| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAAVpQUCyPPO1dfkkU4Hxz67JFcW6dhSfYnmUp0foNMYua_doyg@mail.gmail.com> Date: Wed, 3 Sep 2025 10:08:01 -0700 From: Kuniyuki Iwashima <kuniyu@...gle.com> To: Martin KaFai Lau <martin.lau@...ux.dev> Cc: Alexei Starovoitov <ast@...nel.org>, Andrii Nakryiko <andrii@...nel.org>, Daniel Borkmann <daniel@...earbox.net>, John Fastabend <john.fastabend@...il.com>, Stanislav Fomichev <sdf@...ichev.me>, Johannes Weiner <hannes@...xchg.org>, Michal Hocko <mhocko@...nel.org>, Roman Gushchin <roman.gushchin@...ux.dev>, Shakeel Butt <shakeel.butt@...ux.dev>, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Neal Cardwell <ncardwell@...gle.com>, Willem de Bruijn <willemb@...gle.com>, Mina Almasry <almasrymina@...gle.com>, Kuniyuki Iwashima <kuni1840@...il.com>, bpf@...r.kernel.org, netdev@...r.kernel.org Subject: Re: [PATCH v4 bpf-next/net 5/5] selftest: bpf: Add test for SK_BPF_MEMCG_SOCK_ISOLATED. On Wed, Sep 3, 2025 at 9:59 AM Kuniyuki Iwashima <kuniyu@...gle.com> wrote: > > On Tue, Sep 2, 2025 at 1:49 PM Kuniyuki Iwashima <kuniyu@...gle.com> wrote: > > > > On Tue, Sep 2, 2025 at 1:26 PM Martin KaFai Lau <martin.lau@...ux.dev> wrote: > > > > > > On 8/28/25 6:00 PM, Kuniyuki Iwashima wrote: > > > > The test does the following for IPv4/IPv6 x TCP/UDP sockets > > > > with/without BPF prog. > > > > > > > > 1. Create socket pairs > > > > 2. Send a bunch of data that requires more than 256 pages > > > > 3. Read memory_allocated from the 3rd column in /proc/net/protocols > > > > 4. Check if unread data is charged to memory_allocated > > > > > > > > If BPF prog is attached, memory_allocated should not be changed, > > > > but we allow a small error (up to 10 pages) in case other processes > > > > on the host use some amounts of TCP/UDP memory. > > > > > > > > At 2., the test actually sends more than 1024 pages because the sysctl > > > > net.core.mem_pcpu_rsv is 256 is by default, which means 256 pages are > > > > buffered per cpu before reporting to sk->sk_prot->memory_allocated. > > > > > > > > BUF_SINGLE (1024) * NR_SEND (64) * NR_SOCKETS (64) / 4096 > > > > = 1024 pages > > > > > > > > When I reduced it to 512 pages, the following assertion for the > > > > non-isolated case got flaky. > > > > > > > > ASSERT_GT(memory_allocated[1], memory_allocated[0] + 256, ...) > > > > > > > > Another contributor to slowness is 150ms sleep to make sure 1 RCU > > > > grace period passes because UDP recv queue is destroyed after that. > > > > > > There is a kern_sync_rcu() in testing_helpers.c. > > > > Nice helper :) Will use it. > > > > > > > > > > > > > # time ./test_progs -t sk_memcg > > > > #370/1 sk_memcg/TCP :OK > > > > #370/2 sk_memcg/UDP :OK > > > > #370/3 sk_memcg/TCPv6 :OK > > > > #370/4 sk_memcg/UDPv6 :OK > > > > #370 sk_memcg:OK > > > > Summary: 1/4 PASSED, 0 SKIPPED, 0 FAILED > > > > > > > > real 0m1.214s > > > > user 0m0.014s > > > > sys 0m0.318s > > > > > > Thanks. It finished much faster in my setup also comparing with the earlier > > > revision. However, it is a bit flaky when I run it in a loop: > > > > > > check_isolated:FAIL:not isolated unexpected not isolated: actual 861 <= expected 861 > > > > > > I usually can hit this at ~40-th iteration. > > > > Oh.. I tested ~10 times manually but will try in a tight loop. > > This didn't reproduce on my QEMU with/without --enable-kvm. > > Changing the assert from _GT to _GE will address the very case > above, but I'm not sure if it's enough. I doubled NR_SEND and it was still faster with kern_sync_rcu() than usleep(), so I'll simply double NR_SEND in v5 # time ./test_progs -t sk_memcg ... Summary: 1/4 PASSED, 0 SKIPPED, 0 FAILED real 0m0.483s user 0m0.010s sys 0m0.191s > > Does the bpf CI run tests repeatedly or is this only a manual > scenario ?
Powered by blists - more mailing lists