| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 17 Oct 2023 09:29:54 -0700
From: Kuniyuki Iwashima <kuniyu@...zon.com>
To: <martin.lau@...ux.dev>
CC: <andrii@...nel.org>, <ast@...nel.org>, <bpf@...r.kernel.org>,
<daniel@...earbox.net>, <davem@...emloft.net>, <dsahern@...nel.org>,
<edumazet@...gle.com>, <haoluo@...gle.com>, <john.fastabend@...il.com>,
<jolsa@...nel.org>, <kpsingh@...nel.org>, <kuba@...nel.org>,
<kuni1840@...il.com>, <kuniyu@...zon.com>, <mykolal@...com>,
<netdev@...r.kernel.org>, <pabeni@...hat.com>, <sdf@...gle.com>,
<song@...nel.org>, <yonghong.song@...ux.dev>
Subject: Re: [PATCH v1 bpf-next 11/11] selftest: bpf: Test BPF_SOCK_OPS_(GEN|CHECK)_SYNCOOKIE_CB.
From: Martin KaFai Lau <martin.lau@...ux.dev>
Date: Mon, 16 Oct 2023 22:50:44 -0700
> On 10/13/23 3:04 PM, Kuniyuki Iwashima wrote:
> > This patch adds a test for BPF_SOCK_OPS_(GEN|CHECK)_SYNCOOKIE_CB hooks.
> >
> > BPF_SOCK_OPS_GEN_SYNCOOKIE_CB hook generates a hash using SipHash from
> > based on 4-tuple. The hash is split into ISN and TS. MSS, ECN, SACK,
> > and WScale are encoded into the lower 8-bits of ISN.
> >
> > ISN:
> > MSB LSB
> > | 31 ... 8 | 7 6 | 5 | 4 | 3 2 1 0 |
> > | Hash_1 | MSS | ECN | SACK | WScale |
> >
> > TS:
> > MSB LSB
> > | 31 ... 8 | 7 ... 0 |
> > | Random | Hash_2 |
> >
> > BPF_SOCK_OPS_CHECK_SYNCOOKIE_CB hook re-calculates the hash and validates
> > the cookie.
> >
> > Signed-off-by: Kuniyuki Iwashima <kuniyu@...zon.com>
> > ---
> > Currently, the validator is incomplete...
> >
> > If this line is changed
> >
> > skops->replylong[0] = msstab[3];
> >
> > to
> > skops->replylong[0] = msstab[mssind];
> >
> > , we will get the error below during make:
> >
> > GEN-SKEL [test_progs] test_tcp_syncookie.skel.h
> > ...
> > Error: failed to open BPF object file: No such file or directory
>
> I cannot reprod. Does it have error earlier than this? GEN-SKEL is probably
> running this (make V=1 can tell):
>
> tools/testing/selftests/bpf/tools/sbin/bpftool gen skeleton
> tools/testing/selftests/bpf/test_tcp_syncookie.bpf.linked3.o name
> test_tcp_syncookie > tools/testing/selftests/bpf/test_tcp_syncookie.skel.h
>
> Add a "-d" to bpftool for more debug output: bpftool -d gen skeleton....
Somehow .rodata was 0 bytes while generating skeleton, and after
removing `static` from `msstab[]`, it compiled successfully.
Thank you!
---8<---
$ tools/testing/selftests/bpf/tools/sbin/bpftool -d gen skeleton tools/testing/selftests/bpf/test_tcp_syncookie.bpf.linked3.o name test_tcp_syncookie > tools/testing/selftests/bpf/test_tcp_syncookie.skel.h
libbpf: loading object 'test_tcp_syncookie' from buffer
libbpf: elf: section(2) .symtab, size 432, link 1, flags 0, type=2
libbpf: elf: section(3) .text, size 2888, link 0, flags 6, type=1
libbpf: sec '.text': found program 'cookie_hash' at insn offset 0 (0 bytes), code size 361 insns (2888 bytes)
libbpf: elf: section(4) sockops, size 864, link 0, flags 6, type=1
libbpf: sec 'sockops': found program 'syncookie' at insn offset 0 (0 bytes), code size 108 insns (864 bytes)
libbpf: elf: section(5) license, size 4, link 0, flags 3, type=1
libbpf: license of test_tcp_syncookie is GPL
libbpf: elf: section(6) .maps, size 32, link 0, flags 3, type=1
libbpf: elf: section(7) .rodata.cst8, size 8, link 0, flags 12, type=1
libbpf: elf: section(8) .relsockops, size 48, link 2, flags 40, type=9
libbpf: elf: section(9) .BTF, size 3891, link 0, flags 0, type=1
libbpf: elf: section(10) .BTF.ext, size 2648, link 0, flags 0, type=1
libbpf: looking for externs among 18 symbols...
libbpf: collected 0 externs total
libbpf: sec '.rodata': failed to determine size from ELF: size 0, err -2
Error: failed to open BPF object file: No such file or directory
---8<---
---8<---
diff --git a/tools/testing/selftests/bpf/progs/test_tcp_syncookie.c b/tools/testing/selftests/bpf/progs/test_tcp_syncookie.c
index 5d1fc928602b..19307567cc4c 100644
--- a/tools/testing/selftests/bpf/progs/test_tcp_syncookie.c
+++ b/tools/testing/selftests/bpf/progs/test_tcp_syncookie.c
@@ -63,7 +63,7 @@ static __u32 cookie_hash(struct bpf_sock_ops *skops)
&test_key_siphash);
}
-static const __u16 msstab[] = {
+const __u16 msstab[] = {
536,
1300,
1440,
@@ -137,7 +137,7 @@ static int check_syncookie(struct bpf_sock_ops *skops)
return CG_ERR;
/* msstab[mssind]; does not compile ... */
- skops->replylong[0] = msstab[3];
+ skops->replylong[0] = msstab[mssind];
skops->replylong[1] = skops->args[0] & (BPF_SYNCOOKIE_ECN |
BPF_SYNCOOKIE_SACK |
BPF_SYNCOOKIE_WSCALE_MASK);
---8<---
>
>
> I cannot compile the patch in my environment as-is also:
>
> In file included from progs/test_tcp_syncookie.c:6:
> In file included from
> /data/users/kafai/fb-kernel/linux/tools/include/uapi/linux/tcp.h:22:
> In file included from /usr/include/asm/byteorder.h:5:
> In file included from /usr/include/linux/byteorder/little_endian.h:13:
> /usr/include/linux/swab.h:136:8: error: unknown type name '__always_inline'
> 136 | static __always_inline unsigned long __swab(const unsigned long y)
>
> I have to add a "#include <linux/stddef.h>".
Will add it in v2.
>
>
> > GEN-SKEL [test_progs-no_alu32] test_tcp_syncookie.skel.h
> > make: *** [Makefile:603: /home/ec2-user/kernel/bpf_syncookie/tools/testing/selftests/bpf/test_tcp_syncookie.skel.h] Error 254
> > make: *** Deleting file '/home/ec2-user/kernel/bpf_syncookie/tools/testing/selftests/bpf/test_tcp_syncookie.skel.h'
> > make: *** Waiting for unfinished jobs....
Powered by blists - more mailing lists