From patchwork Fri May 10 19:02:18 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jordan Rife X-Patchwork-Id: 13661849 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6E53711713 for ; Fri, 10 May 2024 19:02:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715367772; cv=none; b=Dqk1HICd8YW+G6u+tscWdzWlJjEc1fUY9fUeWCXEZ3OyGixvvtAvQ5uyOpSE8tYSfoUESRJpAlwUsbDhTApF+3gihRFK5/Pn/Qym+JG3rpUOxw/m5bbxZn3GdvwoTYBiwrcdxVBh7BNNmbwzG/m5U6guo37Bd9GFukkqR7nUM98= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715367772; c=relaxed/simple; bh=oAq7fpwbbfFZ61Uu45sOtwQXrRsEJ3Y5JqEG9Y1vxoY=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=JKkP2+YLD9ZQBkFBqko9yPpvzcDmVQJaDOQnspv2G3AUdn5QMr1BhO6+LHoKpfHU7FmwmwNli2QqNTvDfG2+yCcupsgvEB/AdiMU7rpSJ0SzmtAAiXSe9/RU4KMt1JcQ6oU7nz3Hv/QYDlnsFLUjmBDSd6uBr/Dw56yIpDHB6sk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--jrife.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=bneyZqAc; arc=none smtp.client-ip=209.85.128.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--jrife.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="bneyZqAc" Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-61bef0accddso47440677b3.0 for ; Fri, 10 May 2024 12:02:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1715367770; x=1715972570; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=iKWeI4M6w/xktAVzpxohBVmT60Oq62Vxb0DU/Gw4TvA=; b=bneyZqAce5MLOURcs1d0U3tU7aDP+X1OI2zT99Et14mmnGTBrglaUBcxVJvbDJNQa7 j91T94LQxMgzTcaaFasQUtJq7sTGQ5zMnndrbxAqcDOQQ6ptFst6roVWwibKuM4E0WKr jR6h/IlUzFgvukdV0UIDFE3D88nmy8L9hJngN2FEgzKqC8JWJr++UCNIQhE8Ld6GM5WQ tH6BWZa1D4B3bbeFyd0xWTQS+xzJI+6NBLxW3HU+66kV0PfmK2ds4U4Rb0yLsCeDUtD+ X5eI0JLfxtmb0HIX7rU2lJmtulVuhAa1nSvq6RBwtVeSgPyRonRsUiisevPUQjoIsxGY z2kQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715367770; x=1715972570; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=iKWeI4M6w/xktAVzpxohBVmT60Oq62Vxb0DU/Gw4TvA=; b=mbCHzjASWDr0Ve5cG0A6MFWHY6VYz9JFQtg5RSSoqE7Bbo8g0W4DhCMczVHDFrj77I y6QbJEbpeNXB3yTs7H97JrtJDOUebUeEujwVb8TO2VV0HrE1lRbOBgYsbq9b/m+kjoru SCamroA3+d9zXnRxOOnMjuUKNiGOx5JsLy3AtRlPZlj8vxGpj86yZ5ZnbK4dBH97ozKB 8yu9C4WyCMxfjH7NLFg/AX5dCJeTScnn4T0UNjt8nhZQgXz2XL9wZTe8VVavDYUa6kDE Zgh0EvXV1qi39gdwQVdZ18KPLis7RE6i1ljUks/gJWmPjuRLKt6y5RG1KroIRcNBxdVA FVYg== X-Gm-Message-State: AOJu0YzLixk1cHgOoKAcpHVtB56+unMtcgs50sOdV6ZawkPfhH8kS491 azvyDUTR7xQM3dr0bErFYasYNBHEI1TLWu6rKMIXCrn4a7ESDttQKsl9znThClGTyrnEtMbZFlX bJ9N+0V7pkptgj13WwFG0Oi4mR/3eK8lw8W58Wq+ZPiZo8XBOg200hwr8lu/dqYb5oQQkxc4w6p nG7y3+NSGKF+C4HX/zxeqBylw= X-Google-Smtp-Source: AGHT+IHA0jb54JeWUPzJsoNGtNdjo+1jDg2GxBwSeEG6DJy1RITQuxnlP0DcCPi19hmVKkJS4y7QRENq4A== X-Received: from jrife.c.googlers.com ([fda3:e722:ac3:cc00:2b:ff92:c0a8:9f]) (user=jrife job=sendgmr) by 2002:a05:690c:b10:b0:61c:89a4:dd5f with SMTP id 00721157ae682-622afcbec26mr9186507b3.0.1715367770380; Fri, 10 May 2024 12:02:50 -0700 (PDT) Date: Fri, 10 May 2024 14:02:18 -0500 In-Reply-To: <20240510190246.3247730-1-jrife@google.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240510190246.3247730-1-jrife@google.com> X-Mailer: git-send-email 2.45.0.118.g7fe29c98d7-goog Message-ID: <20240510190246.3247730-2-jrife@google.com> Subject: [PATCH v1 bpf-next 01/17] selftests/bpf: Migrate recvmsg* return code tests to verifier_sock_addr.c From: Jordan Rife To: bpf@vger.kernel.org Cc: Jordan Rife , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Mykola Lysenko , Shuah Khan , Geliang Tang , Daan De Meyer , Shung-Hsi Yu , linux-kselftest@vger.kernel.org X-Patchwork-Delegate: bpf@iogearbox.net This set of tests check that the BPF verifier rejects programs with invalid return codes (recvmsg4 and recvmsg6 hooks can only return 1). This patch replaces the tests in test_sock_addr.c with verifier_sock_addr.c, a new verifier prog_tests for sockaddr hooks, in a step towards fully retiring test_sock_addr.c. Signed-off-by: Jordan Rife --- .../selftests/bpf/prog_tests/verifier.c | 2 + .../selftests/bpf/progs/verifier_sock_addr.c | 37 ++++++++++ tools/testing/selftests/bpf/test_sock_addr.c | 70 ------------------- 3 files changed, 39 insertions(+), 70 deletions(-) create mode 100644 tools/testing/selftests/bpf/progs/verifier_sock_addr.c diff --git a/tools/testing/selftests/bpf/prog_tests/verifier.c b/tools/testing/selftests/bpf/prog_tests/verifier.c index c4f9f306646ed..c60db8beeb734 100644 --- a/tools/testing/selftests/bpf/prog_tests/verifier.c +++ b/tools/testing/selftests/bpf/prog_tests/verifier.c @@ -66,6 +66,7 @@ #include "verifier_sdiv.skel.h" #include "verifier_search_pruning.skel.h" #include "verifier_sock.skel.h" +#include "verifier_sock_addr.skel.h" #include "verifier_spill_fill.skel.h" #include "verifier_spin_lock.skel.h" #include "verifier_stack_ptr.skel.h" @@ -181,6 +182,7 @@ void test_verifier_scalar_ids(void) { RUN(verifier_scalar_ids); } void test_verifier_sdiv(void) { RUN(verifier_sdiv); } void test_verifier_search_pruning(void) { RUN(verifier_search_pruning); } void test_verifier_sock(void) { RUN(verifier_sock); } +void test_verifier_sock_addr(void) { RUN(verifier_sock_addr); } void test_verifier_spill_fill(void) { RUN(verifier_spill_fill); } void test_verifier_spin_lock(void) { RUN(verifier_spin_lock); } void test_verifier_stack_ptr(void) { RUN(verifier_stack_ptr); } diff --git a/tools/testing/selftests/bpf/progs/verifier_sock_addr.c b/tools/testing/selftests/bpf/progs/verifier_sock_addr.c new file mode 100644 index 0000000000000..5081fa723d3a7 --- /dev/null +++ b/tools/testing/selftests/bpf/progs/verifier_sock_addr.c @@ -0,0 +1,37 @@ +// SPDX-License-Identifier: GPL-2.0 +/* Copyright (c) 2024 Google LLC */ + +#include +#include +#include +#include "bpf_misc.h" + +SEC("cgroup/recvmsg4") +__success +int recvmsg4_good_return_code(struct bpf_sock_addr *ctx) +{ + return 1; +} + +SEC("cgroup/recvmsg4") +__failure __msg("At program exit the register R0 has smin=0 smax=0 should have been in [1, 1]") +int recvmsg4_bad_return_code(struct bpf_sock_addr *ctx) +{ + return 0; +} + +SEC("cgroup/recvmsg6") +__success +int recvmsg6_good_return_code(struct bpf_sock_addr *ctx) +{ + return 1; +} + +SEC("cgroup/recvmsg6") +__failure __msg("At program exit the register R0 has smin=0 smax=0 should have been in [1, 1]") +int recvmsg6_bad_return_code(struct bpf_sock_addr *ctx) +{ + return 0; +} + +char _license[] SEC("license") = "GPL"; diff --git a/tools/testing/selftests/bpf/test_sock_addr.c b/tools/testing/selftests/bpf/test_sock_addr.c index aa2198a0f24dd..40e33167bec20 100644 --- a/tools/testing/selftests/bpf/test_sock_addr.c +++ b/tools/testing/selftests/bpf/test_sock_addr.c @@ -94,8 +94,6 @@ static int connect4_prog_load(const struct sock_addr_test *test); static int connect6_prog_load(const struct sock_addr_test *test); static int sendmsg_allow_prog_load(const struct sock_addr_test *test); static int sendmsg_deny_prog_load(const struct sock_addr_test *test); -static int recvmsg_allow_prog_load(const struct sock_addr_test *test); -static int recvmsg_deny_prog_load(const struct sock_addr_test *test); static int sendmsg4_rw_asm_prog_load(const struct sock_addr_test *test); static int sendmsg6_rw_asm_prog_load(const struct sock_addr_test *test); static int sendmsg6_rw_v4mapped_prog_load(const struct sock_addr_test *test); @@ -373,64 +371,6 @@ static struct sock_addr_test tests[] = { SRC6_REWRITE_IP, SYSCALL_EPERM, }, - - /* recvmsg */ - { - "recvmsg4: return code ok", - recvmsg_allow_prog_load, - BPF_CGROUP_UDP4_RECVMSG, - BPF_CGROUP_UDP4_RECVMSG, - AF_INET, - SOCK_DGRAM, - NULL, - 0, - NULL, - 0, - NULL, - ATTACH_OKAY, - }, - { - "recvmsg4: return code !ok", - recvmsg_deny_prog_load, - BPF_CGROUP_UDP4_RECVMSG, - BPF_CGROUP_UDP4_RECVMSG, - AF_INET, - SOCK_DGRAM, - NULL, - 0, - NULL, - 0, - NULL, - LOAD_REJECT, - }, - { - "recvmsg6: return code ok", - recvmsg_allow_prog_load, - BPF_CGROUP_UDP6_RECVMSG, - BPF_CGROUP_UDP6_RECVMSG, - AF_INET6, - SOCK_DGRAM, - NULL, - 0, - NULL, - 0, - NULL, - ATTACH_OKAY, - }, - { - "recvmsg6: return code !ok", - recvmsg_deny_prog_load, - BPF_CGROUP_UDP6_RECVMSG, - BPF_CGROUP_UDP6_RECVMSG, - AF_INET6, - SOCK_DGRAM, - NULL, - 0, - NULL, - 0, - NULL, - LOAD_REJECT, - }, }; static int load_insns(const struct sock_addr_test *test, @@ -527,16 +467,6 @@ static int sendmsg_deny_prog_load(const struct sock_addr_test *test) return xmsg_ret_only_prog_load(test, /*rc*/ 0); } -static int recvmsg_allow_prog_load(const struct sock_addr_test *test) -{ - return xmsg_ret_only_prog_load(test, /*rc*/ 1); -} - -static int recvmsg_deny_prog_load(const struct sock_addr_test *test) -{ - return xmsg_ret_only_prog_load(test, /*rc*/ 0); -} - static int sendmsg4_rw_asm_prog_load(const struct sock_addr_test *test) { struct sockaddr_in dst4_rw_addr; From patchwork Fri May 10 19:02:19 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jordan Rife X-Patchwork-Id: 13661850 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3D8B81A2C3A for ; Fri, 10 May 2024 19:02:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715367774; cv=none; b=hHJbKFanLwqKOVeT2c1qQSDyEh9mihoGqrjvEFlTBTi3dvIsKX35u/kBf18Msyvpq6fc9sZ27s/DBg0uSQVHNOdXu2LrQdYG0Hb0Oj3yaNFooFpcqnwxckoICuPvGIQxDINGNY3EmMDtj+OgsII9IwnlESxvgi0iKn3pAAp2vjk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715367774; c=relaxed/simple; bh=CPTzIBpBUMDgBprW3FRQVaROSgqLJTrjamWR+lIU0sk=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=QUgkgMPrb4REQMEkWJqFvEafYFc6TYgFrKiQQlGOFMzUmUJvv8R63HO78hnpHFJrFd2jWSMSe1u5IM9HSAe5hKfrooK89kGPFFBTZ6nv1f0PqL5Go48TDG14TjmE7N4cctPybe6/pCdeeMwnrvZDE/pAHFd/ewCS/HsCleg0sVE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--jrife.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=xN4OQJyp; arc=none smtp.client-ip=209.85.128.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--jrife.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="xN4OQJyp" Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-61be23bb01aso45742107b3.2 for ; Fri, 10 May 2024 12:02:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1715367772; x=1715972572; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=FoKZu7FZgzkdLv629hKI87WkJfhZQjotIWuGv5B/Cm8=; b=xN4OQJypMIExhTlAPVeAtmPCre2oK1uMnBVNDALS+Vir2sjFJTwHL2eANSl0gOtePU wgwr4HQDu+H4tb/4lzuWXDBpBATOHg/pku727yK63VMC1AJWO3wV1R4wd5JyOrwCY+jv LB2gnpstIQc5ataNHm6+0vWEAY5B0FfpZKWSXZlPZMk0MczcH6twvxT9lJXAOSnixFJt b5oGKB5EoPZgtiosifiPOK97P6/fElAsGs0PIW8c0nYHuOM60jglMBwkoGsCBw4D4kv2 G5d5QgGMvaD0US2Xj6m+p6/piUdX1XE+JOalGOu7l2QbRl+6ZjJaLeFY6QQJDmo+nstO pGvQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715367772; x=1715972572; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=FoKZu7FZgzkdLv629hKI87WkJfhZQjotIWuGv5B/Cm8=; b=kwA+07lJnvOJGMF3dI/RXd0j/wbS58LIO9cs+DVAZQRECT6c0FJzdOslsR7/3pYo4z aNwy81dYOoKGPhfgta5mbPs206qwjjSmIHz2veHzBr0PZyMECUoXRIeWwcpLl2PhHs1x Z4PDTE9f9bH/vEsW4gpLB6ofMAP66wmeWR8EUhCC/uldS2CrwUj9cN6W/4p0x+6wkq+M zlYBGUiRjXcXoHsJy3CJJkmsnJG1r4PM7Mf2pgKdD6VNfb9eEK7XAaXP9ah+IJ5sGPTi fuFbLFD8eogeTMuUGLq6Tkiwb8ISNO1mNqIgiL6Uazh1hPlrZGmyWZ64gj/awRyRY13/ /5iw== X-Gm-Message-State: AOJu0Yz78TDByEJr6R/fBfoF2qqU3CP88zkWeavSKYMekeRbCbCvu0/O afOLEXymyMftYa8Bz7HQ39FlsTk6PFfPrcbyGIFh3iOHqPS2muHogGPQxlaYUUTfUtWgb5CEZJK ekP3AcmtVkT0CldBAxmfS9cuGUxdscDL4URCmqrR82yfqVfgkB1i0dHhyPu+CSDmbB+PrTr61As lSoRUXF6OSL1PnpzAdxuhjpEo= X-Google-Smtp-Source: AGHT+IEzqsv0+Z1rtmghpikg5OpL+lKefbf5yyB9MFM/+SQZBhusfveAkbNpX69yPBPhna6O96DHKJxyVw== X-Received: from jrife.c.googlers.com ([fda3:e722:ac3:cc00:2b:ff92:c0a8:9f]) (user=jrife job=sendgmr) by 2002:a05:690c:338c:b0:61b:ea08:111f with SMTP id 00721157ae682-622aff9d4cdmr8889747b3.6.1715367772166; Fri, 10 May 2024 12:02:52 -0700 (PDT) Date: Fri, 10 May 2024 14:02:19 -0500 In-Reply-To: <20240510190246.3247730-1-jrife@google.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240510190246.3247730-1-jrife@google.com> X-Mailer: git-send-email 2.45.0.118.g7fe29c98d7-goog Message-ID: <20240510190246.3247730-3-jrife@google.com> Subject: [PATCH v1 bpf-next 02/17] selftests/bpf: Use program name for skel load/destroy functions From: Jordan Rife To: bpf@vger.kernel.org Cc: Jordan Rife , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Mykola Lysenko , Shuah Khan , Geliang Tang , Daan De Meyer , Shung-Hsi Yu , linux-kselftest@vger.kernel.org X-Patchwork-Delegate: bpf@iogearbox.net In preparation to migrate tests from bpf/test_sock_addr.c to sock_addr.c, update BPF_SKEL_FUNCS so that it generates functions based on prog_name instead of skel_name. This allows us to differentiate between programs in the same skeleton. Signed-off-by: Jordan Rife --- .../selftests/bpf/prog_tests/sock_addr.c | 96 ++++++++++--------- 1 file changed, 50 insertions(+), 46 deletions(-) diff --git a/tools/testing/selftests/bpf/prog_tests/sock_addr.c b/tools/testing/selftests/bpf/prog_tests/sock_addr.c index 9c709c33f8899..039c3e38e1bc2 100644 --- a/tools/testing/selftests/bpf/prog_tests/sock_addr.c +++ b/tools/testing/selftests/bpf/prog_tests/sock_addr.c @@ -357,7 +357,7 @@ struct sock_addr_test { }; #define BPF_SKEL_FUNCS(skel_name, prog_name) \ -static void *skel_name##_load(int cgroup_fd) \ +static void *prog_name##_load(int cgroup_fd) \ { \ struct skel_name *skel; \ skel = skel_name##__open_and_load(); \ @@ -372,7 +372,7 @@ cleanup: \ skel_name##__destroy(skel); \ return NULL; \ } \ -static void skel_name##_destroy(void *skel) \ +static void prog_name##_destroy(void *skel) \ { \ skel_name##__destroy(skel); \ } @@ -396,8 +396,8 @@ static struct sock_addr_test tests[] = { { SOCK_ADDR_TEST_BIND, "bind4: bind (stream)", - bind4_prog_load, - bind4_prog_destroy, + bind_v4_prog_load, + bind_v4_prog_destroy, &user_ops, AF_INET, SOCK_STREAM, @@ -405,12 +405,13 @@ static struct sock_addr_test tests[] = { SERV4_PORT, SERV4_REWRITE_IP, SERV4_REWRITE_PORT, + NULL, }, { SOCK_ADDR_TEST_BIND, "bind4: bind (dgram)", - bind4_prog_load, - bind4_prog_destroy, + bind_v4_prog_load, + bind_v4_prog_destroy, &user_ops, AF_INET, SOCK_DGRAM, @@ -418,12 +419,13 @@ static struct sock_addr_test tests[] = { SERV4_PORT, SERV4_REWRITE_IP, SERV4_REWRITE_PORT, + NULL, }, { SOCK_ADDR_TEST_BIND, "bind6: bind (stream)", - bind6_prog_load, - bind6_prog_destroy, + bind_v6_prog_load, + bind_v6_prog_destroy, &user_ops, AF_INET6, SOCK_STREAM, @@ -431,12 +433,13 @@ static struct sock_addr_test tests[] = { SERV6_PORT, SERV6_REWRITE_IP, SERV6_REWRITE_PORT, + NULL, }, { SOCK_ADDR_TEST_BIND, "bind6: bind (dgram)", - bind6_prog_load, - bind6_prog_destroy, + bind_v6_prog_load, + bind_v6_prog_destroy, &user_ops, AF_INET6, SOCK_DGRAM, @@ -444,14 +447,15 @@ static struct sock_addr_test tests[] = { SERV6_PORT, SERV6_REWRITE_IP, SERV6_REWRITE_PORT, + NULL, }, /* bind - kernel calls */ { SOCK_ADDR_TEST_BIND, "bind4: kernel_bind (stream)", - bind4_prog_load, - bind4_prog_destroy, + bind_v4_prog_load, + bind_v4_prog_destroy, &kern_ops_sock_sendmsg, AF_INET, SOCK_STREAM, @@ -463,8 +467,8 @@ static struct sock_addr_test tests[] = { { SOCK_ADDR_TEST_BIND, "bind4: kernel_bind (dgram)", - bind4_prog_load, - bind4_prog_destroy, + bind_v4_prog_load, + bind_v4_prog_destroy, &kern_ops_sock_sendmsg, AF_INET, SOCK_DGRAM, @@ -476,8 +480,8 @@ static struct sock_addr_test tests[] = { { SOCK_ADDR_TEST_BIND, "bind6: kernel_bind (stream)", - bind6_prog_load, - bind6_prog_destroy, + bind_v6_prog_load, + bind_v6_prog_destroy, &kern_ops_sock_sendmsg, AF_INET6, SOCK_STREAM, @@ -489,8 +493,8 @@ static struct sock_addr_test tests[] = { { SOCK_ADDR_TEST_BIND, "bind6: kernel_bind (dgram)", - bind6_prog_load, - bind6_prog_destroy, + bind_v6_prog_load, + bind_v6_prog_destroy, &kern_ops_sock_sendmsg, AF_INET6, SOCK_DGRAM, @@ -504,8 +508,8 @@ static struct sock_addr_test tests[] = { { SOCK_ADDR_TEST_CONNECT, "connect4: connect (stream)", - connect4_prog_load, - connect4_prog_destroy, + connect_v4_prog_load, + connect_v4_prog_destroy, &user_ops, AF_INET, SOCK_STREAM, @@ -518,8 +522,8 @@ static struct sock_addr_test tests[] = { { SOCK_ADDR_TEST_CONNECT, "connect4: connect (dgram)", - connect4_prog_load, - connect4_prog_destroy, + connect_v4_prog_load, + connect_v4_prog_destroy, &user_ops, AF_INET, SOCK_DGRAM, @@ -532,8 +536,8 @@ static struct sock_addr_test tests[] = { { SOCK_ADDR_TEST_CONNECT, "connect6: connect (stream)", - connect6_prog_load, - connect6_prog_destroy, + connect_v6_prog_load, + connect_v6_prog_destroy, &user_ops, AF_INET6, SOCK_STREAM, @@ -546,8 +550,8 @@ static struct sock_addr_test tests[] = { { SOCK_ADDR_TEST_CONNECT, "connect6: connect (dgram)", - connect6_prog_load, - connect6_prog_destroy, + connect_v6_prog_load, + connect_v6_prog_destroy, &user_ops, AF_INET6, SOCK_DGRAM, @@ -576,8 +580,8 @@ static struct sock_addr_test tests[] = { { SOCK_ADDR_TEST_CONNECT, "connect4: kernel_connect (stream)", - connect4_prog_load, - connect4_prog_destroy, + connect_v4_prog_load, + connect_v4_prog_destroy, &kern_ops_sock_sendmsg, AF_INET, SOCK_STREAM, @@ -590,8 +594,8 @@ static struct sock_addr_test tests[] = { { SOCK_ADDR_TEST_CONNECT, "connect4: kernel_connect (dgram)", - connect4_prog_load, - connect4_prog_destroy, + connect_v4_prog_load, + connect_v4_prog_destroy, &kern_ops_sock_sendmsg, AF_INET, SOCK_DGRAM, @@ -604,8 +608,8 @@ static struct sock_addr_test tests[] = { { SOCK_ADDR_TEST_CONNECT, "connect6: kernel_connect (stream)", - connect6_prog_load, - connect6_prog_destroy, + connect_v6_prog_load, + connect_v6_prog_destroy, &kern_ops_sock_sendmsg, AF_INET6, SOCK_STREAM, @@ -618,8 +622,8 @@ static struct sock_addr_test tests[] = { { SOCK_ADDR_TEST_CONNECT, "connect6: kernel_connect (dgram)", - connect6_prog_load, - connect6_prog_destroy, + connect_v6_prog_load, + connect_v6_prog_destroy, &kern_ops_sock_sendmsg, AF_INET6, SOCK_DGRAM, @@ -648,8 +652,8 @@ static struct sock_addr_test tests[] = { { SOCK_ADDR_TEST_SENDMSG, "sendmsg4: sendmsg (dgram)", - sendmsg4_prog_load, - sendmsg4_prog_destroy, + sendmsg_v4_prog_load, + sendmsg_v4_prog_destroy, &user_ops, AF_INET, SOCK_DGRAM, @@ -662,8 +666,8 @@ static struct sock_addr_test tests[] = { { SOCK_ADDR_TEST_SENDMSG, "sendmsg6: sendmsg (dgram)", - sendmsg6_prog_load, - sendmsg6_prog_destroy, + sendmsg_v6_prog_load, + sendmsg_v6_prog_destroy, &user_ops, AF_INET6, SOCK_DGRAM, @@ -692,8 +696,8 @@ static struct sock_addr_test tests[] = { { SOCK_ADDR_TEST_SENDMSG, "sendmsg4: sock_sendmsg (dgram)", - sendmsg4_prog_load, - sendmsg4_prog_destroy, + sendmsg_v4_prog_load, + sendmsg_v4_prog_destroy, &kern_ops_sock_sendmsg, AF_INET, SOCK_DGRAM, @@ -706,8 +710,8 @@ static struct sock_addr_test tests[] = { { SOCK_ADDR_TEST_SENDMSG, "sendmsg6: sock_sendmsg (dgram)", - sendmsg6_prog_load, - sendmsg6_prog_destroy, + sendmsg_v6_prog_load, + sendmsg_v6_prog_destroy, &kern_ops_sock_sendmsg, AF_INET6, SOCK_DGRAM, @@ -736,8 +740,8 @@ static struct sock_addr_test tests[] = { { SOCK_ADDR_TEST_SENDMSG, "sendmsg4: kernel_sendmsg (dgram)", - sendmsg4_prog_load, - sendmsg4_prog_destroy, + sendmsg_v4_prog_load, + sendmsg_v4_prog_destroy, &kern_ops_kernel_sendmsg, AF_INET, SOCK_DGRAM, @@ -750,8 +754,8 @@ static struct sock_addr_test tests[] = { { SOCK_ADDR_TEST_SENDMSG, "sendmsg6: kernel_sendmsg (dgram)", - sendmsg6_prog_load, - sendmsg6_prog_destroy, + sendmsg_v6_prog_load, + sendmsg_v6_prog_destroy, &kern_ops_kernel_sendmsg, AF_INET6, SOCK_DGRAM, From patchwork Fri May 10 19:02:20 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jordan Rife X-Patchwork-Id: 13661851 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-io1-f73.google.com (mail-io1-f73.google.com [209.85.166.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7698244C77 for ; Fri, 10 May 2024 19:02:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.166.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715367777; cv=none; b=VC2R13/YxPJRahNsFVi67vLKyi0WrJCVmo6elu9bIZYbOD6WSoZkOza2OuXxu2RLqp7YzjvhkV4CYrkPg6r9/70YXnBRA9iZpubjYb0nY+N9iSIv/uspLSHlH1kNbJfgjml2OjZRNlMBU6H0Dsm5OP2s9btwir8JtI70k1jsMO4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715367777; c=relaxed/simple; bh=umwDCHMxWe2VleAcb0MR/ATgCNVJNqxCKDau+vAM1iI=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=qZCeeTzc99QH/fJIZquh9AlPZVSCUyVDszF/Sto/NCwbKEElzXVN99/dJkb0mX/DCiuWkM8UfPHm2mm4GIXf1L8ECDmYVpANWkQGLXnVfh2TBoVY86DakZ/8acScsm+Z+BUHiXtpR+QsJupoLY3GYUvuz8lZhbULY1qHR9ds5FI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--jrife.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Ciyo5hbO; arc=none smtp.client-ip=209.85.166.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--jrife.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Ciyo5hbO" Received: by mail-io1-f73.google.com with SMTP id ca18e2360f4ac-7dece1fa472so212909739f.0 for ; Fri, 10 May 2024 12:02:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1715367774; x=1715972574; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=sHSfeVpMvwODzNEwypI4cGwPjJUiYaJQzLUjzCAkNHo=; b=Ciyo5hbOBe+dDCIf7I2IyGBtUiYAf8jEsBQRX5iYkIRkdbTiyzxbZNWXKcVcj0DRQ4 +UbxmaBW+y8QKy1qQr3tQANDCuhryKu5CovbO8MzrSvvEcCgzXhxxocjiraFkReu6cHz NYSBBpRhIEauCFGZiJSn4LeDvjxc78So3jM0E2UTyKJH0mJgQ/uOvTMaJ/DmNhnWcnpx j49eLrs1q0E9pE+LIHBWrKoyElsTsEzilbvbBDcgtBDXSJkXewO5AoavPy/Dl+yXVcIT MBW9Qa/v34lr4z3dbw70MHlvM9ksXIKiPnM6OkJgRO8HFSM+mnX23C5/j/6rTVil2FOW lVWw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715367774; x=1715972574; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=sHSfeVpMvwODzNEwypI4cGwPjJUiYaJQzLUjzCAkNHo=; b=JQ8TlCan6+hU6BvEhs3YsGoVIOdPJ83Xalo22Jk7Yulf0lZmdCiaqktzGOB2/jOqcZ PFq/jkOQ1OYSM20GvnX9v5J/NHro29b+MoDS7WUpTdYxdGQjn97W6ehIqNs3CoUPcxSR T403vn1+du4JDICDAR1bZakAPJchM9y2V6b9ogbXxZLY3riMqS6Q6g4HFJSPCJkBXB7p nzJJyj2YahHI1NGbIx/3+lT032b3uINAZcFnfSvuMGqJDKFqB4SiHtGg9lP7n7BN00tJ pGyVRiUa6fvgG9yYoatbtzKwOWXv3MpAa7tDSWIfKka9oLhafbldOlyZUdLfApcPoOzW N8zg== X-Gm-Message-State: AOJu0YwJNSWCtvDywitIzM5cbMD6A1t7C3zpGdOtoRFmgleP8gMsRY0T trEFNuD1l/6Y2jvphhwtpJvT10EKoru/0zG6UIT16z6q0QjtU7F+BQxiTKe+0HT6+k9r7rSgRwA dcPby2BxAYLb1O26tiZR55YH8PUQ8MKiRbsoIDCQ5d2QQMF7h8aD6IG0NVW5bm5pZdyeuSV1zoc qPSzfsFuiPOEAkgEG9oCe8Wg4= X-Google-Smtp-Source: AGHT+IFOCD3TK76hgg1j2I7tXKXE7izW2vzfDFqxJjwb3/5fLciGU/CDmRC/k8ISZGXSusfSzdRRFO4Jkg== X-Received: from jrife.c.googlers.com ([fda3:e722:ac3:cc00:2b:ff92:c0a8:9f]) (user=jrife job=sendgmr) by 2002:a05:6638:8625:b0:488:d668:d201 with SMTP id 8926c6da1cb9f-4895856f59emr201108173.1.1715367773669; Fri, 10 May 2024 12:02:53 -0700 (PDT) Date: Fri, 10 May 2024 14:02:20 -0500 In-Reply-To: <20240510190246.3247730-1-jrife@google.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240510190246.3247730-1-jrife@google.com> X-Mailer: git-send-email 2.45.0.118.g7fe29c98d7-goog Message-ID: <20240510190246.3247730-4-jrife@google.com> Subject: [PATCH v1 bpf-next 03/17] selftests/bpf: Handle LOAD_REJECT test cases From: Jordan Rife To: bpf@vger.kernel.org Cc: Jordan Rife , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Mykola Lysenko , Shuah Khan , Geliang Tang , Daan De Meyer , Shung-Hsi Yu , linux-kselftest@vger.kernel.org X-Patchwork-Delegate: bpf@iogearbox.net In preparation to move test cases from bpf/test_sock_addr.c that expect LOAD_REJECT, this patch adds expected_attach_type and extends load_fn to accept an expected attach type and a flag indicating whether or not rejection is expected. Signed-off-by: Jordan Rife --- .../selftests/bpf/prog_tests/sock_addr.c | 103 +++++++++++++++++- 1 file changed, 98 insertions(+), 5 deletions(-) diff --git a/tools/testing/selftests/bpf/prog_tests/sock_addr.c b/tools/testing/selftests/bpf/prog_tests/sock_addr.c index 039c3e38e1bc2..3033641fd7567 100644 --- a/tools/testing/selftests/bpf/prog_tests/sock_addr.c +++ b/tools/testing/selftests/bpf/prog_tests/sock_addr.c @@ -52,7 +52,9 @@ enum sock_addr_test_type { SOCK_ADDR_TEST_GETPEERNAME, }; -typedef void *(*load_fn)(int cgroup_fd); +typedef void *(*load_fn)(int cgroup_fd, + enum bpf_attach_type attach_type, + bool expect_reject); typedef void (*destroy_fn)(void *skel); static int cmp_addr(const struct sockaddr_storage *addr1, socklen_t addr1_len, @@ -343,6 +345,7 @@ struct sock_addr_test { /* BPF prog properties */ load_fn loadfn; destroy_fn destroyfn; + enum bpf_attach_type attach_type; /* Socket operations */ struct sock_ops *ops; /* Socket properties */ @@ -354,15 +357,34 @@ struct sock_addr_test { const char *expected_addr; unsigned short expected_port; const char *expected_src_addr; + /* Expected test result */ + enum { + LOAD_REJECT, + ATTACH_REJECT, + SYSCALL_EPERM, + SYSCALL_ENOTSUPP, + SUCCESS, + } expected_result; }; #define BPF_SKEL_FUNCS(skel_name, prog_name) \ -static void *prog_name##_load(int cgroup_fd) \ +static void *prog_name##_load(int cgroup_fd, \ + enum bpf_attach_type attach_type, \ + bool expect_reject) \ { \ - struct skel_name *skel; \ - skel = skel_name##__open_and_load(); \ + struct skel_name *skel = skel_name##__open(); \ if (!ASSERT_OK_PTR(skel, "skel_open")) \ goto cleanup; \ + if (!ASSERT_OK(bpf_program__set_expected_attach_type(skel->progs.prog_name, \ + attach_type), \ + "set_expected_attach_type")) \ + goto cleanup; \ + if (skel_name##__load(skel)) { \ + ASSERT_TRUE(expect_reject, "unexpected rejection"); \ + goto cleanup; \ + } \ + if (!ASSERT_FALSE(expect_reject, "expected rejection")) \ + goto cleanup; \ skel->links.prog_name = bpf_program__attach_cgroup( \ skel->progs.prog_name, cgroup_fd); \ if (!ASSERT_OK_PTR(skel->links.prog_name, "prog_attach")) \ @@ -398,6 +420,7 @@ static struct sock_addr_test tests[] = { "bind4: bind (stream)", bind_v4_prog_load, bind_v4_prog_destroy, + BPF_CGROUP_INET4_BIND, &user_ops, AF_INET, SOCK_STREAM, @@ -406,12 +429,14 @@ static struct sock_addr_test tests[] = { SERV4_REWRITE_IP, SERV4_REWRITE_PORT, NULL, + SUCCESS, }, { SOCK_ADDR_TEST_BIND, "bind4: bind (dgram)", bind_v4_prog_load, bind_v4_prog_destroy, + BPF_CGROUP_INET4_BIND, &user_ops, AF_INET, SOCK_DGRAM, @@ -420,12 +445,14 @@ static struct sock_addr_test tests[] = { SERV4_REWRITE_IP, SERV4_REWRITE_PORT, NULL, + SUCCESS, }, { SOCK_ADDR_TEST_BIND, "bind6: bind (stream)", bind_v6_prog_load, bind_v6_prog_destroy, + BPF_CGROUP_INET6_BIND, &user_ops, AF_INET6, SOCK_STREAM, @@ -434,12 +461,14 @@ static struct sock_addr_test tests[] = { SERV6_REWRITE_IP, SERV6_REWRITE_PORT, NULL, + SUCCESS, }, { SOCK_ADDR_TEST_BIND, "bind6: bind (dgram)", bind_v6_prog_load, bind_v6_prog_destroy, + BPF_CGROUP_INET6_BIND, &user_ops, AF_INET6, SOCK_DGRAM, @@ -448,6 +477,7 @@ static struct sock_addr_test tests[] = { SERV6_REWRITE_IP, SERV6_REWRITE_PORT, NULL, + SUCCESS, }, /* bind - kernel calls */ @@ -456,6 +486,7 @@ static struct sock_addr_test tests[] = { "bind4: kernel_bind (stream)", bind_v4_prog_load, bind_v4_prog_destroy, + BPF_CGROUP_INET4_BIND, &kern_ops_sock_sendmsg, AF_INET, SOCK_STREAM, @@ -463,12 +494,15 @@ static struct sock_addr_test tests[] = { SERV4_PORT, SERV4_REWRITE_IP, SERV4_REWRITE_PORT, + NULL, + SUCCESS, }, { SOCK_ADDR_TEST_BIND, "bind4: kernel_bind (dgram)", bind_v4_prog_load, bind_v4_prog_destroy, + BPF_CGROUP_INET4_BIND, &kern_ops_sock_sendmsg, AF_INET, SOCK_DGRAM, @@ -476,12 +510,15 @@ static struct sock_addr_test tests[] = { SERV4_PORT, SERV4_REWRITE_IP, SERV4_REWRITE_PORT, + NULL, + SUCCESS, }, { SOCK_ADDR_TEST_BIND, "bind6: kernel_bind (stream)", bind_v6_prog_load, bind_v6_prog_destroy, + BPF_CGROUP_INET6_BIND, &kern_ops_sock_sendmsg, AF_INET6, SOCK_STREAM, @@ -489,12 +526,15 @@ static struct sock_addr_test tests[] = { SERV6_PORT, SERV6_REWRITE_IP, SERV6_REWRITE_PORT, + NULL, + SUCCESS, }, { SOCK_ADDR_TEST_BIND, "bind6: kernel_bind (dgram)", bind_v6_prog_load, bind_v6_prog_destroy, + BPF_CGROUP_INET6_BIND, &kern_ops_sock_sendmsg, AF_INET6, SOCK_DGRAM, @@ -502,6 +542,8 @@ static struct sock_addr_test