lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20231017162954.18403-1-kuniyu@amazon.com>
Date: Tue, 17 Oct 2023 09:29:54 -0700
From: Kuniyuki Iwashima <kuniyu@...zon.com>
To: <martin.lau@...ux.dev>
CC: <andrii@...nel.org>, <ast@...nel.org>, <bpf@...r.kernel.org>,
	<daniel@...earbox.net>, <davem@...emloft.net>, <dsahern@...nel.org>,
	<edumazet@...gle.com>, <haoluo@...gle.com>, <john.fastabend@...il.com>,
	<jolsa@...nel.org>, <kpsingh@...nel.org>, <kuba@...nel.org>,
	<kuni1840@...il.com>, <kuniyu@...zon.com>, <mykolal@...com>,
	<netdev@...r.kernel.org>, <pabeni@...hat.com>, <sdf@...gle.com>,
	<song@...nel.org>, <yonghong.song@...ux.dev>
Subject: Re: [PATCH v1 bpf-next 11/11] selftest: bpf: Test BPF_SOCK_OPS_(GEN|CHECK)_SYNCOOKIE_CB.

From: Martin KaFai Lau <martin.lau@...ux.dev>
Date: Mon, 16 Oct 2023 22:50:44 -0700
> On 10/13/23 3:04 PM, Kuniyuki Iwashima wrote:
> > This patch adds a test for BPF_SOCK_OPS_(GEN|CHECK)_SYNCOOKIE_CB hooks.
> > 
> > BPF_SOCK_OPS_GEN_SYNCOOKIE_CB hook generates a hash using SipHash from
> > based on 4-tuple.  The hash is split into ISN and TS.  MSS, ECN, SACK,
> > and WScale are encoded into the lower 8-bits of ISN.
> > 
> >    ISN:
> >      MSB                                   LSB
> >      | 31 ... 8 | 7 6 | 5   | 4    | 3 2 1 0 |
> >      | Hash_1   | MSS | ECN | SACK | WScale  |
> > 
> >    TS:
> >      MSB                LSB
> >      | 31 ... 8 | 7 ... 0 |
> >      | Random   | Hash_2  |
> > 
> > BPF_SOCK_OPS_CHECK_SYNCOOKIE_CB hook re-calculates the hash and validates
> > the cookie.
> > 
> > Signed-off-by: Kuniyuki Iwashima <kuniyu@...zon.com>
> > ---
> > Currently, the validator is incomplete...
> > 
> > If this line is changed
> > 
> >      skops->replylong[0] = msstab[3];
> > 
> > to
> >      skops->replylong[0] = msstab[mssind];
> > 
> > , we will get the error below during make:
> > 
> >      GEN-SKEL [test_progs] test_tcp_syncookie.skel.h
> >    ...
> >    Error: failed to open BPF object file: No such file or directory
> 
> I cannot reprod. Does it have error earlier than this? GEN-SKEL is probably 
> running this (make V=1 can tell):
> 
> tools/testing/selftests/bpf/tools/sbin/bpftool gen skeleton 
> tools/testing/selftests/bpf/test_tcp_syncookie.bpf.linked3.o name 
> test_tcp_syncookie > tools/testing/selftests/bpf/test_tcp_syncookie.skel.h
> 
> Add a "-d" to bpftool for more debug output: bpftool -d gen skeleton....

Somehow .rodata was 0 bytes while generating skeleton, and after
removing `static` from `msstab[]`, it compiled successfully.

Thank you!

---8<---
$ tools/testing/selftests/bpf/tools/sbin/bpftool -d gen skeleton tools/testing/selftests/bpf/test_tcp_syncookie.bpf.linked3.o name test_tcp_syncookie > tools/testing/selftests/bpf/test_tcp_syncookie.skel.h
libbpf: loading object 'test_tcp_syncookie' from buffer
libbpf: elf: section(2) .symtab, size 432, link 1, flags 0, type=2
libbpf: elf: section(3) .text, size 2888, link 0, flags 6, type=1
libbpf: sec '.text': found program 'cookie_hash' at insn offset 0 (0 bytes), code size 361 insns (2888 bytes)
libbpf: elf: section(4) sockops, size 864, link 0, flags 6, type=1
libbpf: sec 'sockops': found program 'syncookie' at insn offset 0 (0 bytes), code size 108 insns (864 bytes)
libbpf: elf: section(5) license, size 4, link 0, flags 3, type=1
libbpf: license of test_tcp_syncookie is GPL
libbpf: elf: section(6) .maps, size 32, link 0, flags 3, type=1
libbpf: elf: section(7) .rodata.cst8, size 8, link 0, flags 12, type=1
libbpf: elf: section(8) .relsockops, size 48, link 2, flags 40, type=9
libbpf: elf: section(9) .BTF, size 3891, link 0, flags 0, type=1
libbpf: elf: section(10) .BTF.ext, size 2648, link 0, flags 0, type=1
libbpf: looking for externs among 18 symbols...
libbpf: collected 0 externs total
libbpf: sec '.rodata': failed to determine size from ELF: size 0, err -2
Error: failed to open BPF object file: No such file or directory
---8<---

---8<---
diff --git a/tools/testing/selftests/bpf/progs/test_tcp_syncookie.c b/tools/testing/selftests/bpf/progs/test_tcp_syncookie.c
index 5d1fc928602b..19307567cc4c 100644
--- a/tools/testing/selftests/bpf/progs/test_tcp_syncookie.c
+++ b/tools/testing/selftests/bpf/progs/test_tcp_syncookie.c
@@ -63,7 +63,7 @@ static __u32 cookie_hash(struct bpf_sock_ops *skops)
 			    &test_key_siphash);
 }
 
-static const __u16 msstab[] = {
+const __u16 msstab[] = {
 	536,
 	1300,
 	1440,
@@ -137,7 +137,7 @@ static int check_syncookie(struct bpf_sock_ops *skops)
 		return CG_ERR;
 
 	/* msstab[mssind]; does not compile ... */
-	skops->replylong[0] = msstab[3];
+	skops->replylong[0] = msstab[mssind];
 	skops->replylong[1] = skops->args[0] & (BPF_SYNCOOKIE_ECN |
 						BPF_SYNCOOKIE_SACK |
 						BPF_SYNCOOKIE_WSCALE_MASK);
---8<---


> 
> 
> I cannot compile the patch in my environment as-is also:
> 
> In file included from progs/test_tcp_syncookie.c:6:
> In file included from 
> /data/users/kafai/fb-kernel/linux/tools/include/uapi/linux/tcp.h:22:
> In file included from /usr/include/asm/byteorder.h:5:
> In file included from /usr/include/linux/byteorder/little_endian.h:13:
> /usr/include/linux/swab.h:136:8: error: unknown type name '__always_inline'
>    136 | static __always_inline unsigned long __swab(const unsigned long y)
> 
> I have to add a "#include <linux/stddef.h>".

Will add it in v2.


> 
> 
> >      GEN-SKEL [test_progs-no_alu32] test_tcp_syncookie.skel.h
> >    make: *** [Makefile:603: /home/ec2-user/kernel/bpf_syncookie/tools/testing/selftests/bpf/test_tcp_syncookie.skel.h] Error 254
> >    make: *** Deleting file '/home/ec2-user/kernel/bpf_syncookie/tools/testing/selftests/bpf/test_tcp_syncookie.skel.h'
> >    make: *** Waiting for unfinished jobs....

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