lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <9f4dd14d-fbe3-4c61-b04c-f0e6b8096d7b@redhat.com>
Date: Mon, 26 Aug 2024 15:58:42 -0400
From: Jon Maloy <jmaloy@...hat.com>
To: Jason Xing <kerneljasonxing@...il.com>
Cc: netdev@...r.kernel.org, linux-kselftest@...r.kernel.org,
 davem@...emloft.net, kuba@...nel.org, passt-dev@...st.top,
 sbrivio@...hat.com, lvivier@...hat.com, dgibson@...hat.com,
 eric.dumazet@...il.com, edumazet@...gle.com
Subject: Re: [PATCH 2/2] selftests: add selftest for tcp SO_PEEK_OFF support



On 2024-08-23 19:44, Jason Xing wrote:
> Hello Jon,
>
> On Sat, Aug 24, 2024 at 5:19 AM <jmaloy@...hat.com> wrote:
>> From: Jon Maloy <jmaloy@...hat.com>
>>
>> We add a selftest to check that the new feature added in
>> commit 05ea491641d3 ("tcp: add support for SO_PEEK_OFF socket option")
>> works correctly.
>>
>> Reviewed-by: Stefano Brivio <sbrivio@...hat.com>
>> Tested-by: Stefano Brivio <sbrivio@...hat.com>
>> Signed-off-by: Jon Maloy <jmaloy@...hat.com>
> Thanks for working on this. Sorry that I just noticed I missed your
> previous reply :(
There is still the ditto UDP selftest to be done ;-)
>> ---
>>   tools/testing/selftests/net/Makefile          |   1 +
>>   tools/testing/selftests/net/tcp_so_peek_off.c | 181 ++++++++++++++++++
>>   2 files changed, 182 insertions(+)
>>   create mode 100644 tools/testing/selftests/net/tcp_so_peek_off.c
>>
>> diff --git a/tools/testing/selftests/net/Makefile b/tools/testing/selftests/net/Makefile
>> index 8eaffd7a641c..1179e3261bef 100644
>> --- a/tools/testing/selftests/net/Makefile
>> +++ b/tools/testing/selftests/net/Makefile
>> @@ -80,6 +80,7 @@ TEST_PROGS += io_uring_zerocopy_tx.sh
>>   TEST_GEN_FILES += bind_bhash
>>   TEST_GEN_PROGS += sk_bind_sendto_listen
>>   TEST_GEN_PROGS += sk_connect_zero_addr
>> +TEST_GEN_PROGS += tcp_so_peek_off
>>   TEST_PROGS += test_ingress_egress_chaining.sh
>>   TEST_GEN_PROGS += so_incoming_cpu
>>   TEST_PROGS += sctp_vrf.sh
>> diff --git a/tools/testing/selftests/net/tcp_so_peek_off.c b/tools/testing/selftests/net/tcp_so_peek_off.c
>> new file mode 100644
>> index 000000000000..8379ea02e3d7
>> --- /dev/null
>> +++ b/tools/testing/selftests/net/tcp_so_peek_off.c
>> @@ -0,0 +1,181 @@
>> +// SPDX-License-Identifier: GPL-2.0
>> +
>> +#include <stdio.h>
>> +#include <stdlib.h>
>> +#include <string.h>
>> +#include <unistd.h>
>> +#include <errno.h>
>> +#include <sys/types.h>
>> +#include <netinet/in.h>
>> +#include <arpa/inet.h>
>> +#include "../kselftest.h"
>> +
>> +static char *afstr(int af)
>> +{
>> +       return af == AF_INET ? "TCP/IPv4" : "TCP/IPv6";
>> +}
>> +
>> +int tcp_peek_offset_probe(sa_family_t af)
>> +{
>> +       int optv = 0;
>> +       int ret = 0;
>> +       int s;
>> +
>> +       s = socket(af, SOCK_STREAM | SOCK_CLOEXEC, IPPROTO_TCP);
>> +       if (s < 0) {
>> +               ksft_perror("Temporary TCP socket creation failed");
>> +       } else {
>> +               if (!setsockopt(s, SOL_SOCKET, SO_PEEK_OFF, &optv, sizeof(int)))
>> +                       ret = 1;
>> +               else
>> +                       printf("%s does not support SO_PEEK_OFF\n", afstr(af));
>> +               close(s);
>> +       }
>> +       return ret;
>> +}
>> +
>> +static void tcp_peek_offset_set(int s, int offset)
>> +{
>> +       if (setsockopt(s, SOL_SOCKET, SO_PEEK_OFF, &offset, sizeof(offset)))
>> +               ksft_perror("Failed to set SO_PEEK_OFF value\n");
>> +}
>> +
>> +static int tcp_peek_offset_get(int s)
>> +{
>> +       int offset;
>> +       socklen_t len = sizeof(offset);
>> +
>> +       if (getsockopt(s, SOL_SOCKET, SO_PEEK_OFF, &offset, &len))
>> +               ksft_perror("Failed to get SO_PEEK_OFF value\n");
>> +       return offset;
>> +}
>> +
>> +static int tcp_peek_offset_test(sa_family_t af)
>> +{
>> +       union {
>> +               struct sockaddr sa;
>> +               struct sockaddr_in a4;
>> +               struct sockaddr_in6 a6;
>> +       } a;
>> +       int res = 0;
>> +       int s[2] = {0, 0};
>> +       int recv_sock = 0;
>> +       int offset = 0;
>> +       ssize_t len;
>> +       char buf;
>> +
>> +       memset(&a, 0, sizeof(a));
>> +       a.sa.sa_family = af;
>> +
>> +       s[0] = socket(af, SOCK_STREAM, IPPROTO_TCP);
>> +       s[1] = socket(af, SOCK_STREAM | SOCK_NONBLOCK, IPPROTO_TCP);
>> +
>> +       if (s[0] < 0 || s[1] < 0) {
>> +               ksft_perror("Temporary probe socket creation failed\n");
>> +               goto out;
