Re: [PATCH bpf-next v3 5/6] bpf: Add an iterator selftest for bpf_sk_storage_get

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Yonghong Song <yhs@fb.com>
To: Florent Revest <revest@chromium.org>, <bpf@vger.kernel.org>
Cc: <viro@zeniv.linux.org.uk>, <davem@davemloft.net>,
	<kuba@kernel.org>, <ast@kernel.org>, <daniel@iogearbox.net>,
	<kafai@fb.com>, <andrii@kernel.org>, <kpsingh@chromium.org>,
	<revest@google.com>, <linux-kernel@vger.kernel.org>,
	<netdev@vger.kernel.org>
Subject: Re: [PATCH bpf-next v3 5/6] bpf: Add an iterator selftest for bpf_sk_storage_get
Date: Thu, 26 Nov 2020 23:00:02 -0800	[thread overview]
Message-ID: <2c5a814a-7b69-3a8d-e4e0-e595d009cf82@fb.com> (raw)
In-Reply-To: <20201126164449.1745292-5-revest@google.com>



On 11/26/20 8:44 AM, Florent Revest wrote:
> The eBPF program iterates over all files and tasks. For all socket
> files, it stores the tgid of the last task it encountered with a handle
> to that socket. This is a heuristic for finding the "owner" of a socket
> similar to what's done by lsof, ss, netstat or fuser. Potentially, this
> information could be used from a cgroup_skb/*gress hook to try to
> associate network traffic with processes.
> 
> The test makes sure that a socket it created is tagged with prog_tests's
> pid.
> 
> Signed-off-by: Florent Revest <revest@google.com>

Ack with two minor comments below.

Acked-by: Yonghong Song <yhs@fb.com>


> ---
>   .../selftests/bpf/prog_tests/bpf_iter.c       | 40 +++++++++++++++++++
>   .../progs/bpf_iter_bpf_sk_storage_helpers.c   | 25 ++++++++++++
>   2 files changed, 65 insertions(+)
> 
> diff --git a/tools/testing/selftests/bpf/prog_tests/bpf_iter.c b/tools/testing/selftests/bpf/prog_tests/bpf_iter.c
> index bb4a638f2e6f..9336d0f18331 100644
> --- a/tools/testing/selftests/bpf/prog_tests/bpf_iter.c
> +++ b/tools/testing/selftests/bpf/prog_tests/bpf_iter.c
> @@ -975,6 +975,44 @@ static void test_bpf_sk_storage_delete(void)
>   	bpf_iter_bpf_sk_storage_helpers__destroy(skel);
>   }
>   
> +/* This creates a socket and its local storage. It then runs a task_iter BPF
> + * program that replaces the existing socket local storage with the tgid of the
> + * only task owning a file descriptor to this socket, this process, prog_tests.
> + */
> +static void test_bpf_sk_storage_get(void)
> +{
> +	struct bpf_iter_bpf_sk_storage_helpers *skel;
> +	int err, map_fd, val = -1;
> +	int sock_fd = -1;
> +
> +	skel = bpf_iter_bpf_sk_storage_helpers__open_and_load();
> +	if (CHECK(!skel, "bpf_iter_bpf_sk_storage_helpers__open_and_load",
> +		  "skeleton open_and_load failed\n"))
> +		return;
> +
> +	sock_fd = socket(AF_INET6, SOCK_STREAM, 0);
> +	if (CHECK(sock_fd < 0, "socket", "errno: %d\n", errno))
> +		goto out;
> +
> +	map_fd = bpf_map__fd(skel->maps.sk_stg_map);
> +
> +	err = bpf_map_update_elem(map_fd, &sock_fd, &val, BPF_NOEXIST);
> +	if (CHECK(err, "bpf_map_update_elem", "map_update_failed\n"))
> +		goto close_socket;
> +
> +	do_dummy_read(skel->progs.fill_socket_owner);
> +
> +	err = bpf_map_lookup_elem(map_fd, &sock_fd, &val);
> +	CHECK(err || val != getpid(), "bpf_map_lookup_elem",
> +	      "map value wasn't set correctly (expected %d, got %d, err=%d)\n",
> +	      getpid(), val, err);
> +
> +close_socket:
> +	close(sock_fd);
> +out:
> +	bpf_iter_bpf_sk_storage_helpers__destroy(skel);
> +}
> +
>   static void test_bpf_sk_storage_map(void)
>   {
>   	DECLARE_LIBBPF_OPTS(bpf_iter_attach_opts, opts);
> @@ -1131,6 +1169,8 @@ void test_bpf_iter(void)
>   		test_bpf_sk_storage_map();
>   	if (test__start_subtest("bpf_sk_storage_delete"))
>   		test_bpf_sk_storage_delete();
> +	if (test__start_subtest("bpf_sk_storage_get"))
> +		test_bpf_sk_storage_get();
>   	if (test__start_subtest("rdonly-buf-out-of-bound"))
>   		test_rdonly_buf_out_of_bound();
>   	if (test__start_subtest("buf-neg-offset"))
> diff --git a/tools/testing/selftests/bpf/progs/bpf_iter_bpf_sk_storage_helpers.c b/tools/testing/selftests/bpf/progs/bpf_iter_bpf_sk_storage_helpers.c
> index 01ff3235e413..d7a7a802d172 100644
> --- a/tools/testing/selftests/bpf/progs/bpf_iter_bpf_sk_storage_helpers.c
> +++ b/tools/testing/selftests/bpf/progs/bpf_iter_bpf_sk_storage_helpers.c
> @@ -21,3 +21,28 @@ int delete_bpf_sk_storage_map(struct bpf_iter__bpf_sk_storage_map *ctx)
>   
>   	return 0;
>   }
> +
> +SEC("iter/task_file")
> +int fill_socket_owner(struct bpf_iter__task_file *ctx)
> +{
> +	struct task_struct *task = ctx->task;
> +	struct file *file = ctx->file;
> +	struct socket *sock;
> +	int *sock_tgid;
> +
> +	if (!task || !file || task->tgid != task->pid)

task->tgid != task->pid is not needed here.
The task_file iterator already tries to skip task with task->pid
if its file table is the same as task->tgid.

> +		return 0;
> +
> +	sock = bpf_sock_from_file(file);
> +	if (!sock)
> +		return 0;
> +
> +	sock_tgid = bpf_sk_storage_get(&sk_stg_map, sock->sk, 0, 0);
> +	if (!sock_tgid)
> +		return 0;
> +
> +	*sock_tgid = task->tgid;
> +
> +	return 0;
> +}
> +

Extra empty line.

next prev parent reply	other threads:[~2020-11-27  7:00 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-11-26 16:44 [PATCH bpf-next v3 1/6] net: Remove the err argument from sock_from_file Florent Revest
2020-11-26 16:44 ` [PATCH bpf-next v3 2/6] bpf: Add a bpf_sock_from_file helper Florent Revest
2020-11-26 16:44 ` [PATCH bpf-next v3 3/6] bpf: Expose bpf_sk_storage_* to iterator programs Florent Revest
2020-11-26 22:58   ` KP Singh
2020-11-26 16:44 ` [PATCH bpf-next v3 4/6] bpf: Add an iterator selftest for bpf_sk_storage_delete Florent Revest
2020-11-26 16:44 ` [PATCH bpf-next v3 5/6] bpf: Add an iterator selftest for bpf_sk_storage_get Florent Revest
2020-11-27  7:00   ` Yonghong Song [this message]
2020-11-27  9:21     ` Florent Revest
2020-11-26 16:44 ` [PATCH bpf-next v3 6/6] bpf: Test bpf_sk_storage_get in tcp iterators Florent Revest
2020-11-27  7:02   ` Yonghong Song
2020-11-26 22:58 ` [PATCH bpf-next v3 1/6] net: Remove the err argument from sock_from_file KP Singh

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2c5a814a-7b69-3a8d-e4e0-e595d009cf82@fb.com \
    --to=yhs@fb.com \
    --cc=andrii@kernel.org \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=davem@davemloft.net \
    --cc=kafai@fb.com \
    --cc=kpsingh@chromium.org \
    --cc=kuba@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=revest@chromium.org \
    --cc=revest@google.com \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.