tests[] = { SERV6_PORT, SERV6_REWRITE_IP, SERV6_REWRITE_PORT, + NULL, + SUCCESS, }, /* connect - system calls */ @@ -510,6 +552,7 @@ static struct sock_addr_test tests[] = { "connect4: connect (stream)", connect_v4_prog_load, connect_v4_prog_destroy, + BPF_CGROUP_INET4_CONNECT, &user_ops, AF_INET, SOCK_STREAM, @@ -518,12 +561,14 @@ static struct sock_addr_test tests[] = { SERV4_REWRITE_IP, SERV4_REWRITE_PORT, SRC4_REWRITE_IP, + SUCCESS, }, { SOCK_ADDR_TEST_CONNECT, "connect4: connect (dgram)", connect_v4_prog_load, connect_v4_prog_destroy, + BPF_CGROUP_INET4_CONNECT, &user_ops, AF_INET, SOCK_DGRAM, @@ -532,12 +577,14 @@ static struct sock_addr_test tests[] = { SERV4_REWRITE_IP, SERV4_REWRITE_PORT, SRC4_REWRITE_IP, + SUCCESS, }, { SOCK_ADDR_TEST_CONNECT, "connect6: connect (stream)", connect_v6_prog_load, connect_v6_prog_destroy, + BPF_CGROUP_INET6_CONNECT, &user_ops, AF_INET6, SOCK_STREAM, @@ -546,12 +593,14 @@ static struct sock_addr_test tests[] = { SERV6_REWRITE_IP, SERV6_REWRITE_PORT, SRC6_REWRITE_IP, + SUCCESS, }, { SOCK_ADDR_TEST_CONNECT, "connect6: connect (dgram)", connect_v6_prog_load, connect_v6_prog_destroy, + BPF_CGROUP_INET6_CONNECT, &user_ops, AF_INET6, SOCK_DGRAM, @@ -560,12 +609,14 @@ static struct sock_addr_test tests[] = { SERV6_REWRITE_IP, SERV6_REWRITE_PORT, SRC6_REWRITE_IP, + SUCCESS, }, { SOCK_ADDR_TEST_CONNECT, "connect_unix: connect (stream)", connect_unix_prog_load, connect_unix_prog_destroy, + BPF_CGROUP_UNIX_CONNECT, &user_ops, AF_UNIX, SOCK_STREAM, @@ -574,6 +625,7 @@ static struct sock_addr_test tests[] = { SERVUN_REWRITE_ADDRESS, 0, NULL, + SUCCESS, }, /* connect - kernel calls */ @@ -582,6 +634,7 @@ static struct sock_addr_test tests[] = { "connect4: kernel_connect (stream)", connect_v4_prog_load, connect_v4_prog_destroy, + BPF_CGROUP_INET4_CONNECT, &kern_ops_sock_sendmsg, AF_INET, SOCK_STREAM, @@ -590,12 +643,14 @@ static struct sock_addr_test tests[] = { SERV4_REWRITE_IP, SERV4_REWRITE_PORT, SRC4_REWRITE_IP, + SUCCESS, }, { SOCK_ADDR_TEST_CONNECT, "connect4: kernel_connect (dgram)", connect_v4_prog_load, connect_v4_prog_destroy, + BPF_CGROUP_INET4_CONNECT, &kern_ops_sock_sendmsg, AF_INET, SOCK_DGRAM, @@ -604,12 +659,14 @@ static struct sock_addr_test tests[] = { SERV4_REWRITE_IP, SERV4_REWRITE_PORT, SRC4_REWRITE_IP, + SUCCESS, }, { SOCK_ADDR_TEST_CONNECT, "connect6: kernel_connect (stream)", connect_v6_prog_load, connect_v6_prog_destroy, + BPF_CGROUP_INET6_CONNECT, &kern_ops_sock_sendmsg, AF_INET6, SOCK_STREAM, @@ -618,12 +675,14 @@ static struct sock_addr_test tests[] = { SERV6_REWRITE_IP, SERV6_REWRITE_PORT, SRC6_REWRITE_IP, + SUCCESS, }, { SOCK_ADDR_TEST_CONNECT, "connect6: kernel_connect (dgram)", connect_v6_prog_load, connect_v6_prog_destroy, + BPF_CGROUP_INET6_CONNECT, &kern_ops_sock_sendmsg, AF_INET6, SOCK_DGRAM, @@ -632,12 +691,14 @@ static struct sock_addr_test tests[] = { SERV6_REWRITE_IP, SERV6_REWRITE_PORT, SRC6_REWRITE_IP, + SUCCESS, }, { SOCK_ADDR_TEST_CONNECT, "connect_unix: kernel_connect (dgram)", connect_unix_prog_load, connect_unix_prog_destroy, + BPF_CGROUP_UNIX_CONNECT, &kern_ops_sock_sendmsg, AF_UNIX, SOCK_STREAM, @@ -646,6 +707,7 @@ static struct sock_addr_test tests[] = { SERVUN_REWRITE_ADDRESS, 0, NULL, + SUCCESS, }, /* sendmsg - system calls */ @@ -654,6 +716,7 @@ static struct sock_addr_test tests[] = { "sendmsg4: sendmsg (dgram)", sendmsg_v4_prog_load, sendmsg_v4_prog_destroy, + BPF_CGROUP_UDP4_SENDMSG, &user_ops, AF_INET, SOCK_DGRAM, @@ -662,12 +725,14 @@ static struct sock_addr_test tests[] = { SERV4_REWRITE_IP, SERV4_REWRITE_PORT, SRC4_REWRITE_IP, + SUCCESS, }, { SOCK_ADDR_TEST_SENDMSG, "sendmsg6: sendmsg (dgram)", sendmsg_v6_prog_load, sendmsg_v6_prog_destroy, + BPF_CGROUP_UDP6_SENDMSG, &user_ops, AF_INET6, SOCK_DGRAM, @@ -676,12 +741,14 @@ static struct sock_addr_test tests[] = { SERV6_REWRITE_IP, SERV6_REWRITE_PORT, SRC6_REWRITE_IP, + SUCCESS, }, { SOCK_ADDR_TEST_SENDMSG, "sendmsg_unix: sendmsg (dgram)", sendmsg_unix_prog_load, sendmsg_unix_prog_destroy, + BPF_CGROUP_UNIX_SENDMSG, &user_ops, AF_UNIX, SOCK_DGRAM, @@ -690,6 +757,7 @@ static struct sock_addr_test tests[] = { SERVUN_REWRITE_ADDRESS, 0, NULL, + SUCCESS, }, /* sendmsg - kernel calls (sock_sendmsg) */ @@ -698,6 +766,7 @@ static struct sock_addr_test tests[] = { "sendmsg4: sock_sendmsg (dgram)", sendmsg_v4_prog_load, sendmsg_v4_prog_destroy, + BPF_CGROUP_UDP4_SENDMSG, &kern_ops_sock_sendmsg, AF_INET, SOCK_DGRAM, @@ -706,12 +775,14 @@ static struct sock_addr_test tests[] = { SERV4_REWRITE_IP, SERV4_REWRITE_PORT, SRC4_REWRITE_IP, + SUCCESS, }, { SOCK_ADDR_TEST_SENDMSG, "sendmsg6: sock_sendmsg (dgram)", sendmsg_v6_prog_load, sendmsg_v6_prog_destroy, + BPF_CGROUP_UDP6_SENDMSG, &kern_ops_sock_sendmsg, AF_INET6, SOCK_DGRAM, @@ -720,12 +791,14 @@ static struct sock_addr_test tests[] = { SERV6_REWRITE_IP, SERV6_REWRITE_PORT, SRC6_REWRITE_IP, + SUCCESS, }, { SOCK_ADDR_TEST_SENDMSG, "sendmsg_unix: sock_sendmsg (dgram)", sendmsg_unix_prog_load, sendmsg_unix_prog_destroy, + BPF_CGROUP_UNIX_SENDMSG, &kern_ops_sock_sendmsg, AF_UNIX, SOCK_DGRAM, @@ -734,6 +807,7 @@ static struct sock_addr_test tests[] = { SERVUN_REWRITE_ADDRESS, 0, NULL, + SUCCESS, }, /* sendmsg - kernel calls (kernel_sendmsg) */ @@ -742,6 +816,7 @@ static struct sock_addr_test tests[] = { "sendmsg4: kernel_sendmsg (dgram)", sendmsg_v4_prog_load, sendmsg_v4_prog_destroy, + BPF_CGROUP_UDP4_SENDMSG, &kern_ops_kernel_sendmsg, AF_INET, SOCK_DGRAM, @@ -750,12 +825,14 @@ static struct sock_addr_test tests[] = { SERV4_REWRITE_IP, SERV4_REWRITE_PORT, SRC4_REWRITE_IP, + SUCCESS, }, { SOCK_ADDR_TEST_SENDMSG, "sendmsg6: kernel_sendmsg (dgram)", sendmsg_v6_prog_load, sendmsg_v6_prog_destroy, + BPF_CGROUP_UDP6_SENDMSG, &kern_ops_kernel_sendmsg, AF_INET6, SOCK_DGRAM, @@ -764,12 +841,14 @@ static struct sock_addr_test tests[] = { SERV6_REWRITE_IP, SERV6_REWRITE_PORT, SRC6_REWRITE_IP, + SUCCESS, }, { SOCK_ADDR_TEST_SENDMSG, "sendmsg_unix: sock_sendmsg (dgram)", sendmsg_unix_prog_load, sendmsg_unix_prog_destroy, + BPF_CGROUP_UNIX_SENDMSG, &kern_ops_kernel_sendmsg, AF_UNIX, SOCK_DGRAM, @@ -778,6 +857,7 @@ static struct sock_addr_test tests[] = { SERVUN_REWRITE_ADDRESS, 0, NULL, + SUCCESS, }, /* recvmsg - system calls */ @@ -786,6 +866,7 @@ static struct sock_addr_test tests[] = { "recvmsg4: recvfrom (dgram)", recvmsg4_prog_load, recvmsg4_prog_destroy, + BPF_CGROUP_UDP4_RECVMSG, &user_ops, AF_INET, SOCK_DGRAM, @@ -794,12 +875,14 @@ static struct sock_addr_test tests[] = { SERV4_REWRITE_IP, SERV4_REWRITE_PORT, SERV4_IP, + SUCCESS, }, { SOCK_ADDR_TEST_RECVMSG, "recvmsg6: recvfrom (dgram)", recvmsg6_prog_load, recvmsg6_prog_destroy, + BPF_CGROUP_UDP6_RECVMSG, &user_ops, AF_INET6, SOCK_DGRAM, @@ -808,12 +891,14 @@ static struct sock_addr_test tests[] = { SERV6_REWRITE_IP, SERV6_REWRITE_PORT, SERV6_IP, + SUCCESS, }, { SOCK_ADDR_TEST_RECVMSG, "recvmsg_unix: recvfrom (dgram)", recvmsg_unix_prog_load, recvmsg_unix_prog_destroy, + BPF_CGROUP_UNIX_RECVMSG, &user_ops, AF_UNIX, SOCK_DGRAM, @@ -822,12 +907,14 @@ static struct sock_addr_test tests[] = { SERVUN_REWRITE_ADDRESS, 0, SERVUN_ADDRESS, + SUCCESS, }, { SOCK_ADDR_TEST_RECVMSG, "recvmsg_unix: recvfrom (stream)", recvmsg_unix_prog_load, recvmsg_unix_prog_destroy, + BPF_CGROUP_UNIX_RECVMSG, &user_ops, AF_UNIX, SOCK_STREAM, @@ -836,6 +923,7 @@ static struct sock_addr_test tests[] = { SERVUN_REWRITE_ADDRESS, 0, SERVUN_ADDRESS, + SUCCESS, }, /* getsockname - system calls */ @@ -844,6 +932,7 @@ static struct sock_addr_test tests[] = { "getsockname_unix", getsockname_unix_prog_load, getsockname_unix_prog_destroy, + BPF_CGROUP_UNIX_GETSOCKNAME, &user_ops, AF_UNIX, SOCK_STREAM, @@ -852,6 +941,7 @@ static struct sock_addr_test tests[] = { SERVUN_REWRITE_ADDRESS, 0, NULL, + SUCCESS, }, /* getpeername - system calls */ @@ -860,6 +950,7 @@ static struct sock_addr_test tests[] = { "getpeername_unix", getpeername_unix_prog_load, getpeername_unix_prog_destroy, + BPF_CGROUP_UNIX_GETPEERNAME, &user_ops, AF_UNIX, SOCK_STREAM, @@ -868,6 +959,7 @@ static struct sock_addr_test tests[] = { SERVUN_REWRITE_ADDRESS, 0, NULL, + SUCCESS, }, }; @@ -1249,7 +1341,8 @@ void test_sock_addr(void) if (!test__start_subtest(test->name)) continue; - skel = test->loadfn(cgroup_fd); + skel = test->loadfn(cgroup_fd, test->attach_type, + test->expected_result == LOAD_REJECT); if (!skel) continue; From patchwork Fri May 10 19:02:21 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jordan Rife X-Patchwork-Id: 13661867 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-qt1-f202.google.com (mail-qt1-f202.google.com [209.85.160.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C0428481C6 for ; Fri, 10 May 2024 19:09:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.160.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715368159; cv=none; b=qJWIZxXi4KRp8rp4o9AO50d2pYjycY/SkEZeAZTfV3RhS0GiQ5Hh2KUfP4iF0agpMss8bJiaO3vaLk8T0WJKn/tFph57v2QcbZ5rksXoY3K3NuoGgH45uccqKoK5YEKYxtt4fbCjKFpp/qvds+0ECQYF0HUv0qlHKh8Wr59xPYI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715368159; c=relaxed/simple; bh=fztEEpR7m4/NRUlZ4kYE5tFwryhBZrOJRFgR39uDdHY=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=iTqqKErDD2+x3QpCupM9nnpOR+yRgtPjoJeIzJNBuOIYyWIzN7R/B42RyuHb+S8AyU8iyMWxlAWZEMAbie091UMD4OmAN6t8No/72V8dmcjptOE1f+jzcqqqmn04sg/vVBvZ3bIyVHPMxGk7H28go9xeKqYI9RFL1WrJ+Kai8nM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--jrife.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=y1OWehkv; arc=none smtp.client-ip=209.85.160.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--jrife.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="y1OWehkv" Received: by mail-qt1-f202.google.com with SMTP id d75a77b69052e-43de409b742so26236881cf.2 for ; Fri, 10 May 2024 12:09:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1715368157; x=1715972957; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=kFCn2vdb1VKbwCPwkDokNVd/PgijRUXjHEsTGHgmtLI=; b=y1OWehkv5LcnQDTD0STyIjiznN6TtusgeeTxf8x84hSe9X1gsuUeU1lnCRJEHRZrjH dCYxI7EJgXwXeWsrSqhz2EyEXYk4NwXihTbOeG1A5OiHL+FnMIpua1VY5plQWFNASMnx 5LaO8gJVNBqLV7iHa64vu5QtG1w/p4BpMvUgzmjtCBzbIT1PBqn9qN6IOQfnubKSnoQG fqa4dKOP3xSEJw/JHrnIRQBEjJWs7tfdZx94+RPnpb+fkFcWwgffZg8DjA10Q0vQBt3X d2INGTxsx25AOK6G6X8fd3b58ad+0Ki3/Kd1py9qahMMqAg3TPI9Q44PFcbyJQSrFH/E ekTw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715368157; x=1715972957; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=kFCn2vdb1VKbwCPwkDokNVd/PgijRUXjHEsTGHgmtLI=; b=p12CioFB758vQdCWTePOZtrPshvU1OlKjZzsYcLZe9dAO0Nfi6F/E/0BG8ZMmx9pnu Ym3neOeDsHV8Hc600k5RecA8yJMt5yEAPqefJRzvtUchkAFM0+D2ZtqfVpm5CYFXAAEP 8H2LQM9RACqodSCbBFZrUpIdtW6VgXPDP6CWXUIhZplFc4uQdX/wFw6lUklfDTe+B4mY Zf5gy0ASIk4DmRYV67VRr/Iq3eyQtZrBBkqnBv0A9FM/IzoJczQvILBGMuVd3wPA8fWl jhxlujGYY5tD0mFUYOQfxjifyA+Qiz8TsoFGQv4Gtpy5wEuIcB2yztHoIhc+dmFlkXy5 PxjQ== X-Gm-Message-State: AOJu0YwlVnBL22n7ALZFIfLOHJreN+6zlIg15qZwBb0eupbx5igCr/x/ vFyopEvEPjapQzOWSrJfCAcjbxJssZavis+Qqtv6EoBmHSm59fF3oFsIW40EckTFaN369hzYZPV PZzij+xU9VvwK+h7W5kyPJgiBtVbq5jTiy+3Q8s2Qev8LzP06UbKTIZ8Cz4wo+ZmkvfJdupzFqz WdmYHVun+c5utCdSvE3KTE+Zg= X-Google-Smtp-Source: AGHT+IFqvlvYAgR9+7n3+qrB+K1Srlz/ymb4LAXStQHUni+k2szT1ZtVttNYjvEzFIrscNdurr7uxRV/FQ== X-Received: from jrife.c.googlers.com ([fda3:e722:ac3:cc00:2b:ff92:c0a8:9f]) (user=jrife job=sendgmr) by 2002:a05:6e02:552:b0:36c:f57:acfa with SMTP id e9e14a558f8ab-36cc14e8c6amr390695ab.5.1715367775298; Fri, 10 May 2024 12:02:55 -0700 (PDT) Date: Fri, 10 May 2024 14:02:21 -0500 In-Reply-To: <20240510190246.3247730-1-jrife@google.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240510190246.3247730-1-jrife@google.com> X-Mailer: git-send-email 2.45.0.118.g7fe29c98d7-goog Message-ID: <20240510190246.3247730-5-jrife@google.com> Subject: [PATCH v1 bpf-next 04/17] selftests/bpf: Handle ATTACH_REJECT test cases From: Jordan Rife To: bpf@vger.kernel.org Cc: Jordan Rife , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Mykola Lysenko , Shuah Khan , Geliang Tang , Daan De Meyer , Shung-Hsi Yu , linux-kselftest@vger.kernel.org X-Patchwork-Delegate: bpf@iogearbox.net In preparation to move test cases from bpf/test_sock_addr.c that expect ATTACH_REJECT, this patch adds BPF_SKEL_FUNCS_RAW to generate load and destroy functions that use bpf_prog_attach() to control the attach_type. The normal load functions use bpf_program__attach_cgroup which does not have the same degree of control over the attach type, as bpf_program_attach_fd() calls bpf_link_create() with the attach type extracted from prog using bpf_program__expected_attach_type(). It is currently not possible to modify the attach type before bpf_program__attach_cgroup() is called, since bpf_program__set_expected_attach_type() has no effect after the program is loaded. Signed-off-by: Jordan Rife --- .../selftests/bpf/prog_tests/sock_addr.c | 35 ++++++++++++++++++- 1 file changed, 34 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/bpf/prog_tests/sock_addr.c b/tools/testing/selftests/bpf/prog_tests/sock_addr.c index 3033641fd7567..53440458f365e 100644 --- a/tools/testing/selftests/bpf/prog_tests/sock_addr.c +++ b/tools/testing/selftests/bpf/prog_tests/sock_addr.c @@ -367,6 +367,38 @@ struct sock_addr_test { } expected_result; }; +#define BPF_SKEL_FUNCS_RAW(skel_name, prog_name) \ +static void *prog_name##_load_raw(int cgroup_fd, \ + enum bpf_attach_type attach_type, \ + bool expect_reject) \ +{ \ + struct skel_name *skel = skel_name##__open(); \ + int prog_fd = -1; \ + if (!ASSERT_OK_PTR(skel, "skel_open")) \ + goto cleanup; \ + if (!ASSERT_OK(skel_name##__load(skel), "load")) \ + goto cleanup; \ + prog_fd = bpf_program__fd(skel->progs.prog_name); \ + if (!ASSERT_GT(prog_fd, 0, "prog_fd")) \ + goto cleanup; \ + if (bpf_prog_attach(prog_fd, cgroup_fd, attach_type, \ + BPF_F_ALLOW_OVERRIDE), "bpf_prog_attach") { \ + ASSERT_TRUE(expect_reject, "unexpected rejection"); \ + goto cleanup; \ + } \ + if (!ASSERT_FALSE(expect_reject, "expected rejection")) \ + goto cleanup; \ +cleanup: \ + if (prog_fd > 0) \ + bpf_prog_detach(cgroup_fd, attach_type); \ + skel_name##__destroy(skel); \ + return NULL; \ +} \ +static void prog_name##_destroy_raw(void *progfd) \ +{ \ + /* No-op. *_load_raw does all cleanup. */ \ +} \ + #define BPF_SKEL_FUNCS(skel_name, prog_name) \ static void *prog_name##_load(int cgroup_fd, \ enum bpf_attach_type attach_type, \ @@ -1342,7 +1374,8 @@ void test_sock_addr(void) continue; skel = test->loadfn(cgroup_fd, test->attach_type, - test->expected_result == LOAD_REJECT); + test->expected_result == LOAD_REJECT || + test->expected_result == ATTACH_REJECT); if (!skel) continue; From patchwork Fri May 10 19:02:22 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jordan Rife X-Patchwork-Id: 13661852 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-il1-f202.google.com (mail-il1-f202.google.com [209.85.166.