lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAL+tcoCro6o5ZkhVJdKah9o2p=tPUSu06D0ZzNPPDB2Ns66kMw@mail.gmail.com>
Date: Sat, 24 Aug 2024 07:44:04 +0800
From: Jason Xing <kerneljasonxing@...il.com>
To: jmaloy@...hat.com
Cc: netdev@...r.kernel.org, linux-kselftest@...r.kernel.org, 
	davem@...emloft.net, kuba@...nel.org, passt-dev@...st.top, sbrivio@...hat.com, 
	lvivier@...hat.com, dgibson@...hat.com, eric.dumazet@...il.com, 
	edumazet@...gle.com
Subject: Re: [PATCH 2/2] selftests: add selftest for tcp SO_PEEK_OFF support

Hello Jon,

On Sat, Aug 24, 2024 at 5:19 AM <jmaloy@...hat.com> wrote:
>
> From: Jon Maloy <jmaloy@...hat.com>
>
> We add a selftest to check that the new feature added in
> commit 05ea491641d3 ("tcp: add support for SO_PEEK_OFF socket option")
> works correctly.
>
> Reviewed-by: Stefano Brivio <sbrivio@...hat.com>
> Tested-by: Stefano Brivio <sbrivio@...hat.com>
> Signed-off-by: Jon Maloy <jmaloy@...hat.com>

Thanks for working on this. Sorry that I just noticed I missed your
previous reply :(

> ---
>  tools/testing/selftests/net/Makefile          |   1 +
>  tools/testing/selftests/net/tcp_so_peek_off.c | 181 ++++++++++++++++++
>  2 files changed, 182 insertions(+)
>  create mode 100644 tools/testing/selftests/net/tcp_so_peek_off.c
>
> diff --git a/tools/testing/selftests/net/Makefile b/tools/testing/selftests/net/Makefile
> index 8eaffd7a641c..1179e3261bef 100644
> --- a/tools/testing/selftests/net/Makefile
> +++ b/tools/testing/selftests/net/Makefile
> @@ -80,6 +80,7 @@ TEST_PROGS += io_uring_zerocopy_tx.sh
>  TEST_GEN_FILES += bind_bhash
>  TEST_GEN_PROGS += sk_bind_sendto_listen
>  TEST_GEN_PROGS += sk_connect_zero_addr
> +TEST_GEN_PROGS += tcp_so_peek_off
>  TEST_PROGS += test_ingress_egress_chaining.sh
>  TEST_GEN_PROGS += so_incoming_cpu
>  TEST_PROGS += sctp_vrf.sh
> diff --git a/tools/testing/selftests/net/tcp_so_peek_off.c b/tools/testing/selftests/net/tcp_so_peek_off.c
> new file mode 100644
> index 000000000000..8379ea02e3d7
> --- /dev/null
> +++ b/tools/testing/selftests/net/tcp_so_peek_off.c
> @@ -0,0 +1,181 @@
> +// SPDX-License-Identifier: GPL-2.0
> +
> +#include <stdio.h>
> +#include <stdlib.h>
> +#include <string.h>
> +#include <unistd.h>
> +#include <errno.h>
> +#include <sys/types.h>
> +#include <netinet/in.h>
> +#include <arpa/inet.h>
> +#include "../kselftest.h"
> +
> +static char *afstr(int af)
> +{
> +       return af == AF_INET ? "TCP/IPv4" : "TCP/IPv6";
> +}
> +
> +int tcp_peek_offset_probe(sa_family_t af)
> +{
> +       int optv = 0;
> +       int ret = 0;
> +       int s;
> +
> +       s = socket(af, SOCK_STREAM | SOCK_CLOEXEC, IPPROTO_TCP);
> +       if (s < 0) {
> +               ksft_perror("Temporary TCP socket creation failed");
> +       } else {
> +               if (!setsockopt(s, SOL_SOCKET, SO_PEEK_OFF, &optv, sizeof(int)))
> +                       ret = 1;
> +               else
> +                       printf("%s does not support SO_PEEK_OFF\n", afstr(af));
> +               close(s);
> +       }
> +       return ret;
> +}
> +
> +static void tcp_peek_offset_set(int s, int offset)
> +{
> +       if (setsockopt(s, SOL_SOCKET, SO_PEEK_OFF, &offset, sizeof(offset)))
> +               ksft_perror("Failed to set SO_PEEK_OFF value\n");
> +}
> +
> +static int tcp_peek_offset_get(int s)
> +{
> +       int offset;
> +       socklen_t len = sizeof(offset);
> +
> +       if (getsockopt(s, SOL_SOCKET, SO_PEEK_OFF, &offset, &len))
> +               ksft_perror("Failed to get SO_PEEK_OFF value\n");
> +       return offset;
> +}
> +
> +static int tcp_peek_offset_test(sa_family_t af)
> +{
> +       union {
> +               struct sockaddr sa;
> +               struct sockaddr_in a4;
> +               struct sockaddr_in6 a6;
> +       } a;
> +       int res = 0;
> +       int s[2] = {0, 0};
> +       int recv_sock = 0;
> +       int offset = 0;
> +       ssize_t len;
> +       char buf;
> +
> +       memset(&a, 0, sizeof(a));
> +       a.sa.sa_family = af;
> +
> +       s[0] = socket(af, SOCK_STREAM, IPPROTO_TCP);
> +       s[1] = socket(af, SOCK_STREAM | SOCK_NONBLOCK, IPPROTO_TCP);
> +
> +       if (s[0] < 0 || s[1] < 0) {
> +               ksft_perror("Temporary probe socket creation failed\n");
> +               goto out;

Nit: I wonder if we can use more proper test statements to avoid such
hiding failure[1] when closing a invalid file descriptor, even though
it doesn't harm the test itself?

