From: David Vernet <void@manifault.com>
To: Jiri Olsa <jolsa@kernel.org>
Cc: Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Andrii Nakryiko <andrii@kernel.org>,
bpf@vger.kernel.org, Martin KaFai Lau <kafai@fb.com>,
Song Liu <songliubraving@fb.com>, Yonghong Song <yhs@fb.com>,
John Fastabend <john.fastabend@gmail.com>,
KP Singh <kpsingh@chromium.org>,
Stanislav Fomichev <sdf@google.com>, Hao Luo <haoluo@google.com>,
Kumar Kartikeya Dwivedi <memxor@gmail.com>,
Artem Savkov <asavkov@redhat.com>
Subject: Re: [PATCHv3 bpf-next 7/9] selftests/bpf: Allow to use kfunc from testmod.ko in test_verifier
Date: Tue, 7 Feb 2023 09:34:26 -0600 [thread overview]
Message-ID: <Y+JvgtTQvT7kd9wz@maniforge.lan> (raw)
In-Reply-To: <20230203162336.608323-8-jolsa@kernel.org>
On Fri, Feb 03, 2023 at 05:23:34PM +0100, Jiri Olsa wrote:
> Currently the test_verifier allows test to specify kfunc symbol
> and search for it in the kernel BTF.
>
> Adding the possibility to search for kfunc also in bpf_testmod
> module when it's not found in kernel BTF.
>
> To find bpf_testmod btf we need to get back SYS_ADMIN cap.
This observation and any subsequent discussion is certainly outside the
scope of your patch set, but it feels like a bit of a weird /
inconsistent UX to force users to have SYS_ADMIN cap for loading kfuncs
from modules, but not from vmlinux BTF.
I realize that you need to have SYS_ADMIN cap for BPF_PROG_GET_FD_BY_ID,
BPF_MAP_GET_FD_BY_ID, etc, so the consistency makes sense there, but it
would be nice if we could eventually make the UX consistent for programs
linking against module kfuncs, because I don't really see the difference
in terms of permissions from the user's perspective.
>
> Signed-off-by: Jiri Olsa <jolsa@kernel.org>
LGTM in general -- just left one comment below.
Acked-by: David Vernet <void@manifault.com>
> ---
> tools/testing/selftests/bpf/test_verifier.c | 161 +++++++++++++++++---
> 1 file changed, 139 insertions(+), 22 deletions(-)
>
> diff --git a/tools/testing/selftests/bpf/test_verifier.c b/tools/testing/selftests/bpf/test_verifier.c
> index 14f11f2dfbce..0a570195be37 100644
> --- a/tools/testing/selftests/bpf/test_verifier.c
> +++ b/tools/testing/selftests/bpf/test_verifier.c
> @@ -879,8 +879,140 @@ static int create_map_kptr(void)
> return fd;
> }
>
> +static void set_root(bool set)
> +{
> + __u64 caps;
> +
> + if (set) {
> + if (cap_enable_effective(1ULL << CAP_SYS_ADMIN, &caps))
> + perror("cap_disable_effective(CAP_SYS_ADMIN)");
> + } else {
> + if (cap_disable_effective(1ULL << CAP_SYS_ADMIN, &caps))
> + perror("cap_disable_effective(CAP_SYS_ADMIN)");
> + }
> +}
> +
> +static inline __u64 ptr_to_u64(const void *ptr)
> +{
> + return (__u64) (unsigned long) ptr;
Small nit / suggestion -- IMO this is slightly preferable just to keep
it a bit more in-line with the C-standard:
return (uintptr_t)ptr;
The standard of course doesn't dictate that you can do
ptr -> uintptr_t -> __u64 -> uintptr_t -> ptr, but it at least does dictate that you can do
ptr -> uintptr_t -> ptr, whereas it does not say the same for
ptr -> unsigned long -> ptr
Also, I don't think the 'inline' keyword is necessary. The compiler will
probably figure this out on its own.
> +}
> +
> +static struct btf *btf__load_testmod_btf(struct btf *vmlinux)
Would be nice if some of this code could be shared from libbpf at some
point, but ok, a cleanup for another time.
> +{
> + struct bpf_btf_info info;
> + __u32 len = sizeof(info);
> + struct btf *btf = NULL;
> + char name[64];
> + __u32 id = 0;
> + int err, fd;
> +
> + /* Iterate all loaded BTF objects and find bpf_testmod,
> + * we need SYS_ADMIN cap for that.
> + */
> + set_root(true);
> +
> + while (true) {
> + err = bpf_btf_get_next_id(id, &id);
> + if (err) {
> + if (errno == ENOENT)
> + break;
> + perror("bpf_btf_get_next_id failed");
> + break;
> + }
> +
> + fd = bpf_btf_get_fd_by_id(id);
> + if (fd < 0) {
> + if (errno == ENOENT)
> + continue;
> + perror("bpf_btf_get_fd_by_id failed");
> + break;
> + }
> +
> + memset(&info, 0, sizeof(info));
> + info.name_len = sizeof(name);
> + info.name = ptr_to_u64(name);
> + len = sizeof(info);
> +
> + err = bpf_obj_get_info_by_fd(fd, &info, &len);
> + if (err) {
> + close(fd);
> + perror("bpf_obj_get_info_by_fd failed");
> + break;
> + }
> +
> + if (strcmp("bpf_testmod", name)) {
> + close(fd);
> + continue;
> + }
> +
> + btf = btf__load_from_kernel_by_id_split(id, vmlinux);
> + if (!btf) {
> + close(fd);
> + break;
> + }
> +
> + /* We need the fd to stay open so it can be used in fd_array.
> + * The final cleanup call to btf__free will free btf object
> + * and close the file descriptor.
> + */
> + btf__set_fd(btf, fd);
> + break;
> + }
> +
> + set_root(false);
> + return btf;
> +}
> +
> +static struct btf *testmod_btf;
> +static struct btf *vmlinux_btf;
> +
> +static void kfuncs_cleanup(void)
> +{
> + btf__free(testmod_btf);
> + btf__free(vmlinux_btf);
> +}
> +
> +static void fixup_prog_kfuncs(struct bpf_insn *prog, int *fd_array,
> + struct kfunc_btf_id_pair *fixup_kfunc_btf_id)
> +{
> + /* Patch in kfunc BTF IDs */
> + while (fixup_kfunc_btf_id->kfunc) {
> + int btf_id = 0;
> +
> + /* try to find kfunc in kernel BTF */
> + vmlinux_btf = vmlinux_btf ?: btf__load_vmlinux_btf();
> + if (vmlinux_btf) {
> + btf_id = btf__find_by_name_kind(vmlinux_btf,
> + fixup_kfunc_btf_id->kfunc,
> + BTF_KIND_FUNC);
> + btf_id = btf_id < 0 ? 0 : btf_id;
> + }
> +
> + /* kfunc not found in kernel BTF, try bpf_testmod BTF */
> + if (!btf_id) {
> + testmod_btf = testmod_btf ?: btf__load_testmod_btf(vmlinux_btf);
> + if (testmod_btf) {
> + btf_id = btf__find_by_name_kind(testmod_btf,
> + fixup_kfunc_btf_id->kfunc,
> + BTF_KIND_FUNC);
> + btf_id = btf_id < 0 ? 0 : btf_id;
> + if (btf_id) {
> + /* We put bpf_testmod module fd into fd_array
> + * and its index 1 into instruction 'off'.
> + */
> + *fd_array = btf__fd(testmod_btf);
> + prog[fixup_kfunc_btf_id->insn_idx].off = 1;
> + }
> + }
> + }
> +
> + prog[fixup_kfunc_btf_id->insn_idx].imm = btf_id;
> + fixup_kfunc_btf_id++;
> + }
> +}
> +
> static void do_test_fixup(struct bpf_test *test, enum bpf_prog_type prog_type,
> - struct bpf_insn *prog, int *map_fds)
> + struct bpf_insn *prog, int *map_fds, int *fd_array)
> {
> int *fixup_map_hash_8b = test->fixup_map_hash_8b;
> int *fixup_map_hash_48b = test->fixup_map_hash_48b;
> @@ -905,7 +1037,6 @@ static void do_test_fixup(struct bpf_test *test, enum bpf_prog_type prog_type,
> int *fixup_map_ringbuf = test->fixup_map_ringbuf;
> int *fixup_map_timer = test->fixup_map_timer;
> int *fixup_map_kptr = test->fixup_map_kptr;
> - struct kfunc_btf_id_pair *fixup_kfunc_btf_id = test->fixup_kfunc_btf_id;
>
> if (test->fill_helper) {
> test->fill_insns = calloc(MAX_TEST_INSNS, sizeof(struct bpf_insn));
> @@ -1106,25 +1237,7 @@ static void do_test_fixup(struct bpf_test *test, enum bpf_prog_type prog_type,
> } while (*fixup_map_kptr);
> }
>
> - /* Patch in kfunc BTF IDs */
> - if (fixup_kfunc_btf_id->kfunc) {
> - struct btf *btf;
> - int btf_id;
> -
> - do {
> - btf_id = 0;
> - btf = btf__load_vmlinux_btf();
> - if (btf) {
> - btf_id = btf__find_by_name_kind(btf,
> - fixup_kfunc_btf_id->kfunc,
> - BTF_KIND_FUNC);
> - btf_id = btf_id < 0 ? 0 : btf_id;
> - }
> - btf__free(btf);
> - prog[fixup_kfunc_btf_id->insn_idx].imm = btf_id;
> - fixup_kfunc_btf_id++;