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D8E6D45979 for ; Fri, 10 May 2024 19:02:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.166.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715367779; cv=none; b=GhvCqgmHerI3ZfCjpG/d6kyDhW6NfUlWWF1p6/8+FjZHLNx+azJsvkixChc/5nI4eKYPo++V7aiJAy1XBpY4sEWSNxT8+ve6FFIFN/5oBrn05LrYUJ/qgkYVlHR2FFLvZH7TKuAzrH3FQgIqdscYVv8G4Rm7H6mwDM6y9ExpTm4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715367779; c=relaxed/simple; bh=Q+W7w6jbWqTidenY4MPkZGNwUkeTs/EGWzXTI1iPbwc=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=nk/2BUVbpQoOTTZNaVSqbFlO1yFmKN4oQ/s6o1Rtty1qmqrCvFKlhJU4FR5egz1SOxfCBLFe7yOV5uqrLUXnhHwzjqf74O9wO2I64mXjw327FoFCVXehqCJnZKj3anorD/Q3zzj9V+WQVAsacFgnhQfZEXLs4uoOfqJNXg9i1bI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--jrife.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=whH9p4KJ; arc=none smtp.client-ip=209.85.166.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--jrife.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="whH9p4KJ" Received: by mail-il1-f202.google.com with SMTP id e9e14a558f8ab-36c60af9b4aso27966675ab.2 for ; Fri, 10 May 2024 12:02:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1715367777; x=1715972577; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=u4RXpPUmiZ7lVHR+RSSj4BtJBK9I+cPlzYrfL79hERg=; b=whH9p4KJQN51xf+gwKpOUiUKgx828ZWyuoJdX3RR300+caS/Ca8xGVe7cv9Cxq4tnR zgMmnRZIukMa/ILKL28bsJy1r58CJur6xgw1/iiHBwC1aPTwau9h8OxAO6SKlFMwPcv2 DesMeZOGGjzu1XckLs85ijJeIgl/d9n4sQvF5vmzD0zPOA3dmLJQbYFmViPZVvBInOwi zuz49EdbORv11koB2XwkoHLJkucUPOVdwtZ8+D7hr4rm/i/qRK3TuL/uSyX+a8O8lNN+ zzaPAo7l0Cns7xi8xQaPgbaUNvu7eTYPEPavV2ASO5WNVa3+4jy2Zj32+cOMfQ/Phw8T aIkg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715367777; x=1715972577; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=u4RXpPUmiZ7lVHR+RSSj4BtJBK9I+cPlzYrfL79hERg=; b=cBguc4WW64xQs5K22F4TvrcnKxg10q1Vl0m9/AWFrSeISWrsMrZ7WpRNHqTG035mR0 QeNd34+a5B2sw+ppLnL7KfrIf4wo2e1uaFqh07evEHnhecmcYSEG8oFt/U848kaRyc4/ 6kiL5fMPbJgBrfutXuaj/a0LheuAcppyCuxKuYhaCoMb0g0i67ISJrCKv5CLohdOcALT 6bSi9zt5n8lhsh+YIh1qGcUhjZGzJcxFPvNONPccNSK2B2ageZJvLajDa/bbZMa6qGU7 7dqGfrQeKPlPtv3BGaKWo+pnYU/ytpuml7lJ25p55N/YVCfQcSkHremLsLZXNI3/dqf/ XxXg== X-Gm-Message-State: AOJu0YxDF16vRI5xaGRWEiM6hP01v9QRiP52jNo5ItLy1F06jc4HpLkx ZQRXjLFKNy2y0y1TBgK75FSzzqizT3n9SOG1JqF5HNlbr+mpu4AQn1DCBAcV3zIPemPg+l/DKbe uOwAwuWdHFLoO5frGjOLPrl8SG18gKzEimU+uYBIXrDBJnRIatLjxWn0ihLV70MP2Hlt9NgZKeq CVGQliJohPLB+bwG1RuCvLXxU= X-Google-Smtp-Source: AGHT+IF1dnApAaUq/G5y/hc7IEj8eb1mWES65vk/ZygziY3BsaV+soeV2/P8VmerEBdMReYnDSJCdHWtLw== X-Received: from jrife.c.googlers.com ([fda3:e722:ac3:cc00:2b:ff92:c0a8:9f]) (user=jrife job=sendgmr) by 2002:a92:1e0c:0:b0:36c:830d:8af9 with SMTP id e9e14a558f8ab-36cc14dc3f7mr1587645ab.4.1715367776989; Fri, 10 May 2024 12:02:56 -0700 (PDT) Date: Fri, 10 May 2024 14:02:22 -0500 In-Reply-To: <20240510190246.3247730-1-jrife@google.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240510190246.3247730-1-jrife@google.com> X-Mailer: git-send-email 2.45.0.118.g7fe29c98d7-goog Message-ID: <20240510190246.3247730-6-jrife@google.com> Subject: [PATCH v1 bpf-next 05/17] selftests/bpf: Handle SYSCALL_EPERM and SYSCALL_ENOTSUPP test cases From: Jordan Rife To: bpf@vger.kernel.org Cc: Jordan Rife , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Mykola Lysenko , Shuah Khan , Geliang Tang , Daan De Meyer , Shung-Hsi Yu , linux-kselftest@vger.kernel.org X-Patchwork-Delegate: bpf@iogearbox.net In preparation to move test cases from bpf/test_sock_addr.c that expect system calls to return ENOTSUPP or EPERM, this patch propagates errno from relevant system calls up to test_sock_addr() where the result can be checked. Signed-off-by: Jordan Rife --- .../selftests/bpf/prog_tests/sock_addr.c | 78 ++++++++++++++----- 1 file changed, 58 insertions(+), 20 deletions(-) diff --git a/tools/testing/selftests/bpf/prog_tests/sock_addr.c b/tools/testing/selftests/bpf/prog_tests/sock_addr.c index 53440458f365e..626be900a8fdf 100644 --- a/tools/testing/selftests/bpf/prog_tests/sock_addr.c +++ b/tools/testing/selftests/bpf/prog_tests/sock_addr.c @@ -19,6 +19,10 @@ #include "getpeername_unix_prog.skel.h" #include "network_helpers.h" +#ifndef ENOTSUPP +# define ENOTSUPP 524 +#endif + #define TEST_NS "sock_addr" #define TEST_IF_PREFIX "test_sock_addr" #define TEST_IPV4 "127.0.0.4" @@ -43,6 +47,8 @@ #define SERVUN_REWRITE_ADDRESS "bpf_cgroup_unix_test_rewrite" #define SRCUN_ADDRESS "bpf_cgroup_unix_test_src" +#define save_errno_do(op) ({ int __save = errno; op; errno = __save; }) + enum sock_addr_test_type { SOCK_ADDR_TEST_BIND, SOCK_ADDR_TEST_CONNECT, @@ -98,6 +104,7 @@ static int run_bpf_prog(const char *prog_name, void *ctx, int ctx_size) goto err; err = topts.retval; + errno = -topts.retval; goto out; err: err = -1; @@ -221,8 +228,7 @@ int kernel_connect_to_addr(int type, const struct sockaddr_storage *addr, sockle "kernel_init_sock")) goto err; - if (!ASSERT_OK(kernel_connect((struct sockaddr *)addr, addrlen), - "kernel_connect")) + if (kernel_connect((struct sockaddr *)addr, addrlen) < 0) goto err; /* Test code expects a "file descriptor" on success. */ @@ -230,7 +236,7 @@ int kernel_connect_to_addr(int type, const struct sockaddr_storage *addr, sockle goto out; err: err = -1; - ASSERT_OK(kernel_close_sock(0), "kernel_close_sock"); + save_errno_do(ASSERT_OK(kernel_close_sock(0), "kernel_close_sock")); out: return err; } @@ -248,8 +254,7 @@ int kernel_start_server(int family, int type, const char *addr_str, __u16 port, if (make_sockaddr(family, addr_str, port, &addr, &addrlen)) goto err; - if (!ASSERT_OK(kernel_bind(0, (struct sockaddr *)&addr, addrlen), - "kernel_bind")) + if (kernel_bind(0, (struct sockaddr *)&addr, addrlen) < 0) goto err; if (type == SOCK_STREAM) { @@ -262,7 +267,7 @@ int kernel_start_server(int family, int type, const char *addr_str, __u16 port, goto out; err: err = -1; - ASSERT_OK(kernel_close_sock(0), "kernel_close_sock"); + save_errno_do(ASSERT_OK(kernel_close_sock(0), "kernel_close_sock")); out: return err; } @@ -1066,7 +1071,7 @@ static void unload_sock_addr_kern(void) sock_addr_kern__destroy(skel); } -static void test_bind(struct sock_addr_test *test) +static int test_bind(struct sock_addr_test *test) { struct sockaddr_storage expected_addr; socklen_t expected_addr_len = sizeof(struct sockaddr_storage); @@ -1075,8 +1080,10 @@ static void test_bind(struct sock_addr_test *test) serv = test->ops->start_server(test->socket_family, test->socket_type, test->requested_addr, test->requested_port, 0); - if (!ASSERT_GE(serv, 0, "start_server")) - goto cleanup; + if (serv < 0) { + err = errno; + goto err; + } err = make_sockaddr(test->socket_family, test->expected_addr, test->expected_port, @@ -1095,13 +1102,17 @@ static void test_bind(struct sock_addr_test *test) goto cleanup; cleanup: + err = 0; +err: if (client != -1) close(client); if (serv != -1) test->ops->close(serv); + + return err; } -static void test_connect(struct sock_addr_test *test) +static int test_connect(struct sock_addr_test *test) { struct sockaddr_storage addr, expected_addr, expected_src_addr; socklen_t addr_len = sizeof(struct sockaddr_storage), @@ -1121,8 +1132,10 @@ static void test_connect(struct sock_addr_test *test) client = test->ops->connect_to_addr(test->socket_type, &addr, addr_len, NULL); - if (!ASSERT_GE(client, 0, "connect_to_addr")) - goto cleanup; + if (client < 0) { + err = errno; + goto err; + } err = make_sockaddr(test->socket_family, test->expected_addr, test->expected_port, &expected_addr, &expected_addr_len); @@ -1149,13 +1162,17 @@ static void test_connect(struct sock_addr_test *test) goto cleanup; } cleanup: + err = 0; +err: if (client != -1) test->ops->close(client); if (serv != -1) close(serv); + + return err; } -static void test_xmsg(struct sock_addr_test *test) +static int test_xmsg(struct sock_addr_test *test) { struct sockaddr_storage addr, src_addr; socklen_t addr_len = sizeof(struct sockaddr_storage), @@ -1196,6 +1213,11 @@ static void test_xmsg(struct sock_addr_test *test) if (test->socket_type == SOCK_DGRAM) { err = test->ops->sendmsg(client, (struct sockaddr *)&addr, addr_len, &data, sizeof(data)); + if (err < 0) { + err = errno; + goto err; + } + if (!ASSERT_EQ(err, sizeof(data), "sendmsg")) goto cleanup; } else { @@ -1245,13 +1267,17 @@ static void test_xmsg(struct sock_addr_test *test) } cleanup: + err = 0; +err: if (client != -1) test->ops->close(client); if (serv != -1) close(serv); + + return err; } -static void test_getsockname(struct sock_addr_test *test) +static int test_getsockname(struct sock_addr_test *test) { struct sockaddr_storage expected_addr; socklen_t expected_addr_len = sizeof(struct sockaddr_storage); @@ -1275,9 +1301,11 @@ static void test_getsockname(struct sock_addr_test *test) cleanup: if (serv != -1) test->ops->close(serv); + + return 0; } -static void test_getpeername(struct sock_addr_test *test) +static int test_getpeername(struct sock_addr_test *test) { struct sockaddr_storage addr, expected_addr; socklen_t addr_len = sizeof(struct sockaddr_storage), @@ -1314,6 +1342,8 @@ static void test_getpeername(struct sock_addr_test *test) test->ops->close(client); if (serv != -1) close(serv); + + return 0; } static int setup_test_env(struct nstoken **tok) @@ -1369,6 +1399,7 @@ void test_sock_addr(void) for (size_t i = 0; i < ARRAY_SIZE(tests); ++i) { struct sock_addr_test *test = &tests[i]; + int err; if (!test__start_subtest(test->name)) continue; @@ -1385,26 +1416,33 @@ void test_sock_addr(void) * the future. */ case SOCK_ADDR_TEST_BIND: - test_bind(test); + err = test_bind(test); break; case SOCK_ADDR_TEST_CONNECT: - test_connect(test); + err = test_connect(test); break; case SOCK_ADDR_TEST_SENDMSG: case SOCK_ADDR_TEST_RECVMSG: - test_xmsg(test); + err = test_xmsg(test); break; case SOCK_ADDR_TEST_GETSOCKNAME: - test_getsockname(test); + err = test_getsockname(test); break; case SOCK_ADDR_TEST_GETPEERNAME: - test_getpeername(test); + err = test_getpeername(test); break; default: ASSERT_TRUE(false, "Unknown sock addr test type"); break; } + if (test->expected_result == SYSCALL_EPERM) + ASSERT_EQ(err, EPERM, "socket operation returns EPERM"); + else if (test->expected_result == SYSCALL_ENOTSUPP) + ASSERT_EQ(err, ENOTSUPP, "socket operation returns ENOTSUPP"); + else if (test->expected_result == SUCCESS) + ASSERT_OK(err, "socket operation succeeds"); + test->destroyfn(skel); } From patchwork Fri May 10 19:02:23 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jordan Rife X-Patchwork-Id: 13661853 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A8C1F45977 for ; Fri, 10 May 2024 19:02:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715367781; cv=none; b=iil2/5/p5j5C+/TTq/f26O6oDtzq2YK86CAb2sJIB2ucXN78+VAexl1ge8LTk40H9j1L3J3/4h5vuuNC+kr0CzvbDPCNehMio799j9XJcvvHZIYhUrnwxkJVS8V4K0/ivrVe91AGO0u19eChfJ1T+je6bu79+G/tVFTTGn86ZNg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715367781; c=relaxed/simple; bh=ZKBym8bL+87iuEO1eTLqx0aH90HS+ZXJ37G/jaGUc0E=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=YkFpQWr1Y6rtBfbe7hVAJHtNXQxvKxcoqkpLJStmk0yWLJhTF5tgifoCaTzedmjhvDPuVsglAYpRK9rxxrMH7LsjtBfqTUrL8LK0KP//15PKJ6Jx6JC46UnI/3fwJSSmFEmKSH9X3Ksw6PMXRQpRjLtNi7sWys3DTuePtchyMzg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--jrife.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=vP+mtKRf; arc=none smtp.client-ip=209.85.128.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--jrife.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="vP+mtKRf" Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-61bea0ca5e2so38491987b3.2 for ; Fri, 10 May 2024 12:02:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1715367779; x=1715972579; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=xkbaFBJQy7+phzuNx/G3f0fc96jsJ3oP7IdhCfgCmIk=; b=vP+mtKRf/zPMlToE3CNoFqVyx25QKqp/zrzh/qiMVTkBbQc32UI6mxtaKZOPAf3mI0 IDZcZCx16LgHTTseUKnatpJ1rjBZXvdHMijOe8nnjEjIElWKaaS/QKXbNTBVyFXjHuFj OqaA3GEIy2R81CgrWZsBcLi/oEZWs8cMPng84Wrs2K9hBCTSwNpqsqqFjmVyWEATi9fO 50lAyAvVdZMImoPDMZ+188pu1GkgaCN1bvzOf7bmcA+MhItKPi/1uH06UBw7w+Pgk90A h/xrd4pBlzVuYFEmlQtuRQ1RKwqLTXIKgScP7aNba70s77mGDBEUScUnPNVSamHud665 aXcg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715367779; x=1715972579; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=xkbaFBJQy7+phzuNx/G3f0fc96jsJ3oP7IdhCfgCmIk=; b=krIgxdjxwIklsNJc/+X34H3R85QisGUS5vXxPGKQRub7C0ZY1x+lE/TQflgpjhwK5J Zz9SHx42Wwt6sYFFcIdikoG3TutoJTbk7VvOwrr920OOvZiS79+JEmLakkI9RK0bkC9N Si9+H2QzvdG+RonK/vCBYeTTKVTtTwUNpOmHrH0MQA+qtj7I6lc9y9oGYu9KYxCbMxi1 oqOsuz2nIzS65yp+CsWZ1KqCxP05bgDaBrYSgQlXKJJ1tkVDKNX5RLWqJxzvw2wXWEEJ 8P1d0unBpOh3PSKc5rzD2hxMqoeE8t7YpR2V2jtANQp6txqVIPo+O1oujZIrOtQlhHlU JOGg== X-Gm-Message-State: AOJu0YyDhbXVXC697MKvFv1w8PGfowbpMI4xpBgzkobxUTSZ3cNV2c9q hpsrTA/GJ6UsR9k8G9LU/oQCwUmtTPFn4vMNT8BOpMJPcNHnpmJjHi2V0waYpra7mycz1c+dmmB LdqahfFmZ/L72V+oIz5eBrg78w5KMMKrU/fRvP3cfzPzf3BqNRP6W9lfGgeP08mqAhTQXGDbF8v jA/KiP3l0r9ktM8yB7ZDmKLQU= X-Google-Smtp-Source: AGHT+IEnUdFgZ3SDhkY3B9LOnHEJlb4pHhYF8GxCtgmQffiVDZIyHiOEGpEpTF5Wfn5B8slwQa39S/H19A== X-Received: from jrife.c.googlers.com ([fda3:e722:ac3:cc00:2b:ff92:c0a8:9f]) (user=jrife job=sendgmr) by 2002:a05:6902:150a:b0:dc2:2ace:860 with SMTP id 3f1490d57ef6-dee4f3117c3mr274015276.2.1715367778597; Fri, 10 May 2024 12:02:58 -0700 (PDT) Date: Fri, 10 May 2024 14:02:23 -0500 In-Reply-To: <20240510190246.3247730-1-jrife@google.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240510190246.3247730-1-jrife@google.com> X-Mailer: git-send-email 2.45.0.118.g7fe29c98d7-goog Message-ID: <20240510190246.3247730-7-jrife@google.com> Subject: [PATCH v1 bpf-next 06/17] selftests/bpf: Migrate WILDCARD_IP test From: Jordan Rife To: bpf@vger.kernel.org Cc: Jordan Rife , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Mykola Lysenko , Shuah Khan , Geliang Tang , Daan De Meyer , Shung-Hsi Yu , linux-kselftest@vger.kernel.org X-Patchwork-Delegate: bpf@iogearbox.net Move wildcard IP sendmsg test case out of bpf/test_sock_addr.c into prog_tests/sock_addr.c. Signed-off-by: Jordan Rife --- .../selftests/bpf/prog_tests/sock_addr.c | 50 +++++++++++++++++++ .../selftests/bpf/progs/sendmsg6_prog.c | 6 +++ tools/testing/selftests/bpf/test_sock_addr.c | 20 -------- 3 files changed, 56 insertions(+), 20 deletions(-) diff --git a/tools/testing/selftests/bpf/prog_tests/sock_addr.c b/tools/testing/selftests/bpf/prog_tests/sock_addr.c index 626be900a8fdf..37e9ef5a5ae16 100644 --- a/tools/testing/selftests/bpf/prog_tests/sock_addr.c +++ b/tools/testing/selftests/bpf/prog_tests/sock_addr.c @@ -40,6 +40,7 @@ #define SERV6_V4MAPPED_IP "::ffff:192.168.0.4" #define SRC6_IP "::1" #define SRC6_REWRITE_IP TEST_IPV6 +#define WILDCARD6_IP "::" #define SERV6_PORT 6060 #define SERV6_REWRITE_PORT 6666 @@ -443,6 +444,7 @@ BPF_SKEL_FUNCS(connect6_prog, connect_v6_prog); BPF_SKEL_FUNCS(connect_unix_prog, connect_unix_prog); BPF_SKEL_FUNCS(sendmsg4_prog, sendmsg_v4_prog); BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_prog); +BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_preserve_dst_prog); BPF_SKEL_FUNCS(sendmsg_unix_prog, sendmsg_unix_prog); BPF_SKEL_FUNCS(recvmsg4_prog, recvmsg4_prog); BPF_SKEL_FUNCS(recvmsg6_prog, recvmsg6_prog); @@ -780,6 +782,22 @@ static struct sock_addr_test tests[] = { SRC6_REWRITE_IP, SUCCESS, }, + { + SOCK_ADDR_TEST_SENDMSG, + "sendmsg6: sendmsg [::] (BSD'ism) (dgram)", + sendmsg_v6_preserve_dst_prog_load, + sendmsg_v6_preserve_dst_prog_destroy, + BPF_CGROUP_UDP6_SENDMSG, + &user_ops, + AF_INET6, + SOCK_DGRAM, + WILDCARD6_IP, + SERV6_PORT, + SERV6_REWRITE_IP, + SERV6_PORT, + SRC6_IP, + SUCCESS, + }, { SOCK_ADDR_TEST_SENDMSG, "sendmsg_unix: sendmsg (dgram)", @@ -830,6 +848,22 @@ static struct sock_addr_test tests[] = { SRC6_REWRITE_IP, SUCCESS, }, + { + SOCK_ADDR_TEST_SENDMSG, + "sendmsg6: sock_sendmsg [::] (BSD'ism) (dgram)", + sendmsg_v6_preserve_dst_prog_load, + sendmsg_v6_preserve_dst_prog_destroy, + BPF_CGROUP_UDP6_SENDMSG, + &kern_ops_sock_sendmsg, + AF_INET6, + SOCK_DGRAM, + WILDCARD6_IP, + SERV6_PORT, + SERV6_REWRITE_IP, + SERV6_PORT, + SRC6_IP, + SUCCESS, + }, { SOCK_ADDR_TEST_SENDMSG, "sendmsg_unix: sock_sendmsg (dgram)", @@ -880,6 +914,22 @@ static struct sock_addr_test tests[] = { SRC6_REWRITE_IP, SUCCESS, }, + { + SOCK_ADDR_TEST_SENDMSG, + "sendmsg6: kernel_sendmsg [::] (BSD'ism) (dgram)", + sendmsg_v6_preserve_dst_prog_load, + sendmsg_v6_preserve_dst_prog_destroy, + BPF_CGROUP_UDP6_SENDMSG, + &kern_ops_kernel_sendmsg, + AF_INET6, + SOCK_DGRAM, + WILDCARD6_IP, + SERV6_PORT, + SERV6_REWRITE_IP, + SERV6_PORT, + SRC6_IP, + SUCCESS, + }, { SOCK_ADDR_TEST_SENDMSG, "sendmsg_unix: sock_sendmsg (dgram)", diff --git a/tools/testing/selftests/bpf/progs/sendmsg6_prog.c b/tools/testing/selftests/bpf/progs/sendmsg6_prog.c index bf9b46b806f6a..03956a654ce58 100644 --- a/tools/testing/selftests/bpf/progs/sendmsg6_prog.c +++ b/tools/testing/selftests/bpf/progs/sendmsg6_prog.c @@ -59,4 +59,10 @@ int sendmsg_v6_prog(struct bpf_sock_addr *ctx) return 1; } +SEC("cgroup/sendmsg6") +int sendmsg_v6_preserve_dst_prog(struct bpf_sock_addr *ctx) +{ + return 1; +} + char _license[] SEC("license") = "GPL"; diff --git a/tools/testing/selftests/bpf/test_sock_addr.c b/tools/testing/selftests/bpf/test_sock_addr.c index 40e33167bec20..ab8ef02c9c556 100644 --- a/tools/testing/selftests/bpf/test_sock_addr.c +++ b/tools/testing/selftests/bpf/test_sock_addr.c @@ -92,7 +92,6 @@ static int bind4_prog_load(const struct sock_addr_test *test); static int bind6_prog_load(const struct sock_addr_test *test); static int connect4_prog_load(const struct sock_addr_test *test); static int connect6_prog_load(const struct sock_addr_test *test); -static int sendmsg_allow_prog_load(const struct sock_addr_test *test); static int sendmsg_deny_prog_load(const struct sock_addr_test *test); static int sendmsg4_rw_asm_prog_load(const struct sock_addr_test *test); static int sendmsg6_rw_asm_prog_load(const struct sock_addr_test *test); @@ -343,20 +342,6 @@ static struct sock_addr_test tests[] = { SRC6_REWRITE_IP, SUCCESS, }, - { - "sendmsg6: preserve dst IP = [::] (BSD'ism)", - sendmsg_allow_prog_load, - BPF_CGROUP_UDP6_SENDMSG, - BPF_CGROUP_UDP6_SENDMSG, - AF_INET6, - SOCK_DGRAM, - WILDCARD6_IP, - SERV6_PORT, - SERV6_REWRITE_IP, - SERV6_PORT, - SRC6_IP, - SUCCESS, - }, { "sendmsg6: deny call", sendmsg_deny_prog_load, @@ -457,11 +442,6 @@ static int xmsg_ret_only_prog_load(const struct sock_addr_test *test, return load_insns(test, insns, ARRAY_SIZE(insns)); } -static int sendmsg_allow_prog_load(const struct sock_addr_test *test) -{ - return xmsg_ret_only_prog_load(test, /*rc*/ 1); -} - static int sendmsg_deny_prog_load(const struct sock_addr_test *test) { return xmsg_ret_only_prog_load(test, /*rc*/ 0); From patchwork Fri May 10 19:02:24 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jordan Rife X-Patchwork-Id: 13661854 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-yb1-f202.google.com (mail-yb1-f202.google.com [209.85.219.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2F3F245C10 for ; Fri, 10 May 2024 19:03:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715367782; cv=none; b=cLgHWpnFg71QsQfvr+U7GgHOw8C+JLBRHyFksuq0rbqgPhrX+fYFY/xlLGl1zThj/RQXHQohbm9aTIW05Gn0cNR77GvqOrb98xCAqs55L7luvz5o0JIZirGOtRd07wyJl8UCfCPolxrsM1739bs46kcaCtUkNe4T3aRgJM6NPXs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715367782; c=relaxed/simple; bh=ClRaP72pjb3E2W917zpJHnDF6WQ563poSNVHHcPXUAk=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=VLh3N8ZBzSFsiKUZmXbcUQ2HGWEuiMnmNvebkVTMX1DvQ+C6eKdaShzZbsZZYyrBL8L5NfLWzbCt4ClVyS/s6NW/Ha5asIUsuR7ZR9bF1uTL2s7xrf7QrZOiSnRC13z5T8LUEtxsnvumm7AR3n5sdlFLrowADXVdx4qW4ZPSrU4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--jrife.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=FppcQ6bx; arc=none smtp.client-ip=209.85.219.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--jrife.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="FppcQ6bx" Received: by mail-yb1-f202.google.com with SMTP id 3f1490d57ef6-de8b6847956so4566720276.1 for ; Fri, 10 May 2024 12:03:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1715367780; x=1715972580; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=BtnreiZbliPZHYz3oERPbdrbZVQ8ZqM9pXNGCzUgu3M=; b=FppcQ6bx62POgJewrkp+8acbX8QwxU2qF3Uw5RKs2LzmyDIOkaTWbwTKGzvOwKrh4X VLLEjrieY/v/G1k8dyxBGXBkg8XbEbSGFjcdJdiMKRNyLQQsfaEI5LGxMKxcJe+/t5D6 AvfPJFuA/FGZ0/GD7eyTjVpTLMbR5Wg00YA++G6nGd0/Etkk6MOFhJRxK1y5i83jwRXr xaPzNT5aaS7tnxQB8e7arG4oYsKuXvPN7W5VTOiWoBceSHgcW4hwf02k0YpVus0niI6h PVeeVuzXZtwg15wtYmbuaWryVuIFBpyIN3nGB2fPl4wHR4g7iOFmxfCd9gG9P161dLYi 0x1w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715367780; x=1715972580; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=BtnreiZbliPZHYz3oERPbdrbZVQ8ZqM9pXNGCzUgu3M=; b=AlQ3CZVMqxC6SSsF1vPgleWgds5e8eZT4T2vw63ZJaQ7xuGHzCj+Jyx5m1Zs76XtUT VJtlA6wBPlA+0Xj36yQWpKeIleELsP7StdpuYFEyF4sKOkQzgbB7p/x52++mV5cyRQZ4 IKMF0c3c+iGrrMbjn3MXHbLS1NpAPnEFFhgux5Tw3oQYVrsF2eQ1GHKFXBVaK0kQqiFj irOam6fb2guruiOM3LdWHi4GM9ADWKZILKAJEpJB8LFJugEM5MId/EOLcRNKw19fZTfy rK2jcWwrVfvp7jyQrZ9qswrwBAlwmKfnKwycJO7F1ZbvB85RCZq2tFtwpLBDc0/F+HHz YV5g== X-Gm-Message-State: AOJu0YwoZ35i44FaHz9uqFOAZLKhdXCHHjbEkZaQ05vekTC9WV89YguI ZiPRGsE6G71hF+56lu0G/97wVzBmatsaWGtfz309pBk/01UMhbZSv2EWUJGcGgo9ZBOHVSgvLFY cNYVpBy3pekwlysYHwu7frSH4tFn+RcPuC40Oylu2zgB4C75cUJvNfRB7P8w47dRzkChJ4tLqkZ 02fK5naTZAaHjlRQxsy42GctY= X-Google-Smtp-Source: AGHT+IFmkW5oyt+fCUDEit4rEVfnALEndXTfWYgpUvZc35j30WdfNRmFuQjUX6JxFqjQKxQFNvZekxDuag== X-Received: from jrife.c.googlers.com ([fda3:e722:ac3:cc00:2b:ff92:c0a8:9f]) (user=jrife job=sendgmr) by 2002:a25:68c3:0:b0:de5:dcb8:5c8a with SMTP id 3f1490d57ef6-debcfbce27fmr1485306276.2.1715367780121; Fri, 10 May 2024 12:03:00 -0700 (PDT) Date: Fri, 10 May 2024 14:02:24 -0500 In-Reply-To: <20240510190246.3247730-1-jrife@google.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240510190246.3247730-1-jrife@google.com> X-Mailer: git-send-email 2.45.0.118.g7fe29c98d7-goog Message-ID: <20240510190246.3247730-8-jrife@google.com> Subject: [PATCH v1 bpf-next 07/17] selftests/bpf: Migrate sendmsg deny test cases From: Jordan Rife To: bpf@vger.kernel.org Cc: Jordan Rife , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Mykola Lysenko , Shuah Khan , Geliang Tang , Daan De Meyer , Shung-Hsi Yu , linux-kselftest@vger.kernel.org X-Patchwork-Delegate: bpf@iogearbox.net This set of tests checks that sendmsg calls are rejected (return -EPERM) when the sendmsg* hook returns 0. Replace those in bpf/test_sock_addr.c with corresponding tests in prog_tests/sock_addr.c. Signed-off-by: Jordan Rife --- .../selftests/bpf/prog_tests/sock_addr.c | 98 +++++++++++++++++++ .../selftests/bpf/progs/sendmsg4_prog.c | 6 ++ .../selftests/bpf/progs/sendmsg6_prog.c | 6 ++ tools/testing/selftests/bpf/test_sock_addr.c | 45 --------- 4 files changed, 110 insertions(+), 45 deletions(-) diff --git a/tools/testing/selftests/bpf/prog_tests/sock_addr.c b/tools/testing/selftests/bpf/prog_tests/sock_addr.c index 37e9ef5a5ae16..634f7a31b35db 100644 --- a/tools/testing/selftests/bpf/prog_tests/sock_addr.c +++ b/tools/testing/selftests/bpf/prog_tests/sock_addr.c @@ -443,7 +443,9 @@ BPF_SKEL_FUNCS(connect4_prog, connect_v4_prog); BPF_SKEL_FUNCS(connect6_prog, connect_v6_prog); BPF_SKEL_FUNCS(connect_unix_prog, connect_unix_prog); BPF_SKEL_FUNCS(sendmsg4_prog, sendmsg_v4_prog); +BPF_SKEL_FUNCS(sendmsg4_prog, sendmsg_v4_deny_prog); BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_prog); +BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_deny_prog); BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_preserve_dst_prog); BPF_SKEL_FUNCS(sendmsg_unix_prog, sendmsg_unix_prog); BPF_SKEL_FUNCS(recvmsg4_prog, recvmsg4_prog); @@ -766,6 +768,22 @@ static struct sock_addr_test tests[] = { SRC4_REWRITE_IP, SUCCESS, }, + { + SOCK_ADDR_TEST_SENDMSG, + "sendmsg4: sendmsg deny (dgram)", + sendmsg_v4_deny_prog_load, + sendmsg_v4_deny_prog_destroy, + BPF_CGROUP_UDP4_SENDMSG, + &user_ops, + AF_INET, + SOCK_DGRAM, + SERV4_IP, + SERV4_PORT, + SERV4_REWRITE_IP, + SERV4_REWRITE_PORT, + SRC4_REWRITE_IP, + SYSCALL_EPERM, + }, { SOCK_ADDR_TEST_SENDMSG, "sendmsg6: sendmsg (dgram)", @@ -798,6 +816,22 @@ static struct sock_addr_test tests[] = { SRC6_IP, SUCCESS, }, + { + SOCK_ADDR_TEST_SENDMSG, + "sendmsg6: sendmsg deny (dgram)", + sendmsg_v6_deny_prog_load, + sendmsg_v6_deny_prog_destroy, + BPF_CGROUP_UDP6_SENDMSG, + &user_ops, + AF_INET6, + SOCK_DGRAM, + SERV6_IP, + SERV6_PORT, + SERV6_REWRITE_IP, + SERV6_REWRITE_PORT, + SRC6_REWRITE_IP, + SYSCALL_EPERM, + }, { SOCK_ADDR_TEST_SENDMSG, "sendmsg_unix: sendmsg (dgram)", @@ -832,6 +866,22 @@ static struct sock_addr_test tests[] = { SRC4_REWRITE_IP, SUCCESS, }, + { + SOCK_ADDR_TEST_SENDMSG, + "sendmsg4: sock_sendmsg deny (dgram)", + sendmsg_v4_deny_prog_load, + sendmsg_v4_deny_prog_destroy, + BPF_CGROUP_UDP4_SENDMSG, + &kern_ops_sock_sendmsg, + AF_INET, + SOCK_DGRAM, + SERV4_IP, + SERV4_PORT, + SERV4_REWRITE_IP, + SERV4_REWRITE_PORT, + SRC4_REWRITE_IP, + SYSCALL_EPERM, + }, { SOCK_ADDR_TEST_SENDMSG, "sendmsg6: sock_sendmsg (dgram)", @@ -864,6 +914,22 @@ static struct sock_addr_test tests[] = { SRC6_IP, SUCCESS, }, + { + SOCK_ADDR_TEST_SENDMSG, + "sendmsg6: sock_sendmsg deny (dgram)", + sendmsg_v6_deny_prog_load, + sendmsg_v6_deny_prog_destroy, + BPF_CGROUP_UDP6_SENDMSG, + &kern_ops_sock_sendmsg, + AF_INET6, + SOCK_DGRAM, + SERV6_IP, + SERV6_PORT, + SERV6_REWRITE_IP, + SERV6_REWRITE_PORT, + SRC6_REWRITE_IP, + SYSCALL_EPERM, + }, { SOCK_ADDR_TEST_SENDMSG, "sendmsg_unix: sock_sendmsg (dgram)", @@ -898,6 +964,22 @@ static struct sock_addr_test tests[] = { SRC4_REWRITE_IP, SUCCESS, }, + { + SOCK_ADDR_TEST_SENDMSG, + "sendmsg4: kernel_sendmsg deny (dgram)", + sendmsg_v4_deny_prog_load, + sendmsg_v4_deny_prog_destroy, + BPF_CGROUP_UDP4_SENDMSG, + &kern_ops_kernel_sendmsg, + AF_INET, + SOCK_DGRAM, + SERV4_IP, + SERV4_PORT, + SERV4_REWRITE_IP, + SERV4_REWRITE_PORT, + SRC4_REWRITE_IP, + SYSCALL_EPERM, + }, { SOCK_ADDR_TEST_SENDMSG, "sendmsg6: kernel_sendmsg (dgram)", @@ -930,6 +1012,22 @@ static struct sock_addr_test tests[] = { SRC6_IP, SUCCESS, }, + { + SOCK_ADDR_TEST_SENDMSG, + "sendmsg6: kernel_sendmsg deny (dgram)", + sendmsg_v6_deny_prog_load, + sendmsg_v6_deny_prog_destroy, + BPF_CGROUP_UDP6_SENDMSG, + &kern_ops_kernel_sendmsg, + AF_INET6, + SOCK_DGRAM, + SERV6_IP, + SERV6_PORT, + SERV6_REWRITE_IP, + SERV6_REWRITE_PORT, + SRC6_REWRITE_IP, + SYSCALL_EPERM, + }, { SOCK_ADDR_TEST_SENDMSG, "sendmsg_unix: sock_sendmsg (dgram)", diff --git a/tools/testing/selftests/bpf/progs/sendmsg4_prog.c b/tools/testing/selftests/bpf/progs/sendmsg4_prog.c index 351e79aef2fae..edc159598a0ef 100644 --- a/tools/testing/selftests/bpf/progs/sendmsg4_prog.c +++ b/tools/testing/selftests/bpf/progs/sendmsg4_prog.c @@ -49,4 +49,10 @@ int sendmsg_v4_prog(struct bpf_sock_addr *ctx) return 1; } +SEC("cgroup/sendmsg4") +int sendmsg_v4_deny_prog(struct bpf_sock_addr *ctx) +{ + return 0; +} + char _license[] SEC("license") = "GPL"; diff --git a/tools/testing/selftests/bpf/progs/sendmsg6_prog.c b/tools/testing/selftests/bpf/progs/sendmsg6_prog.c index 03956a654ce58..0c1825cb994d6 100644 --- a/tools/testing/selftests/bpf/progs/sendmsg6_prog.c +++ b/tools/testing/selftests/bpf/progs/sendmsg6_prog.c @@ -65,4 +65,10 @@ int sendmsg_v6_preserve_dst_prog(struct bpf_sock_addr *ctx) return 1; } +SEC("cgroup/sendmsg6") +int sendmsg_v6_deny_prog(struct bpf_sock_addr *ctx) +{ + return 0; +} + char _license[] SEC("license") = "GPL"; diff --git a/tools/testing/selftests/bpf/test_sock_addr.c b/tools/testing/selftests/bpf/test_sock_addr.c index ab8ef02c9c556..91d88358090eb 100644 --- a/tools/testing/selftests/bpf/test_sock_addr.c +++ b/tools/testing/selftests/bpf/test_sock_addr.c @@ -92,7 +92,6 @@ static int bind4_prog_load(const struct sock_addr_test *test); static int bind6_prog_load(const struct sock_addr_test *test); static int connect4_prog_load(const struct sock_addr_test *test); static int connect6_prog_load(const struct sock_addr_test *test); -static int sendmsg_deny_prog_load(const struct sock_addr_test *test); static int sendmsg4_rw_asm_prog_load(const struct sock_addr_test *test); static int sendmsg6_rw_asm_prog_load(const struct sock_addr_test *test); static int sendmsg6_rw_v4mapped_prog_load(const struct sock_addr_test *test); @@ -258,20 +257,6 @@ static struct sock_addr_test tests[] = { SRC4_REWRITE_IP, SUCCESS, }, - { - "sendmsg4: deny call", - sendmsg_deny_prog_load, - BPF_CGROUP_UDP4_SENDMSG, - BPF_CGROUP_UDP4_SENDMSG, - AF_INET, - SOCK_DGRAM, - SERV4_IP, - SERV4_PORT, - SERV4_REWRITE_IP, - SERV4_REWRITE_PORT, - SRC4_REWRITE_IP, - SYSCALL_EPERM, - }, { "sendmsg6: load prog with wrong expected attach type", sendmsg6_rw_asm_prog_load, @@ -342,20 +327,6 @@ static struct sock_addr_test tests[] = { SRC6_REWRITE_IP, SUCCESS, }, - { - "sendmsg6: deny call", - sendmsg_deny_prog_load, - BPF_CGROUP_UDP6_SENDMSG, - BPF_CGROUP_UDP6_SENDMSG, - AF_INET6, - SOCK_DGRAM, - SERV6_IP, - SERV6_PORT, - SERV6_REWRITE_IP, - SERV6_REWRITE_PORT, - SRC6_REWRITE_IP, - SYSCALL_EPERM, - }, }; static int load_insns(const struct sock_addr_test *test, @@ -431,22 +402,6 @@ static int connect6_prog_load(const struct sock_addr_test *test) return load_path(test, CONNECT6_PROG_PATH); } -static int xmsg_ret_only_prog_load(const struct sock_addr_test *test, - int32_t rc) -{ - struct bpf_insn insns[] = { - /* return rc */ - BPF_MOV64_IMM(BPF_REG_0, rc), - BPF_EXIT_INSN(), - }; - return load_insns(test, insns, ARRAY_SIZE(insns)); -} - -static int sendmsg_deny_prog_load(const struct sock_addr_test *test) -{ - return xmsg_ret_only_prog_load(test, /*rc*/ 0); -} - static int sendmsg4_rw_asm_prog_load(const struct sock_addr_test *test) { struct sockaddr_in dst4_rw_addr; From patchwork Fri May 10 19:02:25 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jordan Rife X-Patchwork-Id: 13661855 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-yw1-f202.google.com (mail-yw1-f202.google.com [209.85.128.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E528345977 for ; Fri, 10 May 2024 19:03:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715367784; cv=none; b=lNHpAeLdJSrAhDSEZJh4vXo0LW7vzdCnczwcGTD2v6+zWh6VzZtwvj3pNRUBgx3fq3rtG3TTT/pO+MTLbLJAggWZRvcb+tbUY8968IyfBSGO04RFd6mECksrciVS/jG7JEyVEW5L4YqoEu8360VxTPZlQyz/su3AobqqQpwkzS8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715367784; c=relaxed/simple; bh=egpM+SS0LirfD5WSVqAIq0kMKcw13G77ryxMRFCOIQ0=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=ktwETSLKm/zyBxHc3LdPTamRiIJkqFpudIbt5q5eOqKZOOdaylUCgvYqqkP9c0p7Efyo4Y5bstT6CV7bstndGqPCDOBc/gyTWkGYwYhr+mKGlm24JWx3sHwLta550WnXRb+6CY8G36xtaY/3ubyidcSDPLg/6S06zeeTs5tP1m4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--jrife.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=fJPk/9Fo; arc=none smtp.client-ip=209.85.128.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--jrife.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="fJPk/9Fo" Received: by mail-yw1-f202.google.com with SMTP id 00721157ae682-61be325413eso29821827b3.1 for ; Fri, 10 May 2024 12:03:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1715367782; x=1715972582; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=hHfwMebtZT2WFxMtw8SrwWjcPDYGaUi97DICNoF8ucc=; b=fJPk/9Fo64etC0qTGOsS8EeZ+c2cXyZQG7//r086GLFFYfBjN90eJrYVld4MdJgkLO QkkTDFkPfkb6Ng9Lfa2vbdoWsEaaSmMlP8lwk7XqNlyg7Jd99Gper65/OBNVCh7WFj7I P0nhvH8qWOa05vooCUyV3YS9wExGaknDsRKCrOEtMbUkGoYht9eEGkUd5htJWRO2Xioe N38mCaR1E6F2tYwG66vIWJ/atNDVdP8sFa48uyfgnAH6IPnj7Zx+LhdfpI84lJuSBu8+ TDl0qyHCryOT6UZs1+MReftmPjDec1l0Z+0xKPD0S5QWdvhNRJYRHJ12BAs3zWmOaPh9 Bi0w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715367782; x=1715972582; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=hHfwMebtZT2WFxMtw8SrwWjcPDYGaUi97DICNoF8ucc=; b=jV1MAhN33bOvc2b3eqhGVM10lsLK16pgigAJIBQRUHcKbIaV2/uH/nY8GUXd/JqUFb s6so2e8asdib4aRqiFMGT35kIDHkUMpumxsBzHTGCYjQkNdugRgP/EUcfVwZGnmN4YRZ RfHPYfwKPK/nOl//+JIEZK5fk8h0bFKjX6Vl9fLfAevGBmW1bx3GgCj1VvODSzAf8HK5 OpmsiuqEvEiqKJMr7NsziKHtVNhFZ5PeETgi9zBXxDTjCI189Y969a2p77Y5fdMI/mX3 VSugyqucIElnKdSjNFacN1rg4BHGgItro4nXRGrz+WBsm6n8nfMEhtg715QFw7o5Scvc 0ILg== X-Gm-Message-State: AOJu0YzBR1B6OUqe0sn+rPIYiXOHZSs+kVCqpjYwTdkpQdMutLgT+NdB /UVxEnFg40PDM2ufHiaeThOamzU2uOdl9E9OmzAfHTcirJzsA6Rfq2g5dp1L2cE7Y0FGXXVWtMS IBEelLsnvhUGFQjsLp4Cps+rBxk5wwF485aN+aPZ3b8FRkOAyZGtXg31w4BAyGS1/qelS+8Hilk iwrLpy2KCQ1kU5Aeukax7vBgs= X-Google-Smtp-Source: AGHT+IG7fbQlnTrbXbgDBfbr6eGA00YeEBfy4lIhjdsALahrTgVDmpH+FiO197VLNr+GfHSnrbwoQxw+wQ== X-Received: from jrife.c.googlers.com ([fda3:e722:ac3:cc00:2b:ff92:c0a8:9f]) (user=jrife job=sendgmr) by 2002:a81:4884:0:b0:618:2ad1:a46f with SMTP id 00721157ae682-620992ea406mr14233357b3.2.1715367781807; Fri, 10 May 2024 12:03:01 -0700 (PDT) Date: Fri, 10 May 2024 14:02:25 -0500 In-Reply-To: <20240510190246.3247730-1-jrife@google.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240510190246.3247730-1-jrife@google.com> X-Mailer: git-send-email 2.45.0.118.g7fe29c98d7-goog Message-ID: <20240510190246.3247730-9-jrife@google.com> Subject: [PATCH v1 bpf-next 08/17] selftests/bpf: Migrate sendmsg6 v4 mapped address tests From: Jordan Rife To: bpf@vger.kernel.org Cc: Jordan Rife , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Mykola Lysenko , Shuah Khan , Geliang Tang , Daan De Meyer , Shung-Hsi Yu , linux-kselftest@vger.kernel.org X-Patchwork-Delegate: bpf@iogearbox.net Migrate test case from bpf/test_sock_addr.c ensuring that sendmsg returns -ENOTSUPP when sending to an IPv4-mapped IPv6 address to prog_tests/sock_addr.c. Signed-off-by: Jordan Rife --- .../selftests/bpf/prog_tests/sock_addr.c | 17 +++++++++++++ .../selftests/bpf/progs/sendmsg6_prog.c | 25 +++++++++++++++++++ tools/testing/selftests/bpf/test_sock_addr.c | 20 --------------- 3 files changed, 42 insertions(+), 20 deletions(-) diff --git a/tools/testing/selftests/bpf/prog_tests/sock_addr.c b/tools/testing/selftests/bpf/prog_tests/sock_addr.c index 634f7a31b35db..f096203171b17 100644 --- a/tools/testing/selftests/bpf/prog_tests/sock_addr.c +++ b/tools/testing/selftests/bpf/prog_tests/sock_addr.c @@ -447,6 +447,7 @@ BPF_SKEL_FUNCS(sendmsg4_prog, sendmsg_v4_deny_prog); BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_prog); BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_deny_prog); BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_preserve_dst_prog); +BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_v4mapped_prog); BPF_SKEL_FUNCS(sendmsg_unix_prog, sendmsg_unix_prog); BPF_SKEL_FUNCS(recvmsg4_prog, recvmsg4_prog); BPF_SKEL_FUNCS(recvmsg6_prog, recvmsg6_prog); @@ -832,6 +833,22 @@ static struct sock_addr_test tests[] = { SRC6_REWRITE_IP, SYSCALL_EPERM, }, + { + SOCK_ADDR_TEST_SENDMSG, + "sendmsg6: sendmsg IPv4-mapped IPv6 (dgram)", + sendmsg_v6_v4mapped_prog_load, + sendmsg_v6_v4mapped_prog_destroy, + BPF_CGROUP_UDP6_SENDMSG, + &user_ops, + AF_INET6, + SOCK_DGRAM, + SERV6_IP, + SERV6_PORT, + SERV6_REWRITE_IP, + SERV6_REWRITE_PORT, + SRC6_REWRITE_IP, + SYSCALL_ENOTSUPP, + }, { SOCK_ADDR_TEST_SENDMSG, "sendmsg_unix: sendmsg (dgram)", diff --git a/tools/testing/selftests/bpf/progs/sendmsg6_prog.c b/tools/testing/selftests/bpf/progs/sendmsg6_prog.c index 0c1825cb994d6..7611d9e17dd16 100644 --- a/tools/testing/selftests/bpf/progs/sendmsg6_prog.c +++ b/tools/testing/selftests/bpf/progs/sendmsg6_prog.c @@ -20,6 +20,11 @@ #define DST_REWRITE_IP6_2 0 #define DST_REWRITE_IP6_3 1 +#define DST_REWRITE_IP6_V4_MAPPED_0 0 +#define DST_REWRITE_IP6_V4_MAPPED_1 0 +#define DST_REWRITE_IP6_V4_MAPPED_2 0x0000FFFF +#define DST_REWRITE_IP6_V4_MAPPED_3 0xc0a80004 // 192.168.0.4 + #define DST_REWRITE_PORT6 6666 SEC("cgroup/sendmsg6") @@ -59,6 +64,26 @@ int sendmsg_v6_prog(struct bpf_sock_addr *ctx) return 1; } +SEC("cgroup/sendmsg6") +int sendmsg_v6_v4mapped_prog(struct bpf_sock_addr *ctx) +{ + /* Rewrite source. */ + ctx->msg_src_ip6[0] = bpf_htonl(SRC_REWRITE_IP6_0); + ctx->msg_src_ip6[1] = bpf_htonl(SRC_REWRITE_IP6_1); + ctx->msg_src_ip6[2] = bpf_htonl(SRC_REWRITE_IP6_2); + ctx->msg_src_ip6[3] = bpf_htonl(SRC_REWRITE_IP6_3); + + /* Rewrite destination. */ + ctx->user_ip6[0] = bpf_htonl(DST_REWRITE_IP6_V4_MAPPED_0); + ctx->user_ip6[1] = bpf_htonl(DST_REWRITE_IP6_V4_MAPPED_1); + ctx->user_ip6[2] = bpf_htonl(DST_REWRITE_IP6_V4_MAPPED_2); + ctx->user_ip6[3] = bpf_htonl(DST_REWRITE_IP6_V4_MAPPED_3); + + ctx->user_port = bpf_htons(DST_REWRITE_PORT6); + + return 1; +} + SEC("cgroup/sendmsg6") int sendmsg_v6_preserve_dst_prog(struct bpf_sock_addr *ctx) { diff --git a/tools/testing/selftests/bpf/test_sock_addr.c b/tools/testing/selftests/bpf/test_sock_addr.c index 91d88358090eb..4ead113753f81 100644 --- a/tools/testing/selftests/bpf/test_sock_addr.c +++ b/tools/testing/selftests/bpf/test_sock_addr.c @@ -94,7 +94,6 @@ static int connect4_prog_load(const struct sock_addr_test *test); static int connect6_prog_load(const struct sock_addr_test *test); static int sendmsg4_rw_asm_prog_load(const struct sock_addr_test *test); static int sendmsg6_rw_asm_prog_load(const struct sock_addr_test *test); -static int sendmsg6_rw_v4mapped_prog_load(const struct sock_addr_test *test); static int sendmsg6_rw_wildcard_prog_load(const struct sock_addr_test *test); static struct sock_addr_test tests[] = { @@ -299,20 +298,6 @@ static struct sock_addr_test tests[] = { SRC6_REWRITE_IP, SUCCESS, }, - { - "sendmsg6: IPv4-mapped IPv6", - sendmsg6_rw_v4mapped_prog_load, - BPF_CGROUP_UDP6_SENDMSG, - BPF_CGROUP_UDP6_SENDMSG, - AF_INET6, - SOCK_DGRAM, - SERV6_IP, - SERV6_PORT, - SERV6_REWRITE_IP, - SERV6_REWRITE_PORT, - SRC6_REWRITE_IP, - SYSCALL_ENOTSUPP, - }, { "sendmsg6: set dst IP = [::] (BSD'ism)", sendmsg6_rw_wildcard_prog_load, @@ -512,11 +497,6 @@ static int sendmsg6_rw_asm_prog_load(const struct sock_addr_test *test) return sendmsg6_rw_dst_asm_prog_load(test, SERV6_REWRITE_IP); } -static int sendmsg6_rw_v4mapped_prog_load(const struct sock_addr_test *test) -{ - return sendmsg6_rw_dst_asm_prog_load(test, SERV6_V4MAPPED_IP); -} - static int sendmsg6_rw_wildcard_prog_load(const struct sock_addr_test *test) { return sendmsg6_rw_dst_asm_prog_load(test, WILDCARD6_IP); From patchwork Fri May 10 19:02:26 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jordan Rife X-Patchwork-Id: 13661856 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-io1-f73.google.com (mail-io1-f73.google.com [209.85.166.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2D82745023 for ; Fri, 10 May 2024 19:03:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.166.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715367785; cv=none; b=Iaet6Mrs2fbpApgMmuV+N330RDaq2MpaWGaAaOvOTlhJop7jk8dc1d4Z0YPtAxPtBk0la1/zo6PwMvw/u3+jEl6T0/I2++PxWyBZW2S5N7KwYYxPH8SetO30IeB3cpdna74c3ek/Tm+XPPr6Ftmw+3L3EDGRLQfxbE+brVXXyvk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715367785; c=relaxed/simple; bh=x1ZNclz6XGRBWGUVoJl7HuJKgg0IMpw6yDjx1ViCIuU=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=LqPJ+EJsFiHFWC3RFrPDbp0WRERXkrJLhehh75kQS8uJL52YQdp+Gt63TpxH0QGOrhmHEHmYs9b2THcUtOvWl+x4mOIt7O9Ekf/RoCh0TJ3lh1lzJ5Ayn1o7WtH3vL39DWp4dq3LGdIMHxdJrPBmNLCgQhGb8JNC95ZIG0Q3src= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--jrife.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=sdLbY0XZ; arc=none smtp.client-ip=209.85.166.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--jrife.