[1]: "EBADF (Bad file descriptor)"

> +       }
> +       if (bind(s[0], &a.sa, sizeof(a)) < 0) {
> +               ksft_perror("Temporary probe socket bind() failed\n");
> +               goto out;
> +       }
> +       if (getsockname(s[0], &a.sa, &((socklen_t) { sizeof(a) })) < 0) {
> +               ksft_perror("Temporary probe socket getsockname() failed\n");
> +               goto out;
> +       }
> +       if (listen(s[0], 0) < 0) {
> +               ksft_perror("Temporary probe socket listen() failed\n");
> +               goto out;
> +       }
> +       if (connect(s[1], &a.sa, sizeof(a)) >= 0 || errno != EINPROGRESS) {
> +               ksft_perror("Temporary probe socket connect() failed\n");
> +               goto out;
> +       }
> +       recv_sock = accept(s[0], NULL, NULL);
> +       if (recv_sock <= 0) {
> +               ksft_perror("Temporary probe socket accept() failed\n");
> +               goto out;

Same here.

> +       }
> +
> +       /* Some basic tests of getting/setting offset */
> +       offset = tcp_peek_offset_get(recv_sock);
> +       if (offset != -1) {
> +               ksft_perror("Initial value of socket offset not -1\n");
> +               goto out;
> +       }
> +       tcp_peek_offset_set(recv_sock, 0);
> +       offset = tcp_peek_offset_get(recv_sock);
> +       if (offset != 0) {
> +               ksft_perror("Failed to set socket offset to 0\n");
> +               goto out;
> +       }
> +
> +       /* Transfer a message */
> +       if (send(s[1], (char *)("ab"), 2, 0) <= 0 || errno != EINPROGRESS) {
> +               ksft_perror("Temporary probe socket send() failed\n");
> +               goto out;
> +       }
> +       /* Read first byte */
> +       len = recv(recv_sock, &buf, 1, MSG_PEEK);
> +       if (len != 1 || buf != 'a') {
> +               ksft_perror("Failed to read first byte of message\n");
> +               goto out;
> +       }
> +       offset = tcp_peek_offset_get(recv_sock);
> +       if (offset != 1) {
> +               ksft_perror("Offset not forwarded correctly at first byte\n");
> +               goto out;
> +       }
> +       /* Try to read beyond last byte */
> +       len = recv(recv_sock, &buf, 2, MSG_PEEK);
> +       if (len != 1 || buf != 'b') {
> +               ksft_perror("Failed to read last byte of message\n");
> +               goto out;
> +       }
> +       offset = tcp_peek_offset_get(recv_sock);
> +       if (offset != 2) {
> +               ksft_perror("Offset not forwarded correctly at last byte\n");
> +               goto out;
> +       }
> +       /* Flush message */
> +       len = recv(recv_sock, NULL, 2, MSG_TRUNC);
> +       if (len != 2) {
> +               ksft_perror("Failed to flush message\n");
> +               goto out;
> +       }
> +       offset = tcp_peek_offset_get(recv_sock);
> +       if (offset != 0) {
> +               ksft_perror("Offset not reverted correctly after flush\n");
> +               goto out;
> +       }
> +
> +       printf("%s with MSG_PEEK_OFF works correctly\n", afstr(af));
> +       res = 1;
> +out:
> +       close(recv_sock);
> +       close(s[1]);
> +       close(s[0]);
> +       return res;
> +}
> +
> +int main(void)
> +{
> +       int res4, res6;
> +
> +       res4 = tcp_peek_offset_probe(AF_INET);
> +       res6 = tcp_peek_offset_probe(AF_INET6);
> +
> +       if (!res4 && !res6)
> +               return KSFT_SKIP;
> +
> +       if (res4)
> +               res4 = tcp_peek_offset_test(AF_INET);
> +
> +       if (res6)
> +               res6 = tcp_peek_offset_test(AF_INET6);
> +
> +       if (!res4 || !res6)

What if res6 is NULL after checking tcp_peek_offset_probe() while res4
is always working correctly, then we will get notified with a
KSFT_FAIL failure instead of KSFT_SKIP.

The thing could happen because you reuse the same return value for v4/v6 mode.

Thanks,
Jason

> +               return KSFT_FAIL;
> +
> +       return KSFT_PASS;
> +}
> +
> --
> 2.45.2
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