lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20231017162954.18403-1-kuniyu@amazon.com> Date: Tue, 17 Oct 2023 09:29:54 -0700 From: Kuniyuki Iwashima <kuniyu@...zon.com> To: <martin.lau@...ux.dev> CC: <andrii@...nel.org>, <ast@...nel.org>, <bpf@...r.kernel.org>, <daniel@...earbox.net>, <davem@...emloft.net>, <dsahern@...nel.org>, <edumazet@...gle.com>, <haoluo@...gle.com>, <john.fastabend@...il.com>, <jolsa@...nel.org>, <kpsingh@...nel.org>, <kuba@...nel.org>, <kuni1840@...il.com>, <kuniyu@...zon.com>, <mykolal@...com>, <netdev@...r.kernel.org>, <pabeni@...hat.com>, <sdf@...gle.com>, <song@...nel.org>, <yonghong.song@...ux.dev> Subject: Re: [PATCH v1 bpf-next 11/11] selftest: bpf: Test BPF_SOCK_OPS_(GEN|CHECK)_SYNCOOKIE_CB. From: Martin KaFai Lau <martin.lau@...ux.dev> Date: Mon, 16 Oct 2023 22:50:44 -0700 > On 10/13/23 3:04 PM, Kuniyuki Iwashima wrote: > > This patch adds a test for BPF_SOCK_OPS_(GEN|CHECK)_SYNCOOKIE_CB hooks. > > > > BPF_SOCK_OPS_GEN_SYNCOOKIE_CB hook generates a hash using SipHash from > > based on 4-tuple. The hash is split into ISN and TS. MSS, ECN, SACK, > > and WScale are encoded into the lower 8-bits of ISN. > > > > ISN: > > MSB LSB > > | 31 ... 8 | 7 6 | 5 | 4 | 3 2 1 0 | > > | Hash_1 | MSS | ECN | SACK | WScale | > > > > TS: > > MSB LSB > > | 31 ... 8 | 7 ... 0 | > > | Random | Hash_2 | > > > > BPF_SOCK_OPS_CHECK_SYNCOOKIE_CB hook re-calculates the hash and validates > > the cookie. > > > > Signed-off-by: Kuniyuki Iwashima <kuniyu@...zon.com> > > --- > > Currently, the validator is incomplete... > > > > If this line is changed > > > > skops->replylong[0] = msstab[3]; > > > > to > > skops->replylong[0] = msstab[mssind]; > > > > , we will get the error below during make: > > > > GEN-SKEL [test_progs] test_tcp_syncookie.skel.h > > ... > > Error: failed to open BPF object file: No such file or directory > > I cannot reprod. Does it have error earlier than this? GEN-SKEL is probably > running this (make V=1 can tell): > > tools/testing/selftests/bpf/tools/sbin/bpftool gen skeleton > tools/testing/selftests/bpf/test_tcp_syncookie.bpf.linked3.o name > test_tcp_syncookie > tools/testing/selftests/bpf/test_tcp_syncookie.skel.h > > Add a "-d" to bpftool for more debug output: bpftool -d gen skeleton.... Somehow .rodata was 0 bytes while generating skeleton, and after removing `static` from `msstab[]`, it compiled successfully. Thank you! ---8<--- $ tools/testing/selftests/bpf/tools/sbin/bpftool -d gen skeleton tools/testing/selftests/bpf/test_tcp_syncookie.bpf.linked3.o name test_tcp_syncookie > tools/testing/selftests/bpf/test_tcp_syncookie.skel.h libbpf: loading object 'test_tcp_syncookie' from buffer libbpf: elf: section(2) .symtab, size 432, link 1, flags 0, type=2 libbpf: elf: section(3) .text, size 2888, link 0, flags 6, type=1 libbpf: sec '.text': found program 'cookie_hash' at insn offset 0 (0 bytes), code size 361 insns (2888 bytes) libbpf: elf: section(4) sockops, size 864, link 0, flags 6, type=1 libbpf: sec 'sockops': found program 'syncookie' at insn offset 0 (0 bytes), code size 108 insns (864 bytes) libbpf: elf: section(5) license, size 4, link 0, flags 3, type=1 libbpf: license of test_tcp_syncookie is GPL libbpf: elf: section(6) .maps, size 32, link 0, flags 3, type=1 libbpf: elf: section(7) .rodata.cst8, size 8, link 0, flags 12, type=1 libbpf: elf: section(8) .relsockops, size 48, link 2, flags 40, type=9 libbpf: elf: section(9) .BTF, size 3891, link 0, flags 0, type=1 libbpf: elf: section(10) .BTF.ext, size 2648, link 0, flags 0, type=1 libbpf: looking for externs among 18 symbols... libbpf: collected 0 externs total libbpf: sec '.rodata': failed to determine size from ELF: size 0, err -2 Error: failed to open BPF object file: No such file or directory ---8<--- ---8<--- diff --git a/tools/testing/selftests/bpf/progs/test_tcp_syncookie.c b/tools/testing/selftests/bpf/progs/test_tcp_syncookie.c index 5d1fc928602b..19307567cc4c 100644 --- a/tools/testing/selftests/bpf/progs/test_tcp_syncookie.c +++ b/tools/testing/selftests/bpf/progs/test_tcp_syncookie.c @@ -63,7 +63,7 @@ static __u32 cookie_hash(struct bpf_sock_ops *skops) &test_key_siphash); } -static const __u16 msstab[] = { +const __u16 msstab[] = { 536, 1300, 1440, @@ -137,7 +137,7 @@ static int check_syncookie(struct bpf_sock_ops *skops) return CG_ERR; /* msstab[mssind]; does not compile ... */ - skops->replylong[0] = msstab[3]; + skops->replylong[0] = msstab[mssind]; skops->replylong[1] = skops->args[0] & (BPF_SYNCOOKIE_ECN | BPF_SYNCOOKIE_SACK | BPF_SYNCOOKIE_WSCALE_MASK); ---8<--- > > > I cannot compile the patch in my environment as-is also: > > In file included from progs/test_tcp_syncookie.c:6: > In file included from > /data/users/kafai/fb-kernel/linux/tools/include/uapi/linux/tcp.h:22: > In file included from /usr/include/asm/byteorder.h:5: > In file included from /usr/include/linux/byteorder/little_endian.h:13: > /usr/include/linux/swab.h:136:8: error: unknown type name '__always_inline' > 136 | static __always_inline unsigned long __swab(const unsigned long y) > > I have to add a "#include <linux/stddef.h>". Will add it in v2. > > > > GEN-SKEL [test_progs-no_alu32] test_tcp_syncookie.skel.h > > make: *** [Makefile:603: /home/ec2-user/kernel/bpf_syncookie/tools/testing/selftests/bpf/test_tcp_syncookie.skel.h] Error 254 > > make: *** Deleting file '/home/ec2-user/kernel/bpf_syncookie/tools/testing/selftests/bpf/test_tcp_syncookie.skel.h' > > make: *** Waiting for unfinished jobs....
Powered by blists - more mailing lists