From: Martin KaFai Lau <martin.lau@linux.dev>
To: Daan De Meyer <daan.j.demeyer@gmail.com>
Cc: kernel-team@meta.com, bpf@vger.kernel.org
Subject: Re: [PATCH bpf-next v3 09/10] selftests/bpf: Add tests for cgroup unix socket address hooks
Date: Wed, 26 Apr 2023 14:57:31 -0700 [thread overview]
Message-ID: <54fb8365-751b-0775-02cd-e3ad0cba124b@linux.dev> (raw)
In-Reply-To: <20230421162718.440230-10-daan.j.demeyer@gmail.com>
On 4/21/23 9:27 AM, Daan De Meyer wrote:
> The unix socket address hooks do not support modifying the source
> address so we skip source address checks when we're running a unix
> socket address hook test.
>
> Signed-off-by: Daan De Meyer <daan.j.demeyer@gmail.com>
> ---
> tools/testing/selftests/bpf/bpf_kfuncs.h | 13 ++
> .../selftests/bpf/prog_tests/section_names.c | 30 ++++
> .../testing/selftests/bpf/progs/bindun_prog.c | 59 ++++++++
> .../selftests/bpf/progs/connectun_prog.c | 53 +++++++
> .../selftests/bpf/progs/recvmsgun_prog.c | 59 ++++++++
> .../selftests/bpf/progs/sendmsgun_prog.c | 53 +++++++
> tools/testing/selftests/bpf/test_sock_addr.c | 137 +++++++++++++++++-
> 7 files changed, 397 insertions(+), 7 deletions(-)
> create mode 100644 tools/testing/selftests/bpf/progs/bindun_prog.c
> create mode 100644 tools/testing/selftests/bpf/progs/connectun_prog.c
> create mode 100644 tools/testing/selftests/bpf/progs/recvmsgun_prog.c
> create mode 100644 tools/testing/selftests/bpf/progs/sendmsgun_prog.c
>
> diff --git a/tools/testing/selftests/bpf/bpf_kfuncs.h b/tools/testing/selftests/bpf/bpf_kfuncs.h
> index 8c993ec8ceea..dbdec3d5152e 100644
> --- a/tools/testing/selftests/bpf/bpf_kfuncs.h
> +++ b/tools/testing/selftests/bpf/bpf_kfuncs.h
> @@ -1,6 +1,8 @@
> #ifndef __BPF_KFUNCS__
> #define __BPF_KFUNCS__
>
> +struct bpf_sock_addr_kern;
> +
> /* Description
> * Initializes an skb-type dynptr
> * Returns
> @@ -35,4 +37,15 @@ extern void *bpf_dynptr_slice(const struct bpf_dynptr *ptr, __u32 offset,
> extern void *bpf_dynptr_slice_rdwr(const struct bpf_dynptr *ptr, __u32 offset,
> void *buffer, __u32 buffer__szk) __ksym;
>
> +/* Description
> + * Modify the contents of a sockaddr.
> + * Returns__bpf_kfunc
> + * -EINVAL if the sockaddr family does not match, the sockaddr is too small or
> + * too big, 0 if the sockaddr was successfully modified.
> + */
> +extern int bpf_sock_addr_set(struct bpf_sock_addr_kern *sa_kern,
> + const void *addr, __u32 addrlen__sz) __ksym;
It needs some negative tests, like
- addrlen__sz > UNIX_PATH_MAX for AF_UNIX test.
- addrlen__sz is larger than the size of addr in the stack.
> diff --git a/tools/testing/selftests/bpf/progs/bindun_prog.c b/tools/testing/selftests/bpf/progs/bindun_prog.c
> new file mode 100644
> index 000000000000..60addb5a9c96
> --- /dev/null
> +++ b/tools/testing/selftests/bpf/progs/bindun_prog.c
> @@ -0,0 +1,59 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/* Copyright (c) 2022 Meta Platforms, Inc. and affiliates. */
> +
> +#include "vmlinux.h"
> +
> +#include <string.h>
> +#include <bpf/bpf_helpers.h>
> +#include <bpf/bpf_core_read.h>
> +#include "bpf_kfuncs.h"
> +
> +#ifndef AF_UNIX
> +#define AF_UNIX 1
Move it to bpf_tracing_net.h. AF_INET[6] is already there.
> +#endif
> +
> +#define DST_REWRITE_PATH "\0bpf_cgroup_unix_test_rewrite"
> +
> +void *bpf_cast_to_kern_ctx(void *) __ksym;
> +
> +SEC("cgroup/bindun")
> +int bind_un_prog(struct bpf_sock_addr *ctx)
> +{
> + struct bpf_sock *sk = ctx->sk;
> + struct bpf_sock_addr_kern *sa_kern = bpf_cast_to_kern_ctx(ctx);
> + struct sockaddr_un *sa_kern_unaddr;
> + struct sockaddr_un unaddr = {
> + .sun_family = AF_UNIX,
> + };
> + __u32 unaddrlen = offsetof(struct sockaddr_un, sun_path) +
> + sizeof(DST_REWRITE_PATH) - 1;
> + int ret;
> +
> + if (!sk)
> + return 0;
> +
> + if (sk->family != AF_UNIX)
> + return 0;
> +
> + if (ctx->type != SOCK_STREAM && ctx->type != SOCK_DGRAM)
> + return 0;
> +
> + memcpy(unaddr.sun_path, DST_REWRITE_PATH, sizeof(DST_REWRITE_PATH) - 1);
> +
> + ret = bpf_sock_addr_set(sa_kern, (struct sockaddr *) &unaddr, unaddrlen);
> + if (ret)
> + return 0;
> +
> + if (sa_kern->uaddrlen != unaddrlen)
> + return 0;
> +
> + sa_kern_unaddr = bpf_rdonly_cast(sa_kern->uaddr,
> + bpf_core_type_id_kernel(struct sockaddr_un));
> + if (memcmp(sa_kern_unaddr->sun_path, DST_REWRITE_PATH,
> + sizeof(DST_REWRITE_PATH) - 1) != 0)
> + return 0;
> +
> + return 1;
> +}
> +
> +char _license[] SEC("license") = "GPL";
> diff --git a/tools/testing/selftests/bpf/progs/connectun_prog.c b/tools/testing/selftests/bpf/progs/connectun_prog.c
> new file mode 100644
> index 000000000000..ac7209bd326f
> --- /dev/null
> +++ b/tools/testing/selftests/bpf/progs/connectun_prog.c
> @@ -0,0 +1,53 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/* Copyright (c) 2022 Meta Platforms, Inc. and affiliates. */
> +
> +#include "vmlinux.h"
> +
> +#include <string.h>
> +#include <bpf/bpf_helpers.h>
> +#include <bpf/bpf_core_read.h>
> +#include "bpf_kfuncs.h"
> +
> +#ifndef AF_UNIX
> +#define AF_UNIX 1
> +#endif
> +
> +#define DST_REWRITE_PATH "\0bpf_cgroup_unix_test_rewrite"
> +
> +void *bpf_cast_to_kern_ctx(void *) __ksym;
Move it to bpf_kfuncs.h also?
next prev parent reply other threads:[~2023-04-26 21:57 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-21 16:27 [PATCH bpf-next v3 00/10] Add cgroup sockaddr hooks for unix sockets Daan De Meyer
2023-04-21 16:27 ` [PATCH bpf-next v3 01/10] selftests/bpf: Add missing section name tests for getpeername/getsockname Daan De Meyer
2023-04-21 16:27 ` [PATCH bpf-next v3 02/10] selftests/bpf: Track sockaddr length in sock addr tests Daan De Meyer
2023-04-21 16:27 ` [PATCH bpf-next v3 03/10] bpf: Allow read access to addr_len from cgroup sockaddr programs Daan De Meyer
2023-04-21 20:55 ` Alexei Starovoitov
2023-04-24 13:58 ` Daan De Meyer
2023-04-26 0:05 ` Alexei Starovoitov
2023-04-26 13:46 ` Daan De Meyer
2023-04-26 22:07 ` Martin KaFai Lau
2023-04-21 16:27 ` [PATCH bpf-next v3 04/10] bpf: Add BTF_KFUNC_HOOK_SOCK_ADDR Daan De Meyer
2023-04-26 21:35 ` Martin KaFai Lau
2023-04-21 16:27 ` [PATCH bpf-next v3 05/10] bpf: Add bpf_sock_addr_set() to allow writing sockaddr len from bpf Daan De Meyer
2023-04-21 21:01 ` Alexei Starovoitov
2023-04-24 14:07 ` Daan De Meyer
2023-04-26 0:10 ` Alexei Starovoitov
2023-04-26 13:51 ` Daan De Meyer
2023-04-26 21:30 ` Martin KaFai Lau
2023-04-21 16:27 ` [PATCH bpf-next v3 06/10] bpf: Implement cgroup sockaddr hooks for unix sockets Daan De Meyer
2023-04-21 16:27 ` [PATCH bpf-next v3 07/10] libbpf: Add support for cgroup unix socket address hooks Daan De Meyer
2023-04-21 16:27 ` [PATCH bpf-next v3 08/10] bpftool: " Daan De Meyer
2023-04-21 20:35 ` Quentin Monnet
2023-04-21 16:27 ` [PATCH bpf-next v3 09/10] selftests/bpf: Add tests " Daan De Meyer
2023-04-26 21:57 ` Martin KaFai Lau [this message]
2023-04-26 22:13 ` Martin KaFai Lau
2023-04-21 16:27 ` [PATCH bpf-next v3 10/10] documentation/bpf: Document " Daan De Meyer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54fb8365-751b-0775-02cd-e3ad0cba124b@linux.dev \
--to=martin.lau@linux.dev \
--cc=bpf@vger.kernel.org \
--cc=daan.j.demeyer@gmail.com \
--cc=kernel-team@meta.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox