf_map_update_elem(bpf_map__fd(bpf_obj->maps.xsk), &queue_id, &sock_fd, 0);
> + if (!ASSERT_GE(ret, 0, "bpf_map_update_elem"))
> + goto out;
> +
> + /* Send packet destined to RX AF_XDP socket. */
> + if (!ASSERT_GE(generate_packet(&tx_xsk, AF_XDP_CONSUMER_PORT), 0,
> + "generate AF_XDP_CONSUMER_PORT"))
> + goto out;
> +
> + /* Verify AF_XDP RX packet has proper metadata. */
> + if (!ASSERT_GE(verify_xsk_metadata(&rx_xsk), 0,
> + "verify_xsk_metadata"))
> + goto out;
> +
> + complete_tx(&tx_xsk);
> +
> + /* Make sure freplace correctly picks up original bound device
> + * and doesn't crash.
> + */
> +
> + bpf_obj2 = xdp_metadata2__open();
> + if (!ASSERT_OK_PTR(bpf_obj2, "open skeleton"))
> + goto out;
> +
> + new_prog = bpf_object__find_program_by_name(bpf_obj2->obj, "freplace_rx");
> + bpf_program__set_attach_target(new_prog, bpf_program__fd(prog), "rx");
> +
> + if (!ASSERT_OK(xdp_metadata2__load(bpf_obj2), "load freplace skeleton"))
> + goto out;
> +
> + if (!ASSERT_OK(xdp_metadata2__attach(bpf_obj2), "attach freplace"))
> + goto out;
> +
> + /* Send packet to trigger . */
> + if (!ASSERT_GE(generate_packet(&tx_xsk, AF_XDP_CONSUMER_PORT), 0,
> + "generate freplace packet"))
> + goto out;
> +
> + while (!retries--) {
> + if (bpf_obj2->bss->called)
> + break;
> + usleep(10);
> + }
> + ASSERT_GT(bpf_obj2->bss->called, 0, "not called");
> +
> +out:
> + close_xsk(&rx_xsk);
> + close_xsk(&tx_xsk);
> + if (bpf_obj2)
nit. no need to test NULL. xdp_metadata2__destroy() can handle it.
> + xdp_metadata2__destroy(bpf_obj2);
> + if (bpf_obj)
Same here.
> + xdp_metadata__destroy(bpf_obj);
> + system("ip netns del xdp_metadata");
didn't know netns can be deleted before close_netns(tok). Can you double check?
> + if (tok)
> + close_netns(tok);
> +}
Powered by blists - more mailing lists