lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20230519040659.670644-1-john.fastabend@gmail.com>
Date: Thu, 18 May 2023 21:06:45 -0700
From: John Fastabend <john.fastabend@...il.com>
To: jakub@...udflare.com,
	daniel@...earbox.net
Cc: john.fastabend@...il.com,
	bpf@...r.kernel.org,
	netdev@...r.kernel.org,
	edumazet@...gle.com,
	ast@...nel.org,
	andrii@...nel.org,
	will@...valent.com
Subject: [PATCH bpf v9 00/14] bpf sockmap fixes

v9, rebased which resulted in two additions needed. Patch 14
to resolve an introduced verifier error. I'll try to dig into
exactly what happened but the fix was easy to get test_sockmap
running again. And then in vsock needed similar fix to the
the protocols so I folded that into the first patch.

Fixes for sockmap running against NGINX TCP tests and also on an
underprovisioned VM so that we hit error (ENOMEM) cases regularly.

The first 3 patches fix cases related to ENOMEM that were either
causing splats or data hangs.

Then 4-7 resolved cases found when running NGINX with its sockets
assigned to sockmap. These mostly have to do with handling fin/shutdown
incorrectly and ensuring epoll_wait works as expected.

Patches 8 and 9 extract some of the logic used for sockmap_listen tests
so that we can use it in other tests because it didn't make much
sense to me to add tests to the sockmap_listen cases when here we
are testing send/recv *basic* cases.

Finally patches 10, 11 and 12 add the new tests to ensure we handle
ioctl(FIONREAD) and shutdown correctly.

To test the series I ran the NGINX compliance tests and the sockmap
selftests. For now our compliance test just runs with SK_PASS.

There are some more things to be done here, but these 11 patches
stand on their own in my opionion and fix issues we are having in
CI now. For bpf-next we can fixup/improve selftests to use the
ASSERT_* in sockmap_helpers, streamline some of the testing, and
add more tests. We also still are debugging a few additional flakes
patches coming soon.

v2: use skb_queue_empty instead of *_empty_lockless (Eric)
    oops incorrectly updated copied_seq on DROP case (Eric)
    added test for drop case copied_seq update

v3: Fix up comment to use /**/ formatting and update commit
    message to capture discussion about previous fix attempt
    for hanging backlog being imcomplete.

v4: build error sockmap things are behind NET_SKMSG not in
    BPF_SYSCALL otherwise you can build the .c file but not
    have correct headers.

v5: typo with mispelled SOCKMAP_HELPERS

v6: fix to build without INET enabled for the other sockmap
    types e.g. af_unix.

v7: We can not protect backlog queue with a mutex because in
    some cases we call this with sock lock held. Instead do
    as Jakub suggested and peek the queue and only pop the
    skb when its been correctly processed.

v8: Only schedule backlog when still enabled and cleanup test
    to not create unused sockets.

v9: rebase and fixup test_sockmap verifier error and vsock
    that was introduced recently.


John Fastabend (14):
  bpf: sockmap, pass skb ownership through read_skb
  bpf: sockmap, convert schedule_work into delayed_work
  bpf: sockmap, reschedule is now done through backlog
  bpf: sockmap, improved check for empty queue
  bpf: sockmap, handle fin correctly
  bpf: sockmap, TCP data stall on recv before accept
  bpf: sockmap, wake up polling after data copy
  bpf: sockmap, incorrectly handling copied_seq
  bpf: sockmap, pull socket helpers out of listen test for general use
  bpf: sockmap, build helper to create connected socket pair
  bpf: sockmap, test shutdown() correctly exits epoll and recv()=0
  bpf: sockmap, test FIONREAD returns correct bytes in rx buffer
  bpf: sockmap, test FIONREAD returns correct bytes in rx buffer with
    drops
  bpf: sockmap, test progs verifier error with latest clang

 include/linux/skmsg.h                         |   3 +-
 include/net/tcp.h                             |  10 +
 net/core/skmsg.c                              |  81 ++--
 net/core/sock_map.c                           |   3 +-
 net/ipv4/tcp.c                                |  11 +-
 net/ipv4/tcp_bpf.c                            |  79 +++-
 net/ipv4/udp.c                                |   7 +-
 net/unix/af_unix.c                            |   7 +-
 net/vmw_vsock/virtio_transport_common.c       |   5 +-
 .../selftests/bpf/prog_tests/sockmap_basic.c  | 131 ++++++
 .../bpf/prog_tests/sockmap_helpers.h          | 385 ++++++++++++++++++
 .../selftests/bpf/prog_tests/sockmap_listen.c | 365 +----------------
 .../bpf/progs/test_sockmap_drop_prog.c        |  32 ++
 .../selftests/bpf/progs/test_sockmap_kern.h   |  12 +-
 .../bpf/progs/test_sockmap_pass_prog.c        |  32 ++
 15 files changed, 726 insertions(+), 437 deletions(-)
 create mode 100644 tools/testing/selftests/bpf/prog_tests/sockmap_helpers.h
 create mode 100644 tools/testing/selftests/bpf/progs/test_sockmap_drop_prog.c
 create mode 100644 tools/testing/selftests/bpf/progs/test_sockmap_pass_prog.c

-- 
2.33.0


Powered by blists - more mailing lists