diff mbox series

[bpf-next,2/2] selftests/bpf: Offloaded prog after non-offloaded should not cause BUG

Message ID 20230912005539.2248244-3-eddyz87@gmail.com (mailing list archive)
State Accepted
Commit e4c31164737e9a00de1be6455e2c667ac5478b3c
Delegated to: BPF
Headers show
Series Avoid dummy bpf_offload_netdev in __bpf_prog_dev_bound_init | expand

Checks

Context Check Description
bpf/vmtest-bpf-next-PR success PR summary
netdev/series_format success Posting correctly formatted
netdev/tree_selection success Clearly marked for bpf-next
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 9 this patch: 9
netdev/cc_maintainers warning 11 maintainers not CCed: linux-kselftest@vger.kernel.org shuah@kernel.org jolsa@kernel.org haoluo@google.com davem@davemloft.net kpsingh@kernel.org john.fastabend@gmail.com netdev@vger.kernel.org hawk@kernel.org mykolal@fb.com song@kernel.org
netdev/build_clang success Errors and warnings before: 9 this patch: 9
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 9 this patch: 9
netdev/checkpatch warning WARNING: Missing a blank line after declarations WARNING: added, moved or deleted file(s), does MAINTAINERS need updating? WARNING: line length of 83 exceeds 80 columns WARNING: line length of 94 exceeds 80 columns
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
bpf/vmtest-bpf-next-VM_Test-8 success Logs for test_maps on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-2 success Logs for build for s390x with gcc
bpf/vmtest-bpf-next-VM_Test-21 success Logs for test_progs_parallel on aarch64 with gcc
bpf/vmtest-bpf-next-VM_Test-6 success Logs for test_maps on aarch64 with gcc
bpf/vmtest-bpf-next-VM_Test-20 success Logs for test_progs_no_alu32_parallel on x86_64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-23 success Logs for test_progs_parallel on x86_64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-27 success Logs for test_verifier on x86_64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-22 success Logs for test_progs_parallel on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-19 success Logs for test_progs_no_alu32_parallel on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-26 success Logs for test_verifier on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-9 success Logs for test_maps on x86_64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-28 success Logs for veristat
bpf/vmtest-bpf-next-VM_Test-24 success Logs for test_verifier on aarch64 with gcc
bpf/vmtest-bpf-next-VM_Test-18 success Logs for test_progs_no_alu32_parallel on aarch64 with gcc
bpf/vmtest-bpf-next-VM_Test-10 fail Logs for test_progs on aarch64 with gcc
bpf/vmtest-bpf-next-VM_Test-12 fail Logs for test_progs on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-13 fail Logs for test_progs on x86_64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-17 fail Logs for test_progs_no_alu32 on x86_64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-14 fail Logs for test_progs_no_alu32 on aarch64 with gcc
bpf/vmtest-bpf-next-VM_Test-16 fail Logs for test_progs_no_alu32 on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-25 success Logs for test_verifier on s390x with gcc
bpf/vmtest-bpf-next-VM_Test-15 fail Logs for test_progs_no_alu32 on s390x with gcc
bpf/vmtest-bpf-next-VM_Test-11 fail Logs for test_progs on s390x with gcc
bpf/vmtest-bpf-next-VM_Test-7 success Logs for test_maps on s390x with gcc
bpf/vmtest-bpf-next-VM_Test-0 success Logs for ShellCheck
bpf/vmtest-bpf-next-VM_Test-5 success Logs for set-matrix
bpf/vmtest-bpf-next-VM_Test-1 success Logs for build for aarch64 with gcc
bpf/vmtest-bpf-next-VM_Test-3 success Logs for build for x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-4 success Logs for build for x86_64 with llvm-16

Commit Message

Eduard Zingerman Sept. 12, 2023, 12:55 a.m. UTC 
Check what happens if non-offloaded dev bound BPF
program is followed by offloaded dev bound program.
Test case adapated from syzbot report [1].

[1] https://lore.kernel.org/bpf/000000000000d97f3c060479c4f8@google.com/

Signed-off-by: Eduard Zingerman <eddyz87@gmail.com>
---
 .../bpf/prog_tests/xdp_dev_bound_only.c       | 58 +++++++++++++++++++
 1 file changed, 58 insertions(+)
 create mode 100644 tools/testing/selftests/bpf/prog_tests/xdp_dev_bound_only.c

Comments

Martin KaFai Lau Sept. 12, 2023, 6:26 a.m. UTC | #1 
On 9/11/23 5:55 PM, Eduard Zingerman wrote:
> Check what happens if non-offloaded dev bound BPF
> program is followed by offloaded dev bound program.
> Test case adapated from syzbot report [1].
> 
> [1] https://lore.kernel.org/bpf/000000000000d97f3c060479c4f8@google.com/
> 
> Signed-off-by: Eduard Zingerman <eddyz87@gmail.com>
> ---
>   .../bpf/prog_tests/xdp_dev_bound_only.c       | 58 +++++++++++++++++++
>   1 file changed, 58 insertions(+)
>   create mode 100644 tools/testing/selftests/bpf/prog_tests/xdp_dev_bound_only.c
> 
> diff --git a/tools/testing/selftests/bpf/prog_tests/xdp_dev_bound_only.c b/tools/testing/selftests/bpf/prog_tests/xdp_dev_bound_only.c
> new file mode 100644
> index 000000000000..5ee4c16d2e21
> --- /dev/null
> +++ b/tools/testing/selftests/bpf/prog_tests/xdp_dev_bound_only.c
> @@ -0,0 +1,58 @@
> +// SPDX-License-Identifier: GPL-2.0
> +#include <net/if.h>
> +#include <test_progs.h>
> +#include <network_helpers.h>
> +
> +#define LOCAL_NETNS "xdp_dev_bound_only_netns"
> +
> +int load_dummy_prog(char *name, __u32 ifindex, __u32 flags)

I added static.

> +{
> +	struct bpf_insn insns[] = { BPF_MOV64_IMM(BPF_REG_0, 0), BPF_EXIT_INSN() };
> +	LIBBPF_OPTS(bpf_prog_load_opts, opts);
> +
> +	opts.prog_flags = flags;
> +	opts.prog_ifindex = ifindex;
> +	return bpf_prog_load(BPF_PROG_TYPE_XDP, name, "GPL", insns, ARRAY_SIZE(insns), &opts);
> +}
> +
> +/* A test case for bpf_offload_netdev->offload handling bug:
> + * - create a veth device (does not support offload);
> + * - create a device bound XDP program with BPF_F_XDP_DEV_BOUND_ONLY flag
> + *   (such programs are not offloaded);
> + * - create a device bound XDP program without flags (such programs are offloaded).
> + * This might lead to 'BUG: kernel NULL pointer dereference'.
> + */
> +void test_xdp_dev_bound_only_offdev(void)
> +{
> +	struct nstoken *tok = NULL;
> +	__u32 ifindex;
> +	int fd1 = -1;
> +	int fd2 = -1;
> +
> +	SYS(out, "ip netns add " LOCAL_NETNS);
> +	tok = open_netns(LOCAL_NETNS);

Also added NULL check for tok.

> +	SYS(out, "ip link add eth42 type veth");
> +	ifindex = if_nametoindex("eth42");
> +	if (!ASSERT_NEQ(ifindex, 0, "if_nametoindex")) {
> +		perror("if_nametoindex");
> +		goto out;
> +	}
> +	fd1 = load_dummy_prog("dummy1", ifindex, BPF_F_XDP_DEV_BOUND_ONLY);
> +	if (!ASSERT_GE(fd1, 0, "load_dummy_prog #1")) {
> +		perror("load_dummy_prog #1");
> +		goto out;
> +	}
> +	/* Program with ifindex is considered offloaded, however veth
> +	 * does not support offload => error should be reported.
> +	 */
> +	fd2 = load_dummy_prog("dummy2", ifindex, 0);
> +	ASSERT_EQ(fd2, -EINVAL, "load_dummy_prog #2 (offloaded)");
> +
> +out:
> +	close(fd1);
> +	close(fd2);
> +	SYS_NOFAIL("ip link delete eth42");
> +	SYS_NOFAIL("ip netns del " LOCAL_NETNS);
> +	if (tok)

close_netns() can handle NULL, so removed this tok check.

Applied. Thanks for the fix and test!

> +		close_netns(tok);
> +}
Eduard Zingerman Sept. 12, 2023, 9:59 a.m. UTC | #2 
On Mon, 2023-09-11 at 23:26 -0700, Martin KaFai Lau wrote:
> On 9/11/23 5:55 PM, Eduard Zingerman wrote:
[...]
> > +int load_dummy_prog(char *name, __u32 ifindex, __u32 flags)
> 
> I added static.
 
[...]
> > +	tok = open_netns(LOCAL_NETNS);
> 
> Also added NULL check for tok.

[...]
> > +	if (tok)
> 
> close_netns() can handle NULL, so removed this tok check.
> 
> Applied. Thanks for the fix and test!

Sorry, I should have noticed these issues before sending.
Thank you for fixing it up.
diff mbox series

Patch

diff --git a/tools/testing/selftests/bpf/prog_tests/xdp_dev_bound_only.c b/tools/testing/selftests/bpf/prog_tests/xdp_dev_bound_only.c
new file mode 100644
index 000000000000..5ee4c16d2e21
--- /dev/null
+++ b/tools/testing/selftests/bpf/prog_tests/xdp_dev_bound_only.c
@@ -0,0 +1,58 @@ 
+// SPDX-License-Identifier: GPL-2.0
+#include <net/if.h>
+#include <test_progs.h>
+#include <network_helpers.h>
+
+#define LOCAL_NETNS "xdp_dev_bound_only_netns"
+
+int load_dummy_prog(char *name, __u32 ifindex, __u32 flags)
+{
+	struct bpf_insn insns[] = { BPF_MOV64_IMM(BPF_REG_0, 0), BPF_EXIT_INSN() };
+	LIBBPF_OPTS(bpf_prog_load_opts, opts);
+
+	opts.prog_flags = flags;
+	opts.prog_ifindex = ifindex;
+	return bpf_prog_load(BPF_PROG_TYPE_XDP, name, "GPL", insns, ARRAY_SIZE(insns), &opts);
+}
+
+/* A test case for bpf_offload_netdev->offload handling bug:
+ * - create a veth device (does not support offload);
+ * - create a device bound XDP program with BPF_F_XDP_DEV_BOUND_ONLY flag
+ *   (such programs are not offloaded);
+ * - create a device bound XDP program without flags (such programs are offloaded).
+ * This might lead to 'BUG: kernel NULL pointer dereference'.
+ */
+void test_xdp_dev_bound_only_offdev(void)
+{
+	struct nstoken *tok = NULL;
+	__u32 ifindex;
+	int fd1 = -1;
+	int fd2 = -1;
+
+	SYS(out, "ip netns add " LOCAL_NETNS);
+	tok = open_netns(LOCAL_NETNS);
+	SYS(out, "ip link add eth42 type veth");
+	ifindex = if_nametoindex("eth42");
+	if (!ASSERT_NEQ(ifindex, 0, "if_nametoindex")) {
+		perror("if_nametoindex");
+		goto out;
+	}
+	fd1 = load_dummy_prog("dummy1", ifindex, BPF_F_XDP_DEV_BOUND_ONLY);
+	if (!ASSERT_GE(fd1, 0, "load_dummy_prog #1")) {
+		perror("load_dummy_prog #1");
+		goto out;
+	}
+	/* Program with ifindex is considered offloaded, however veth
+	 * does not support offload => error should be reported.
+	 */
+	fd2 = load_dummy_prog("dummy2", ifindex, 0);
+	ASSERT_EQ(fd2, -EINVAL, "load_dummy_prog #2 (offloaded)");
+
+out:
+	close(fd1);
+	close(fd2);
+	SYS_NOFAIL("ip link delete eth42");
+	SYS_NOFAIL("ip netns del " LOCAL_NETNS);
+	if (tok)
+		close_netns(tok);
+}