> - } while (fixup_kfunc_btf_id->kfunc);
> - }
> + fixup_prog_kfuncs(prog, fd_array, test->fixup_kfunc_btf_id);
> }
>
> struct libcap {
> @@ -1451,6 +1564,7 @@ static void do_test_single(struct bpf_test *test, bool unpriv,
> int run_errs, run_successes;
> int map_fds[MAX_NR_MAPS];
> const char *expected_err;
> + int fd_array[2] = { -1, -1 };
> int saved_errno;
> int fixup_skips;
> __u32 pflags;
> @@ -1464,7 +1578,7 @@ static void do_test_single(struct bpf_test *test, bool unpriv,
> if (!prog_type)
> prog_type = BPF_PROG_TYPE_SOCKET_FILTER;
> fixup_skips = skips;
> - do_test_fixup(test, prog_type, prog, map_fds);
> + do_test_fixup(test, prog_type, prog, map_fds, &fd_array[1]);
> if (test->fill_insns) {
> prog = test->fill_insns;
> prog_len = test->prog_len;
> @@ -1498,6 +1612,8 @@ static void do_test_single(struct bpf_test *test, bool unpriv,
> else
> opts.log_level = DEFAULT_LIBBPF_LOG_LEVEL;
> opts.prog_flags = pflags;
> + if (fd_array[1] != -1)
> + opts.fd_array = &fd_array[0];
>
> if ((prog_type == BPF_PROG_TYPE_TRACING ||
> prog_type == BPF_PROG_TYPE_LSM) && test->kfunc) {
> @@ -1740,6 +1856,7 @@ static int do_test(bool unpriv, unsigned int from, unsigned int to)
> }
>
> unload_bpf_testmod(verbose);
> + kfuncs_cleanup();
>
> printf("Summary: %d PASSED, %d SKIPPED, %d FAILED\n", passes,
> skips, errors);
> --
> 2.39.1
>
next prev parent reply other threads:[~2023-02-07 15:34 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-03 16:23 [PATCHv3 bpf-next 0/9] bpf: Move kernel test kfuncs into bpf_testmod Jiri Olsa
2023-02-03 16:23 ` [PATCHv3 bpf-next 1/9] selftests/bpf: Move kfunc exports to bpf_testmod/bpf_testmod_kfunc.h Jiri Olsa
2023-02-07 14:28 ` David Vernet
2023-02-09 0:20 ` Andrii Nakryiko
2023-02-09 8:45 ` Jiri Olsa
2023-02-03 16:23 ` [PATCHv3 bpf-next 2/9] selftests/bpf: Move test_progs helpers to testing_helpers object Jiri Olsa
2023-02-07 14:38 ` David Vernet
2023-02-08 9:35 ` Jiri Olsa
2023-02-03 16:23 ` [PATCHv3 bpf-next 3/9] selftests/bpf: Use only stdout in un/load_bpf_testmod functions Jiri Olsa
2023-02-07 14:41 ` David Vernet
2023-02-08 9:44 ` Jiri Olsa
2023-02-03 16:23 ` [PATCHv3 bpf-next 4/9] selftests/bpf: Do not unload bpf_testmod in load_bpf_testmod Jiri Olsa
2023-02-03 16:23 ` [PATCHv3 bpf-next 5/9] selftests/bpf: Use un/load_bpf_testmod functions in tests Jiri Olsa
2023-02-07 14:45 ` David Vernet
2023-02-03 16:23 ` [PATCHv3 bpf-next 6/9] selftests/bpf: Load bpf_testmod for verifier test Jiri Olsa
2023-02-07 14:46 ` David Vernet
2023-02-03 16:23 ` [PATCHv3 bpf-next 7/9] selftests/bpf: Allow to use kfunc from testmod.ko in test_verifier Jiri Olsa
2023-02-07 15:34 ` David Vernet [this message]
2023-02-08 10:09 ` Jiri Olsa
2023-02-03 16:23 ` [PATCHv3 bpf-next 8/9] selftests/bpf: Remove extern from kfuncs declarations Jiri Olsa
2023-02-07 15:35 ` David Vernet
2023-02-03 16:23 ` [PATCHv3 bpf-next 9/9] bpf: Move kernel test kfuncs to bpf_testmod Jiri Olsa
2023-02-04 9:21 ` [PATCHv3 bpf-next 0/9] bpf: Move kernel test kfuncs into bpf_testmod Alexei Starovoitov
2023-02-05 18:17 ` Jiri Olsa
2023-02-05 18:36 ` Ilya Leoshkevich
2023-02-06 9:15 ` Jiri Olsa
2023-02-09 8:47 ` Jiri Olsa
2023-02-09 9:38 ` Ilya Leoshkevich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y+JvgtTQvT7kd9wz@maniforge.lan \
--to=void@manifault.com \
--cc=andrii@kernel.org \
--cc=asavkov@redhat.com \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=haoluo@google.com \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kafai@fb.com \
--cc=kpsingh@chromium.org \
--cc=memxor@gmail.com \
--cc=sdf@google.com \
--cc=songliubraving@fb.com \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox