lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <20230519040659.670644-1-john.fastabend@gmail.com> Date: Thu, 18 May 2023 21:06:45 -0700 From: John Fastabend <john.fastabend@...il.com> To: jakub@...udflare.com, daniel@...earbox.net Cc: john.fastabend@...il.com, bpf@...r.kernel.org, netdev@...r.kernel.org, edumazet@...gle.com, ast@...nel.org, andrii@...nel.org, will@...valent.com Subject: [PATCH bpf v9 00/14] bpf sockmap fixes v9, rebased which resulted in two additions needed. Patch 14 to resolve an introduced verifier error. I'll try to dig into exactly what happened but the fix was easy to get test_sockmap running again. And then in vsock needed similar fix to the the protocols so I folded that into the first patch. Fixes for sockmap running against NGINX TCP tests and also on an underprovisioned VM so that we hit error (ENOMEM) cases regularly. The first 3 patches fix cases related to ENOMEM that were either causing splats or data hangs. Then 4-7 resolved cases found when running NGINX with its sockets assigned to sockmap. These mostly have to do with handling fin/shutdown incorrectly and ensuring epoll_wait works as expected. Patches 8 and 9 extract some of the logic used for sockmap_listen tests so that we can use it in other tests because it didn't make much sense to me to add tests to the sockmap_listen cases when here we are testing send/recv *basic* cases. Finally patches 10, 11 and 12 add the new tests to ensure we handle ioctl(FIONREAD) and shutdown correctly. To test the series I ran the NGINX compliance tests and the sockmap selftests. For now our compliance test just runs with SK_PASS. There are some more things to be done here, but these 11 patches stand on their own in my opionion and fix issues we are having in CI now. For bpf-next we can fixup/improve selftests to use the ASSERT_* in sockmap_helpers, streamline some of the testing, and add more tests. We also still are debugging a few additional flakes patches coming soon. v2: use skb_queue_empty instead of *_empty_lockless (Eric) oops incorrectly updated copied_seq on DROP case (Eric) added test for drop case copied_seq update v3: Fix up comment to use /**/ formatting and update commit message to capture discussion about previous fix attempt for hanging backlog being imcomplete. v4: build error sockmap things are behind NET_SKMSG not in BPF_SYSCALL otherwise you can build the .c file but not have correct headers. v5: typo with mispelled SOCKMAP_HELPERS v6: fix to build without INET enabled for the other sockmap types e.g. af_unix. v7: We can not protect backlog queue with a mutex because in some cases we call this with sock lock held. Instead do as Jakub suggested and peek the queue and only pop the skb when its been correctly processed. v8: Only schedule backlog when still enabled and cleanup test to not create unused sockets. v9: rebase and fixup test_sockmap verifier error and vsock that was introduced recently. John Fastabend (14): bpf: sockmap, pass skb ownership through read_skb bpf: sockmap, convert schedule_work into delayed_work bpf: sockmap, reschedule is now done through backlog bpf: sockmap, improved check for empty queue bpf: sockmap, handle fin correctly bpf: sockmap, TCP data stall on recv before accept bpf: sockmap, wake up polling after data copy bpf: sockmap, incorrectly handling copied_seq bpf: sockmap, pull socket helpers out of listen test for general use bpf: sockmap, build helper to create connected socket pair bpf: sockmap, test shutdown() correctly exits epoll and recv()=0 bpf: sockmap, test FIONREAD returns correct bytes in rx buffer bpf: sockmap, test FIONREAD returns correct bytes in rx buffer with drops bpf: sockmap, test progs verifier error with latest clang include/linux/skmsg.h | 3 +- include/net/tcp.h | 10 + net/core/skmsg.c | 81 ++-- net/core/sock_map.c | 3 +- net/ipv4/tcp.c | 11 +- net/ipv4/tcp_bpf.c | 79 +++- net/ipv4/udp.c | 7 +- net/unix/af_unix.c | 7 +- net/vmw_vsock/virtio_transport_common.c | 5 +- .../selftests/bpf/prog_tests/sockmap_basic.c | 131 ++++++ .../bpf/prog_tests/sockmap_helpers.h | 385 ++++++++++++++++++ .../selftests/bpf/prog_tests/sockmap_listen.c | 365 +---------------- .../bpf/progs/test_sockmap_drop_prog.c | 32 ++ .../selftests/bpf/progs/test_sockmap_kern.h | 12 +- .../bpf/progs/test_sockmap_pass_prog.c | 32 ++ 15 files changed, 726 insertions(+), 437 deletions(-) create mode 100644 tools/testing/selftests/bpf/prog_tests/sockmap_helpers.h create mode 100644 tools/testing/selftests/bpf/progs/test_sockmap_drop_prog.c create mode 100644 tools/testing/selftests/bpf/progs/test_sockmap_pass_prog.c -- 2.33.0
Powered by blists - more mailing lists