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="sdLbY0XZ" Received: by mail-io1-f73.google.com with SMTP id ca18e2360f4ac-7e1964b70e2so263436139f.3 for ; Fri, 10 May 2024 12:03:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1715367783; x=1715972583; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=+TSjlpAbaeVwYFm50W1bDQVoMu+XNSE+u70UoXzQquw=; b=sdLbY0XZx1Xj4ntFX81LiGFZpgrhbvjFrMe3gdrv7dwbVuWVuXsP+yIOMlH1/JTqbv XXE2X7YaTV1g7NZFp5ECGkquqVIKkGeLyLKM/tMgQtp2TnQPEg7/Z4WY6/BAj0YhI+qT 49DcOn+9Vgoh1IP4cvbJTT8HEz5ly5GqJUi8HnsmBsnpwbOOT+w2+Wd26Hzl1ETw9KmN 1+pnV8tPoeJ9wxV5P0ulpgbOV58uzRae4EucFPs0aXkjGRitG57AJAnjKDJsg3UoFxaI kokzXCwv3mkVMZypcY/jTSd1f9hIyLYFI1mMjvV2JtDVSWE4DTzamTaENiVfjFXw4Bbx MuOA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715367783; x=1715972583; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=+TSjlpAbaeVwYFm50W1bDQVoMu+XNSE+u70UoXzQquw=; b=E5E192XG3FkwwB9bXG6a/e7XWJi2Y9aTXUp+bn5pGZpHgTEH0OlKfQQqehRs/upTVk E/txFFSAxrZmM9SNKfp+cj5Z4PCpf6FbSGq91PivTDQgMM6sw3G6p33e5R/UUdKLz8ow ZTRl721JV1Zxulna+xYjVn5+xKVwuy4Br1SiRcSBbboO/gaMcAlKuRQGayQo1jIiJ2vc KJLHbII0K56hoAc5LpNVZKCaNcH0lW4pelLucZBWpQgyF2jE/rbQ/ZFIcIECuGjbr2iO veMV0XnwoDUOjyGcoMyGoJNj3lqlmMVywO34l5iJHGHwkERuUMUB2e4/HxbJ7SNFyJfe HjlQ== X-Gm-Message-State: AOJu0YxGlTlfIBwBdzMuGfVIS0KP1+C3GK5jFNrVLuB7wSsE1lKD6RBK 0G8cZsm7we3wxeCxpTlWlMNdCaM9LedrtaKjqzNBPSx4fxVyGsJ6aIlLtbCDvRnzsa32mhFSP7k goTR3euw6xCK8fYNYwpjRVxDhfIjeC6Vxm65KpcKRMNyDt3Vwo+RzJ4bVjmlC6RYMYYbs3yDQuF VC4nYgTklzdCB1zt3W5BU8xl8= X-Google-Smtp-Source: AGHT+IEQoatQan0lpFkrvfA58RP4++KSHeceHI8QfPqVVTGdFHvSHbsGy01WpEwJkTUJHXL2NmkqWCmjHg== X-Received: from jrife.c.googlers.com ([fda3:e722:ac3:cc00:2b:ff92:c0a8:9f]) (user=jrife job=sendgmr) by 2002:a05:6638:890c:b0:488:e34a:5f78 with SMTP id 8926c6da1cb9f-4895955f570mr245796173.1.1715367783552; Fri, 10 May 2024 12:03:03 -0700 (PDT) Date: Fri, 10 May 2024 14:02:26 -0500 In-Reply-To: <20240510190246.3247730-1-jrife@google.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240510190246.3247730-1-jrife@google.com> X-Mailer: git-send-email 2.45.0.118.g7fe29c98d7-goog Message-ID: <20240510190246.3247730-10-jrife@google.com> Subject: [PATCH v1 bpf-next 09/17] selftests/bpf: Migrate wildcard destination rewrite test From: Jordan Rife To: bpf@vger.kernel.org Cc: Jordan Rife , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Mykola Lysenko , Shuah Khan , Geliang Tang , Daan De Meyer , Shung-Hsi Yu , linux-kselftest@vger.kernel.org X-Patchwork-Delegate: bpf@iogearbox.net Migrate test case from bpf/test_sock_addr.c ensuring that sendmsg respects when sendmsg6 hooks rewrite the destination IP with the IPv6 wildcard IP, [::]. Signed-off-by: Jordan Rife --- .../selftests/bpf/prog_tests/sock_addr.c | 17 ++++++++++++++++ .../selftests/bpf/progs/sendmsg6_prog.c | 20 +++++++++++++++++++ tools/testing/selftests/bpf/test_sock_addr.c | 20 ------------------- 3 files changed, 37 insertions(+), 20 deletions(-) diff --git a/tools/testing/selftests/bpf/prog_tests/sock_addr.c b/tools/testing/selftests/bpf/prog_tests/sock_addr.c index f096203171b17..e3c450d11b9ef 100644 --- a/tools/testing/selftests/bpf/prog_tests/sock_addr.c +++ b/tools/testing/selftests/bpf/prog_tests/sock_addr.c @@ -448,6 +448,7 @@ BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_prog); BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_deny_prog); BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_preserve_dst_prog); BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_v4mapped_prog); +BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_wildcard_prog); BPF_SKEL_FUNCS(sendmsg_unix_prog, sendmsg_unix_prog); BPF_SKEL_FUNCS(recvmsg4_prog, recvmsg4_prog); BPF_SKEL_FUNCS(recvmsg6_prog, recvmsg6_prog); @@ -849,6 +850,22 @@ static struct sock_addr_test tests[] = { SRC6_REWRITE_IP, SYSCALL_ENOTSUPP, }, + { + SOCK_ADDR_TEST_SENDMSG, + "sendmsg6: sendmsg dst IP = [::] (BSD'ism) (dgram)", + sendmsg_v6_wildcard_prog_load, + sendmsg_v6_wildcard_prog_destroy, + BPF_CGROUP_UDP6_SENDMSG, + &user_ops, + AF_INET6, + SOCK_DGRAM, + SERV6_IP, + SERV6_PORT, + SERV6_REWRITE_IP, + SERV6_REWRITE_PORT, + SRC6_REWRITE_IP, + SUCCESS, + }, { SOCK_ADDR_TEST_SENDMSG, "sendmsg_unix: sendmsg (dgram)", diff --git a/tools/testing/selftests/bpf/progs/sendmsg6_prog.c b/tools/testing/selftests/bpf/progs/sendmsg6_prog.c index 7611d9e17dd16..36a7f960799f0 100644 --- a/tools/testing/selftests/bpf/progs/sendmsg6_prog.c +++ b/tools/testing/selftests/bpf/progs/sendmsg6_prog.c @@ -84,6 +84,26 @@ int sendmsg_v6_v4mapped_prog(struct bpf_sock_addr *ctx) return 1; } +SEC("cgroup/sendmsg6") +int sendmsg_v6_wildcard_prog(struct bpf_sock_addr *ctx) +{ + /* Rewrite source. */ + ctx->msg_src_ip6[0] = bpf_htonl(SRC_REWRITE_IP6_0); + ctx->msg_src_ip6[1] = bpf_htonl(SRC_REWRITE_IP6_1); + ctx->msg_src_ip6[2] = bpf_htonl(SRC_REWRITE_IP6_2); + ctx->msg_src_ip6[3] = bpf_htonl(SRC_REWRITE_IP6_3); + + /* Rewrite destination. */ + ctx->user_ip6[0] = bpf_htonl(0); + ctx->user_ip6[1] = bpf_htonl(0); + ctx->user_ip6[2] = bpf_htonl(0); + ctx->user_ip6[3] = bpf_htonl(0); + + ctx->user_port = bpf_htons(DST_REWRITE_PORT6); + + return 1; +} + SEC("cgroup/sendmsg6") int sendmsg_v6_preserve_dst_prog(struct bpf_sock_addr *ctx) { diff --git a/tools/testing/selftests/bpf/test_sock_addr.c b/tools/testing/selftests/bpf/test_sock_addr.c index 4ead113753f81..85fb2a793be50 100644 --- a/tools/testing/selftests/bpf/test_sock_addr.c +++ b/tools/testing/selftests/bpf/test_sock_addr.c @@ -94,7 +94,6 @@ static int connect4_prog_load(const struct sock_addr_test *test); static int connect6_prog_load(const struct sock_addr_test *test); static int sendmsg4_rw_asm_prog_load(const struct sock_addr_test *test); static int sendmsg6_rw_asm_prog_load(const struct sock_addr_test *test); -static int sendmsg6_rw_wildcard_prog_load(const struct sock_addr_test *test); static struct sock_addr_test tests[] = { /* bind */ @@ -298,20 +297,6 @@ static struct sock_addr_test tests[] = { SRC6_REWRITE_IP, SUCCESS, }, - { - "sendmsg6: set dst IP = [::] (BSD'ism)", - sendmsg6_rw_wildcard_prog_load, - BPF_CGROUP_UDP6_SENDMSG, - BPF_CGROUP_UDP6_SENDMSG, - AF_INET6, - SOCK_DGRAM, - SERV6_IP, - SERV6_PORT, - SERV6_REWRITE_IP, - SERV6_REWRITE_PORT, - SRC6_REWRITE_IP, - SUCCESS, - }, }; static int load_insns(const struct sock_addr_test *test, @@ -497,11 +482,6 @@ static int sendmsg6_rw_asm_prog_load(const struct sock_addr_test *test) return sendmsg6_rw_dst_asm_prog_load(test, SERV6_REWRITE_IP); } -static int sendmsg6_rw_wildcard_prog_load(const struct sock_addr_test *test) -{ - return sendmsg6_rw_dst_asm_prog_load(test, WILDCARD6_IP); -} - static int cmp_addr(const struct sockaddr_storage *addr1, const struct sockaddr_storage *addr2, int cmp_port) { From patchwork Fri May 10 19:02:27 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jordan Rife X-Patchwork-Id: 13661857 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-io1-f74.google.com (mail-io1-f74.google.com [209.85.166.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0E5681E525 for ; Fri, 10 May 2024 19:03:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.166.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715367787; cv=none; b=tX+b8m7UOhJ+NpFGaqVW1HEIKFjJWmYKZyi4lpEH3/FA0+ywo2NdlyeeFgjen/1vmuYunbdARMt2tiBPn6JocxxN3tvlvPHN0LVkEVSqeftm08gRBTJR0SNxB9BbEfuHKGY5qM4U+KkXELwT7SVpHKF+SUyR4HSyKqq9rHfRoK8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715367787; c=relaxed/simple; bh=o7PBn6L8KHD5r73yZ+KXTGgNNI8XrNjMpiFFTo119nE=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=ZrE2zXQyM/kZ7p9RV0ah4Yv9agyMzbLD2WebIbCKSqwUo+mC/EtAdipyZanpdACNdKMbGVIqVpEFqGIh2r0fFbwOcNgE8tW+hYNOKnlluURsaJQQ9kx2RSDeH0pxlmjljNXfoKVS7VJfgZbU4iGz1msDMmAIDpk0+Qaq0Hk1L/8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--jrife.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=v6ykovTM; arc=none smtp.client-ip=209.85.166.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--jrife.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="v6ykovTM" Received: by mail-io1-f74.google.com with SMTP id ca18e2360f4ac-7dab89699a8so234258139f.2 for ; Fri, 10 May 2024 12:03:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1715367785; x=1715972585; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=0npXBcT31rOcPOResCKMLES9ZP4MLJOzqmhEllV+e5Q=; b=v6ykovTMweY9c+QQma0E2m4ENBKnsJt92FT4yUEGZIHIyE2/4rqZZ+ms1QDFOVQOx0 rD1rr/hKKpsm3SPLnG3GJsKxZX6ng3g3xobUv75oRTiw3n3v3BQd2sBuFepNfFJQiGf0 4PRq4GBJ6zDgu3HO3qNkiWM1nxG5tdq8TW+u5nUqvG0mveYer/jus1BIvsFZNfuemlCF zCHgqPGKOxS12AuO9vFEtrAgkoWOztJqFh9OYyqoW6jK6LKU8j8tDC971Km3R7Qn8VkQ FP3VYyNqLaTISOLe+XR9AbD6KTqY1U7e3HkgjZW2ELOTNqH+55ndqkPPPaU7xgfqyQPO 1Ffw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715367785; x=1715972585; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=0npXBcT31rOcPOResCKMLES9ZP4MLJOzqmhEllV+e5Q=; b=H5o/7gbOKA7fQ4nv5bhyKLjZuLfnnnPPl0MtVdIWEx1erXfb7MmzmSceOMh5D+PE7M BxVG5HfC/2s/oTrz+9Eg56/ceCw8GwBp3KtdbaxMEQuKfoNbQnrpENIAmoKePHOu6kV4 bO47UFYd71oQ2h4v+EjFh0bu61TGOJFRtQlbPaa5NlCszyyQwlDdEL8AWOQenP4OH93E pM0MtJwZEfn7FhrQBA7xvLlXvPvZALi5h00urYOg237f3FIFIgMQgeg/bt3rBw9aTGKM ebjCDL5763H+RVBQUcMBrK7aEAxoGtHYNEn8PVriAVHIvY9ojRk642YkdE9Mc6LnmT3H +YDQ== X-Gm-Message-State: AOJu0Yw8krYDz5HA22bUMTtdB5ThVV03mrSXx99NZc6mCphCVCZWEh1T XWmBIUUo650YKlfuxBKsHOrfS8u+9PecWxo03Fx0s1smQUZaiubzIMOQRfxZYPJmWSIQwRTVxA9 pk/cJ6SJ1hvXR2MWj3u45ko8dg77znVh/N30gsCx7f5PhLWhTPJG54p8+QinDwpScyvfdIXYFRs eQF63xIr8l882rfaU0xyyH4P4= X-Google-Smtp-Source: AGHT+IGZtITWsgx6zg8OE77gXG1kr4XzHCeKyGHBOMXXoh970ep5T0+pusZggk04pc+52Fju3a9U+uJ83A== X-Received: from jrife.c.googlers.com ([fda3:e722:ac3:cc00:2b:ff92:c0a8:9f]) (user=jrife job=sendgmr) by 2002:a05:6638:872a:b0:488:7a00:9343 with SMTP id 8926c6da1cb9f-489589c27b6mr226053173.0.1715367785261; Fri, 10 May 2024 12:03:05 -0700 (PDT) Date: Fri, 10 May 2024 14:02:27 -0500 In-Reply-To: <20240510190246.3247730-1-jrife@google.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240510190246.3247730-1-jrife@google.com> X-Mailer: git-send-email 2.45.0.118.g7fe29c98d7-goog Message-ID: <20240510190246.3247730-11-jrife@google.com> Subject: [PATCH v1 bpf-next 10/17] selftests/bpf: Migrate expected_attach_type tests From: Jordan Rife To: bpf@vger.kernel.org Cc: Jordan Rife , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Mykola Lysenko , Shuah Khan , Geliang Tang , Daan De Meyer , Shung-Hsi Yu , linux-kselftest@vger.kernel.org X-Patchwork-Delegate: bpf@iogearbox.net Migrates tests from progs/test_sock_addr.c ensuring that programs fail to load when the expected attach type does not match. Signed-off-by: Jordan Rife --- .../selftests/bpf/prog_tests/sock_addr.c | 96 +++++++++++++++++++ tools/testing/selftests/bpf/test_sock_addr.c | 84 ---------------- 2 files changed, 96 insertions(+), 84 deletions(-) diff --git a/tools/testing/selftests/bpf/prog_tests/sock_addr.c b/tools/testing/selftests/bpf/prog_tests/sock_addr.c index e3c450d11b9ef..8c7c56f997549 100644 --- a/tools/testing/selftests/bpf/prog_tests/sock_addr.c +++ b/tools/testing/selftests/bpf/prog_tests/sock_addr.c @@ -490,6 +490,22 @@ static struct sock_addr_test tests[] = { NULL, SUCCESS, }, + { + SOCK_ADDR_TEST_BIND, + "bind4: load prog with wrong expected attach type", + bind_v4_prog_load, + bind_v4_prog_destroy, + BPF_CGROUP_INET6_BIND, + &user_ops, + AF_INET, + SOCK_STREAM, + NULL, + 0, + NULL, + 0, + NULL, + LOAD_REJECT, + }, { SOCK_ADDR_TEST_BIND, "bind6: bind (stream)", @@ -522,6 +538,22 @@ static struct sock_addr_test tests[] = { NULL, SUCCESS, }, + { + SOCK_ADDR_TEST_BIND, + "bind6: load prog with wrong expected attach type", + bind_v6_prog_load, + bind_v6_prog_destroy, + BPF_CGROUP_INET4_BIND, + &user_ops, + AF_INET6, + SOCK_STREAM, + NULL, + 0, + NULL, + 0, + NULL, + LOAD_REJECT, + }, /* bind - kernel calls */ { @@ -622,6 +654,22 @@ static struct sock_addr_test tests[] = { SRC4_REWRITE_IP, SUCCESS, }, + { + SOCK_ADDR_TEST_CONNECT, + "connect4: load prog with wrong expected attach type", + connect_v4_prog_load, + connect_v4_prog_destroy, + BPF_CGROUP_INET6_CONNECT, + &user_ops, + AF_INET, + SOCK_STREAM, + NULL, + 0, + NULL, + 0, + NULL, + LOAD_REJECT, + }, { SOCK_ADDR_TEST_CONNECT, "connect6: connect (stream)", @@ -654,6 +702,22 @@ static struct sock_addr_test tests[] = { SRC6_REWRITE_IP, SUCCESS, }, + { + SOCK_ADDR_TEST_CONNECT, + "connect6: load prog with wrong expected attach type", + connect_v6_prog_load, + connect_v6_prog_destroy, + BPF_CGROUP_INET4_CONNECT, + &user_ops, + AF_INET6, + SOCK_STREAM, + NULL, + 0, + NULL, + 0, + NULL, + LOAD_REJECT, + }, { SOCK_ADDR_TEST_CONNECT, "connect_unix: connect (stream)", @@ -786,6 +850,22 @@ static struct sock_addr_test tests[] = { SRC4_REWRITE_IP, SYSCALL_EPERM, }, + { + SOCK_ADDR_TEST_SENDMSG, + "sendmsg4: load prog with wrong expected attach type", + sendmsg_v4_prog_load, + sendmsg_v4_prog_destroy, + BPF_CGROUP_UDP6_SENDMSG, + &user_ops, + AF_INET, + SOCK_DGRAM, + NULL, + 0, + NULL, + 0, + NULL, + LOAD_REJECT, + }, { SOCK_ADDR_TEST_SENDMSG, "sendmsg6: sendmsg (dgram)", @@ -866,6 +946,22 @@ static struct sock_addr_test tests[] = { SRC6_REWRITE_IP, SUCCESS, }, + { + SOCK_ADDR_TEST_SENDMSG, + "sendmsg6: load prog with wrong expected attach type", + sendmsg_v6_prog_load, + sendmsg_v6_prog_destroy, + BPF_CGROUP_UDP4_SENDMSG, + &user_ops, + AF_INET6, + SOCK_DGRAM, + NULL, + 0, + NULL, + 0, + NULL, + LOAD_REJECT, + }, { SOCK_ADDR_TEST_SENDMSG, "sendmsg_unix: sendmsg (dgram)", diff --git a/tools/testing/selftests/bpf/test_sock_addr.c b/tools/testing/selftests/bpf/test_sock_addr.c index 85fb2a793be50..4ecbc72477f1f 100644 --- a/tools/testing/selftests/bpf/test_sock_addr.c +++ b/tools/testing/selftests/bpf/test_sock_addr.c @@ -97,20 +97,6 @@ static int sendmsg6_rw_asm_prog_load(const struct sock_addr_test *test); static struct sock_addr_test tests[] = { /* bind */ - { - "bind4: load prog with wrong expected attach type", - bind4_prog_load, - BPF_CGROUP_INET6_BIND, - BPF_CGROUP_INET4_BIND, - AF_INET, - SOCK_STREAM, - NULL, - 0, - NULL, - 0, - NULL, - LOAD_REJECT, - }, { "bind4: attach prog with wrong attach type", bind4_prog_load, @@ -125,20 +111,6 @@ static struct sock_addr_test tests[] = { NULL, ATTACH_REJECT, }, - { - "bind6: load prog with wrong expected attach type", - bind6_prog_load, - BPF_CGROUP_INET4_BIND, - BPF_CGROUP_INET6_BIND, - AF_INET6, - SOCK_STREAM, - NULL, - 0, - NULL, - 0, - NULL, - LOAD_REJECT, - }, { "bind6: attach prog with wrong attach type", bind6_prog_load, @@ -155,20 +127,6 @@ static struct sock_addr_test tests[] = { }, /* connect */ - { - "connect4: load prog with wrong expected attach type", - connect4_prog_load, - BPF_CGROUP_INET6_CONNECT, - BPF_CGROUP_INET4_CONNECT, - AF_INET, - SOCK_STREAM, - NULL, - 0, - NULL, - 0, - NULL, - LOAD_REJECT, - }, { "connect4: attach prog with wrong attach type", connect4_prog_load, @@ -183,20 +141,6 @@ static struct sock_addr_test tests[] = { NULL, ATTACH_REJECT, }, - { - "connect6: load prog with wrong expected attach type", - connect6_prog_load, - BPF_CGROUP_INET4_CONNECT, - BPF_CGROUP_INET6_CONNECT, - AF_INET6, - SOCK_STREAM, - NULL, - 0, - NULL, - 0, - NULL, - LOAD_REJECT, - }, { "connect6: attach prog with wrong attach type", connect6_prog_load, @@ -213,20 +157,6 @@ static struct sock_addr_test tests[] = { }, /* sendmsg */ - { - "sendmsg4: load prog with wrong expected attach type", - sendmsg4_rw_asm_prog_load, - BPF_CGROUP_UDP6_SENDMSG, - BPF_CGROUP_UDP4_SENDMSG, - AF_INET, - SOCK_DGRAM, - NULL, - 0, - NULL, - 0, - NULL, - LOAD_REJECT, - }, { "sendmsg4: attach prog with wrong attach type", sendmsg4_rw_asm_prog_load, @@ -255,20 +185,6 @@ static struct sock_addr_test tests[] = { SRC4_REWRITE_IP, SUCCESS, }, - { - "sendmsg6: load prog with wrong expected attach type", - sendmsg6_rw_asm_prog_load, - BPF_CGROUP_UDP4_SENDMSG, - BPF_CGROUP_UDP6_SENDMSG, - AF_INET6, - SOCK_DGRAM, - NULL, - 0, - NULL, - 0, - NULL, - LOAD_REJECT, - }, { "sendmsg6: attach prog with wrong attach type", sendmsg6_rw_asm_prog_load, From patchwork Fri May 10 19:02:28 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jordan Rife X-Patchwork-Id: 13661858 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-io1-f74.google.com (mail-io1-f74.google.com [209.85.166.