From: Martin KaFai Lau <martin.lau@linux.dev>
To: Daan De Meyer <daan.j.demeyer@gmail.com>
Cc: kernel-team@meta.com, bpf@vger.kernel.org
Subject: Re: [PATCH bpf-next v3 09/10] selftests/bpf: Add tests for cgroup unix socket address hooks
Date: Wed, 26 Apr 2023 14:57:31 -0700 [thread overview]
Message-ID: <54fb8365-751b-0775-02cd-e3ad0cba124b@linux.dev> (raw)
In-Reply-To: <20230421162718.440230-10-daan.j.demeyer@gmail.com>
On 4/21/23 9:27 AM, Daan De Meyer wrote:
> The unix socket address hooks do not support modifying the source
> address so we skip source address checks when we're running a unix
> socket address hook test.
>
> Signed-off-by: Daan De Meyer <daan.j.demeyer@gmail.com>
> ---
> tools/testing/selftests/bpf/bpf_kfuncs.h | 13 ++
> .../selftests/bpf/prog_tests/section_names.c | 30 ++++
> .../testing/selftests/bpf/progs/bindun_prog.c | 59 ++++++++
> .../selftests/bpf/progs/connectun_prog.c | 53 +++++++
> .../selftests/bpf/progs/recvmsgun_prog.c | 59 ++++++++
> .../selftests/bpf/progs/sendmsgun_prog.c | 53 +++++++
> tools/testing/selftests/bpf/test_sock_addr.c | 137 +++++++++++++++++-
> 7 files changed, 397 insertions(+), 7 deletions(-)
> create mode 100644 tools/testing/selftests/bpf/progs/bindun_prog.c
> create mode 100644 tools/testing/selftests/bpf/progs/connectun_prog.c
> create mode 100644 tools/testing/selftests/bpf/progs/recvmsgun_prog.c
> create mode 100644 tools/testing/selftests/bpf/progs/sendmsgun_prog.c
>
> diff --git a/tools/testing/selftests/bpf/bpf_kfuncs.h b/tools/testing/selftests/bpf/bpf_kfuncs.h
> index 8c993ec8ceea..dbdec3d5152e 100644
> --- a/tools/testing/selftests/bpf/bpf_kfuncs.h
> +++ b/tools/testing/selftests/bpf/bpf_kfuncs.h
> @@ -1,6 +1,8 @@
> #ifndef __BPF_KFUNCS__
> #define __BPF_KFUNCS__
>
> +struct bpf_sock_addr_kern;
> +
> /* Description
> * Initializes an skb-type dynptr
> * Returns
> @@ -35,4 +37,15 @@ extern void *bpf_dynptr_slice(const struct bpf_dynptr *ptr, __u32 offset,
> extern void *bpf_dynptr_slice_rdwr(const struct bpf_dynptr *ptr, __u32 offset,
> void *buffer, __u32 buffer__szk) __ksym;
>
> +/* Description
> + * Modify the contents of a sockaddr.
> + * Returns__bpf_kfunc
> + * -EINVAL if the sockaddr family does not match, the sockaddr is too small or
> + * too big, 0 if the sockaddr was successfully modified.
> + */
> +extern int bpf_sock_addr_set(struct bpf_sock_addr_kern *sa_kern,
> + const void *addr, __u32 addrlen__sz) __ksym;
It needs some negative tests, like
- addrlen__sz > UNIX_PATH_MAX for AF_UNIX test.
- addrlen__sz is larger than the size of addr in the stack.
> diff --git a/tools/testing/selftests/bpf/progs/bindun_prog.c b/tools/testing/selftests/bpf/progs/bindun_prog.c
> new file mode 100644
> index 000000000000..60addb5a9c96
> --- /dev/null
> +++ b/tools/testing/selftests/bpf/progs/bindun_prog.c
> @@ -0,0 +1,59 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/* Copyright (c) 2022 Meta Platforms, Inc. and affiliates. */
> +
> +#include "vmlinux.h"
> +
> +#include <string.h>
> +#include <bpf/bpf_helpers.h>
> +#include <bpf/bpf_core_read.h>
> +#include "bpf_kfuncs.h"
> +
> +#ifndef AF_UNIX
> +#define AF_UNIX 1
Move it to bpf_tracing_net.h. AF_INET[6] is already there.