> Nit: I wonder if we can use more proper test statements to avoid such
> hiding failure[1] when closing a invalid file descriptor, even though
> it doesn't harm the test itself?
>
> [1]: "EBADF (Bad file descriptor)"
Fixed that in v2.
>> +       }
>> +       if (bind(s[0], &a.sa, sizeof(a)) < 0) {
>> +               ksft_perror("Temporary probe socket bind() failed\n");
>> +               goto out;
>> +       }
>> +       if (getsockname(s[0], &a.sa, &((socklen_t) { sizeof(a) })) < 0) {
>> +               ksft_perror("Temporary probe socket getsockname() failed\n");
>> +               goto out;
>> +       }
>> +       if (listen(s[0], 0) < 0) {
>> +               ksft_perror("Temporary probe socket listen() failed\n");
>> +               goto out;
>> +       }
>> +       if (connect(s[1], &a.sa, sizeof(a)) >= 0 || errno != EINPROGRESS) {
>> +               ksft_perror("Temporary probe socket connect() failed\n");
>> +               goto out;
>> +       }
>> +       recv_sock = accept(s[0], NULL, NULL);
>> +       if (recv_sock <= 0) {
>> +               ksft_perror("Temporary probe socket accept() failed\n");
>> +               goto out;
> Same here.
Fixed.
>> +       }
>> +
>> +       /* Some basic tests of getting/setting offset */
>> +       offset = tcp_peek_offset_get(recv_sock);
>> +       if (offset != -1) {
>> +               ksft_perror("Initial value of socket offset not -1\n");
>> +               goto out;
>> +       }
>> +       tcp_peek_offset_set(recv_sock, 0);
>> +       offset = tcp_peek_offset_get(recv_sock);
>> +       if (offset != 0) {
>> +               ksft_perror("Failed to set socket offset to 0\n");
>> +               goto out;
>> +       }
>> +
>> +       /* Transfer a message */
>> +       if (send(s[1], (char *)("ab"), 2, 0) <= 0 || errno != EINPROGRESS) {
>> +               ksft_perror("Temporary probe socket send() failed\n");
>> +               goto out;
>> +       }
>> +       /* Read first byte */
>> +       len = recv(recv_sock, &buf, 1, MSG_PEEK);
>> +       if (len != 1 || buf != 'a') {
>> +               ksft_perror("Failed to read first byte of message\n");
>> +               goto out;
>> +       }
>> +       offset = tcp_peek_offset_get(recv_sock);
>> +       if (offset != 1) {
>> +               ksft_perror("Offset not forwarded correctly at first byte\n");
>> +               goto out;
>> +       }
>> +       /* Try to read beyond last byte */
>> +       len = recv(recv_sock, &buf, 2, MSG_PEEK);
>> +       if (len != 1 || buf != 'b') {
>> +               ksft_perror("Failed to read last byte of message\n");
>> +               goto out;
>> +       }
>> +       offset = tcp_peek_offset_get(recv_sock);
>> +       if (offset != 2) {
>> +               ksft_perror("Offset not forwarded correctly at last byte\n");
>> +               goto out;
>> +       }
>> +       /* Flush message */
>> +       len = recv(recv_sock, NULL, 2, MSG_TRUNC);
>> +       if (len != 2) {
>> +               ksft_perror("Failed to flush message\n");
>> +               goto out;
>> +       }
>> +       offset = tcp_peek_offset_get(recv_sock);
>> +       if (offset != 0) {
>> +               ksft_perror("Offset not reverted correctly after flush\n");
>> +               goto out;
>> +       }
>> +
>> +       printf("%s with MSG_PEEK_OFF works correctly\n", afstr(af));
>> +       res = 1;
>> +out:
>> +       close(recv_sock);
>> +       close(s[1]);
>> +       close(s[0]);
>> +       return res;
>> +}
>> +
>> +int main(void)
>> +{
>> +       int res4, res6;
>> +
>> +       res4 = tcp_peek_offset_probe(AF_INET);
>> +       res6 = tcp_peek_offset_probe(AF_INET6);
>> +
>> +       if (!res4 && !res6)
>> +               return KSFT_SKIP;
>> +
>> +       if (res4)
>> +               res4 = tcp_peek_offset_test(AF_INET);
>> +
>> +       if (res6)
>> +               res6 = tcp_peek_offset_test(AF_INET6);
>> +
>> +       if (!res4 || !res6)
> What if res6 is NULL after checking tcp_peek_offset_probe() while res4
> is always working correctly, then we will get notified with a
> KSFT_FAIL failure instead of KSFT_SKIP.
This is intentional. If IPv4 is supported, and IPv6 is not, that is a 
failure.

Regards
///jon

> The thing could happen because you reuse the same return value for v4/v6 mode.
>
> Thanks,
> Jason
>
>> +               return KSFT_FAIL;
>> +
>> +       return KSFT_PASS;
>> +}
>> +
>> --
>> 2.45.2
>>
>>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