> +#endif
> +
> +#define DST_REWRITE_PATH "\0bpf_cgroup_unix_test_rewrite"
> +
> +void *bpf_cast_to_kern_ctx(void *) __ksym;
> +
> +SEC("cgroup/bindun")
> +int bind_un_prog(struct bpf_sock_addr *ctx)
> +{
> + struct bpf_sock *sk = ctx->sk;
> + struct bpf_sock_addr_kern *sa_kern = bpf_cast_to_kern_ctx(ctx);
> + struct sockaddr_un *sa_kern_unaddr;
> + struct sockaddr_un unaddr = {
> + .sun_family = AF_UNIX,
> + };
> + __u32 unaddrlen = offsetof(struct sockaddr_un, sun_path) +
> + sizeof(DST_REWRITE_PATH) - 1;
> + int ret;
> +
> + if (!sk)
> + return 0;
> +
> + if (sk->family != AF_UNIX)
> + return 0;
> +
> + if (ctx->type != SOCK_STREAM && ctx->type != SOCK_DGRAM)
> + return 0;
> +
> + memcpy(unaddr.sun_path, DST_REWRITE_PATH, sizeof(DST_REWRITE_PATH) - 1);
> +
> + ret = bpf_sock_addr_set(sa_kern, (struct sockaddr *) &unaddr, unaddrlen);
> + if (ret)
> + return 0;
> +
> + if (sa_kern->uaddrlen != unaddrlen)
> + return 0;
> +
> + sa_kern_unaddr = bpf_rdonly_cast(sa_kern->uaddr,
> + bpf_core_type_id_kernel(struct sockaddr_un));
> + if (memcmp(sa_kern_unaddr->sun_path, DST_REWRITE_PATH,
> + sizeof(DST_REWRITE_PATH) - 1) != 0)
> + return 0;
> +
> + return 1;
> +}
> +
> +char _license[] SEC("license") = "GPL";
> diff --git a/tools/testing/selftests/bpf/progs/connectun_prog.c b/tools/testing/selftests/bpf/progs/connectun_prog.c
> new file mode 100644
> index 000000000000..ac7209bd326f
> --- /dev/null
> +++ b/tools/testing/selftests/bpf/progs/connectun_prog.c
> @@ -0,0 +1,53 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/* Copyright (c) 2022 Meta Platforms, Inc. and affiliates. */
> +
> +#include "vmlinux.h"
> +
> +#include <string.h>
> +#include <bpf/bpf_helpers.h>
> +#include <bpf/bpf_core_read.h>
> +#include "bpf_kfuncs.h"
> +
> +#ifndef AF_UNIX
> +#define AF_UNIX 1
> +#endif
> +
> +#define DST_REWRITE_PATH "\0bpf_cgroup_unix_test_rewrite"
> +
> +void *bpf_cast_to_kern_ctx(void *) __ksym;
Move it to bpf_kfuncs.h also?
next prev parent reply other threads:[~2023-04-26 21:57 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-21 16:27 [PATCH bpf-next v3 00/10] Add cgroup sockaddr hooks for unix sockets Daan De Meyer
2023-04-21 16:27 ` [PATCH bpf-next v3 01/10] selftests/bpf: Add missing section name tests for getpeername/getsockname Daan De Meyer
2023-04-21 16:27 ` [PATCH bpf-next v3 02/10] selftests/bpf: Track sockaddr length in sock addr tests Daan De Meyer
2023-04-21 16:27 ` [PATCH bpf-next v3 03/10] bpf: Allow read access to addr_len from cgroup sockaddr programs Daan De Meyer
2023-04-21 20:55 ` Alexei Starovoitov
2023-04-24 13:58 ` Daan De Meyer
2023-04-26 0:05 ` Alexei Starovoitov
2023-04-26 13:46 ` Daan De Meyer
2023-04-26 22:07 ` Martin KaFai Lau
2023-04-21 16:27 ` [PATCH bpf-next v3 04/10] bpf: Add BTF_KFUNC_HOOK_SOCK_ADDR Daan De Meyer
2023-04-26 21:35 ` Martin KaFai Lau
2023-04-21 16:27 ` [PATCH bpf-next v3 05/10] bpf: Add bpf_sock_addr_set() to allow writing sockaddr len from bpf Daan De Meyer
2023-04-21 21:01 ` Alexei Starovoitov
2023-04-24 14:07 ` Daan De Meyer
2023-04-26 0:10 ` Alexei Starovoitov
2023-04-26 13:51 ` Daan De Meyer
2023-04-26 21:30 ` Martin KaFai Lau
2023-04-21 16:27 ` [PATCH bpf-next v3 06/10] bpf: Implement cgroup sockaddr hooks for unix sockets Daan De Meyer
2023-04-21 16:27 ` [PATCH bpf-next v3 07/10] libbpf: Add support for cgroup unix socket address hooks Daan De Meyer
2023-04-21 16:27 ` [PATCH bpf-next v3 08/10] bpftool: " Daan De Meyer
2023-04-21 20:35 ` Quentin Monnet
2023-04-21 16:27 ` [PATCH bpf-next v3 09/10] selftests/bpf: Add tests " Daan De Meyer
2023-04-26 21:57 ` Martin KaFai Lau [this message]
2023-04-26 22:13 ` Martin KaFai Lau
2023-04-21 16:27 ` [PATCH bpf-next v3 10/10] documentation/bpf: Document " Daan De Meyer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54fb8365-751b-0775-02cd-e3ad0cba124b@linux.dev \
--to=martin.lau@linux.dev \
--cc=bpf@vger.kernel.org \
--cc=daan.j.demeyer@gmail.com \
--cc=kernel-team@meta.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.