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A0CF147F6F for ; Fri, 10 May 2024 19:03:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.166.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715367789; cv=none; b=qIjzrLWdGLT9uv3BF+G2GnC+FW6sBYGXJEMKX5HbqmbXx0a4qVW8T0vsxyweW/keLmHK5hc8Xjm3Dl6QrnHixXyDjr7c66ildZduUVHuXPjN5nKVxjJifoC6D+efQQJVmosDA1rJde0Mrb/LOCAzN9n+5z1a7sdjSSvQinBgnDQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715367789; c=relaxed/simple; bh=VMyugVAQ8Ub1DGTFanqOI4/2k/P0xtDqyEZKFeH42jI=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=GLUvmBWk3j4EiwSstAVIh9dstNCGFQcbFTDHeg/+rGSzZRqvfdl+oKpzUmP6UdRylkai343jyRCeIR+Xb0WIBinADs8j6JvKYr+iYVEVTdloeDcGP0b+xiHpmu0eQ2omfSybMT6ZJiTpI04xD1K6jPllJHD7OmJHRsRXKJ+PECc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--jrife.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=wjr356MK; arc=none smtp.client-ip=209.85.166.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--jrife.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="wjr356MK" Received: by mail-io1-f74.google.com with SMTP id ca18e2360f4ac-7dab89699a8so234261439f.2 for ; Fri, 10 May 2024 12:03:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1715367787; x=1715972587; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=o5Qphk0OKRqdStjeaxrPqPTmxPnx+FOSWajJd14XMpA=; b=wjr356MKaQzC3u+fgqp2IEtA057NAKoLs28/1i8tEQaN8vrQWQJyAS0hjz4tvB+Qrs TH/WWDgMK45+vUfy9oWq9f9tEgVAeGsI2LBQLYK5zPSg+A291KN+mceWzb0zstkwgjqp TWePi14UjA+yfbv+EvFHcNQZrl57n4OldfSfQRipJhTEwloR/OVxA3YWxddkfVGuHPsy gHzoWmkqqhlDBnT6cMMnbGo6a5rJFWmQlyHR9SiPyFIUrRboQiYekPn7hEedVfd6Qkeh fAk69Q2/HcIhXccfYWosMmNDe0Jg9h7/DkCHsYzptjrWRxuz/30l3QAj3Ofi7by106OT LdaQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715367787; x=1715972587; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=o5Qphk0OKRqdStjeaxrPqPTmxPnx+FOSWajJd14XMpA=; b=QWn8/s0Ccw6aexs5ITUeYUzO9FBv6wf0gtmwEVU+uxWR6oDcmoWgO5o99FGdQmQR2N /qh/V5j3naNNdmeS0PzG43GOrV+YxTHXaMs4v8DR94ixixtRFYo3K0HXXCjo1UM9E4GW LOb0PMAUNp3ZadqzurH4FxeA6sfKocyAwSdWb6/yx8PqoWE0flXttOCoi12VoTgL0Rfb aNoMaB3Q0OWa13cBtxm2KRW27ZShNjlQ8N/cxFKf0/8ISXA9kDi2BVCN6jZKo2qU6UBv R4XDqM9HgKXq9yQZHQno+YIjerkqaIjEoI/KbpBnpHopP5cXfIvOTWkaY9NEPZfUaGnU GrVw== X-Gm-Message-State: AOJu0YzAwcNAHRWgKQNz12chRKMGcChWCNCUOrEUnGJGQxj7ts/nGUcF o0fH5At1e5fCG1x1Ti3mO1o/2QBAVLF0nuOIHQMKj/L6xojpXFVdyE9QkIhCbhPOL6O5u86NQ5q HZQdL28y0qw29nIJ5rYsUVCrV3uy3yT333WuPk2VgJ99rjps/KJe0sdGyAkKi2bTCCGz2hwz9xJ 1OhpNx0I/a2yRyh0VeyzAwr64= X-Google-Smtp-Source: AGHT+IH9MvaFKRLstHKq2Et97J3n4iTmX6fh7j0LE0aUv6M3Muldzo4QSXXpNLJjm/sjgQ0ULTEMIiBg+A== X-Received: from jrife.c.googlers.com ([fda3:e722:ac3:cc00:2b:ff92:c0a8:9f]) (user=jrife job=sendgmr) by 2002:a05:6638:140d:b0:488:7838:5ab6 with SMTP id 8926c6da1cb9f-4895a1ac748mr175589173.5.1715367786811; Fri, 10 May 2024 12:03:06 -0700 (PDT) Date: Fri, 10 May 2024 14:02:28 -0500 In-Reply-To: <20240510190246.3247730-1-jrife@google.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240510190246.3247730-1-jrife@google.com> X-Mailer: git-send-email 2.45.0.118.g7fe29c98d7-goog Message-ID: <20240510190246.3247730-12-jrife@google.com> Subject: [PATCH v1 bpf-next 11/17] selftests/bpf: Migrate ATTACH_REJECT test cases From: Jordan Rife To: bpf@vger.kernel.org Cc: Jordan Rife , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Mykola Lysenko , Shuah Khan , Geliang Tang , Daan De Meyer , Shung-Hsi Yu , linux-kselftest@vger.kernel.org X-Patchwork-Delegate: bpf@iogearbox.net Migrate test case from bpf/test_sock_addr.c ensuring that program attachment fails when using an inappropriate attach type. Signed-off-by: Jordan Rife --- .../selftests/bpf/prog_tests/sock_addr.c | 102 ++++++++++++ tools/testing/selftests/bpf/test_sock_addr.c | 146 ------------------ 2 files changed, 102 insertions(+), 146 deletions(-) diff --git a/tools/testing/selftests/bpf/prog_tests/sock_addr.c b/tools/testing/selftests/bpf/prog_tests/sock_addr.c index 8c7c56f997549..ebd5e58e38c5c 100644 --- a/tools/testing/selftests/bpf/prog_tests/sock_addr.c +++ b/tools/testing/selftests/bpf/prog_tests/sock_addr.c @@ -438,13 +438,19 @@ static void prog_name##_destroy(void *skel) \ } BPF_SKEL_FUNCS(bind4_prog, bind_v4_prog); +BPF_SKEL_FUNCS_RAW(bind4_prog, bind_v4_prog); BPF_SKEL_FUNCS(bind6_prog, bind_v6_prog); +BPF_SKEL_FUNCS_RAW(bind6_prog, bind_v6_prog); BPF_SKEL_FUNCS(connect4_prog, connect_v4_prog); +BPF_SKEL_FUNCS_RAW(connect4_prog, connect_v4_prog); BPF_SKEL_FUNCS(connect6_prog, connect_v6_prog); +BPF_SKEL_FUNCS_RAW(connect6_prog, connect_v6_prog); BPF_SKEL_FUNCS(connect_unix_prog, connect_unix_prog); BPF_SKEL_FUNCS(sendmsg4_prog, sendmsg_v4_prog); +BPF_SKEL_FUNCS_RAW(sendmsg4_prog, sendmsg_v4_prog); BPF_SKEL_FUNCS(sendmsg4_prog, sendmsg_v4_deny_prog); BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_prog); +BPF_SKEL_FUNCS_RAW(sendmsg6_prog, sendmsg_v6_prog); BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_deny_prog); BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_preserve_dst_prog); BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_v4mapped_prog); @@ -506,6 +512,22 @@ static struct sock_addr_test tests[] = { NULL, LOAD_REJECT, }, + { + SOCK_ADDR_TEST_BIND, + "bind4: attach prog with wrong attach type", + bind_v4_prog_load_raw, + bind_v4_prog_destroy_raw, + BPF_CGROUP_INET6_BIND, + &user_ops, + AF_INET, + SOCK_STREAM, + NULL, + 0, + NULL, + 0, + NULL, + ATTACH_REJECT, + }, { SOCK_ADDR_TEST_BIND, "bind6: bind (stream)", @@ -554,6 +576,22 @@ static struct sock_addr_test tests[] = { NULL, LOAD_REJECT, }, + { + SOCK_ADDR_TEST_BIND, + "bind6: attach prog with wrong attach type", + bind_v6_prog_load_raw, + bind_v6_prog_destroy_raw, + BPF_CGROUP_INET4_BIND, + &user_ops, + AF_INET, + SOCK_STREAM, + NULL, + 0, + NULL, + 0, + NULL, + ATTACH_REJECT, + }, /* bind - kernel calls */ { @@ -670,6 +708,22 @@ static struct sock_addr_test tests[] = { NULL, LOAD_REJECT, }, + { + SOCK_ADDR_TEST_CONNECT, + "connect4: attach prog with wrong attach type", + connect_v4_prog_load_raw, + connect_v4_prog_destroy_raw, + BPF_CGROUP_INET6_CONNECT, + &user_ops, + AF_INET, + SOCK_STREAM, + NULL, + 0, + NULL, + 0, + NULL, + ATTACH_REJECT, + }, { SOCK_ADDR_TEST_CONNECT, "connect6: connect (stream)", @@ -718,6 +772,22 @@ static struct sock_addr_test tests[] = { NULL, LOAD_REJECT, }, + { + SOCK_ADDR_TEST_CONNECT, + "connect6: attach prog with wrong attach type", + connect_v6_prog_load_raw, + connect_v6_prog_destroy_raw, + BPF_CGROUP_INET4_CONNECT, + &user_ops, + AF_INET, + SOCK_STREAM, + NULL, + 0, + NULL, + 0, + NULL, + ATTACH_REJECT, + }, { SOCK_ADDR_TEST_CONNECT, "connect_unix: connect (stream)", @@ -866,6 +936,22 @@ static struct sock_addr_test tests[] = { NULL, LOAD_REJECT, }, + { + SOCK_ADDR_TEST_SENDMSG, + "sendmsg4: attach prog with wrong attach type", + sendmsg_v4_prog_load_raw, + sendmsg_v4_prog_destroy_raw, + BPF_CGROUP_UDP6_SENDMSG, + &user_ops, + AF_INET, + SOCK_DGRAM, + NULL, + 0, + NULL, + 0, + NULL, + ATTACH_REJECT, + }, { SOCK_ADDR_TEST_SENDMSG, "sendmsg6: sendmsg (dgram)", @@ -962,6 +1048,22 @@ static struct sock_addr_test tests[] = { NULL, LOAD_REJECT, }, + { + SOCK_ADDR_TEST_SENDMSG, + "sendmsg6: attach prog with wrong attach type", + sendmsg_v6_prog_load_raw, + sendmsg_v6_prog_destroy_raw, + BPF_CGROUP_UDP4_SENDMSG, + &user_ops, + AF_INET6, + SOCK_DGRAM, + NULL, + 0, + NULL, + 0, + NULL, + ATTACH_REJECT, + }, { SOCK_ADDR_TEST_SENDMSG, "sendmsg_unix: sendmsg (dgram)", diff --git a/tools/testing/selftests/bpf/test_sock_addr.c b/tools/testing/selftests/bpf/test_sock_addr.c index 4ecbc72477f1f..311eda4f48645 100644 --- a/tools/testing/selftests/bpf/test_sock_addr.c +++ b/tools/testing/selftests/bpf/test_sock_addr.c @@ -88,89 +88,11 @@ struct sock_addr_test { } expected_result; }; -static int bind4_prog_load(const struct sock_addr_test *test); -static int bind6_prog_load(const struct sock_addr_test *test); -static int connect4_prog_load(const struct sock_addr_test *test); -static int connect6_prog_load(const struct sock_addr_test *test); static int sendmsg4_rw_asm_prog_load(const struct sock_addr_test *test); static int sendmsg6_rw_asm_prog_load(const struct sock_addr_test *test); static struct sock_addr_test tests[] = { - /* bind */ - { - "bind4: attach prog with wrong attach type", - bind4_prog_load, - BPF_CGROUP_INET4_BIND, - BPF_CGROUP_INET6_BIND, - AF_INET, - SOCK_STREAM, - NULL, - 0, - NULL, - 0, - NULL, - ATTACH_REJECT, - }, - { - "bind6: attach prog with wrong attach type", - bind6_prog_load, - BPF_CGROUP_INET6_BIND, - BPF_CGROUP_INET4_BIND, - AF_INET, - SOCK_STREAM, - NULL, - 0, - NULL, - 0, - NULL, - ATTACH_REJECT, - }, - - /* connect */ - { - "connect4: attach prog with wrong attach type", - connect4_prog_load, - BPF_CGROUP_INET4_CONNECT, - BPF_CGROUP_INET6_CONNECT, - AF_INET, - SOCK_STREAM, - NULL, - 0, - NULL, - 0, - NULL, - ATTACH_REJECT, - }, - { - "connect6: attach prog with wrong attach type", - connect6_prog_load, - BPF_CGROUP_INET6_CONNECT, - BPF_CGROUP_INET4_CONNECT, - AF_INET, - SOCK_STREAM, - NULL, - 0, - NULL, - 0, - NULL, - ATTACH_REJECT, - }, - /* sendmsg */ - { - "sendmsg4: attach prog with wrong attach type", - sendmsg4_rw_asm_prog_load, - BPF_CGROUP_UDP4_SENDMSG, - BPF_CGROUP_UDP6_SENDMSG, - AF_INET, - SOCK_DGRAM, - NULL, - 0, - NULL, - 0, - NULL, - ATTACH_REJECT, - }, { "sendmsg4: rewrite IP & port (asm)", sendmsg4_rw_asm_prog_load, @@ -185,20 +107,6 @@ static struct sock_addr_test tests[] = { SRC4_REWRITE_IP, SUCCESS, }, - { - "sendmsg6: attach prog with wrong attach type", - sendmsg6_rw_asm_prog_load, - BPF_CGROUP_UDP6_SENDMSG, - BPF_CGROUP_UDP4_SENDMSG, - AF_INET6, - SOCK_DGRAM, - NULL, - 0, - NULL, - 0, - NULL, - ATTACH_REJECT, - }, { "sendmsg6: rewrite IP & port (asm)", sendmsg6_rw_asm_prog_load, @@ -234,60 +142,6 @@ static int load_insns(const struct sock_addr_test *test, return ret; } -static int load_path(const struct sock_addr_test *test, const char *path) -{ - struct bpf_object *obj; - struct bpf_program *prog; - int err; - - obj = bpf_object__open_file(path, NULL); - err = libbpf_get_error(obj); - if (err) { - log_err(">>> Opening BPF object (%s) error.\n", path); - return -1; - } - - prog = bpf_object__next_program(obj, NULL); - if (!prog) - goto err_out; - - bpf_program__set_type(prog, BPF_PROG_TYPE_CGROUP_SOCK_ADDR); - bpf_program__set_expected_attach_type(prog, test->expected_attach_type); - bpf_program__set_flags(prog, testing_prog_flags()); - - err = bpf_object__load(obj); - if (err) { - if (test->expected_result != LOAD_REJECT) - log_err(">>> Loading program (%s) error.\n", path); - goto err_out; - } - - return bpf_program__fd(prog); -err_out: - bpf_object__close(obj); - return -1; -} - -static int bind4_prog_load(const struct sock_addr_test *test) -{ - return load_path(test, BIND4_PROG_PATH); -} - -static int bind6_prog_load(const struct sock_addr_test *test) -{ - return load_path(test, BIND6_PROG_PATH); -} - -static int connect4_prog_load(const struct sock_addr_test *test) -{ - return load_path(test, CONNECT4_PROG_PATH); -} - -static int connect6_prog_load(const struct sock_addr_test *test) -{ - return load_path(test, CONNECT6_PROG_PATH); -} - static int sendmsg4_rw_asm_prog_load(const struct sock_addr_test *test) { struct sockaddr_in dst4_rw_addr; From patchwork Fri May 10 19:02:29 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jordan Rife X-Patchwork-Id: 13661859 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-io1-f73.google.com (mail-io1-f73.google.com [209.85.166.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EFBA91E525 for ; Fri, 10 May 2024 19:03:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.166.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715367790; cv=none; b=gpcxujQprORfkuGvV0oWZO7lQXaosKMUBsJGjxGE3fEUAO1PScZfI/d/UI920ihJpKZSy7h8xvrDHxUGTbOMa6/ZWnwV1fuf10/JTz13HynxWgSyivTS8U2SrhlLUwHmQFS842le0OIvWrpjjdaFZYT+oZPdrXwGhb6ktEnkkgM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715367790; c=relaxed/simple; bh=BUKmtnNs2wklMJIvxINe04xe6pmF+mh+kjGQW30j49k=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=A/E6rdzHQyEup5gC+V97pamnagt6/a/DNFTLZz71y1CGXr8so6vxiVLuOk4pefTWSZEmPmKcqfiSq1zbfr0vJbztrqWbtcOOLSvTILGAy1dK0szAVdViqc+z/WqjXNLG1YlAmO18+yA90Pfr/32/BhgWz1+2vKp+txrgs7if5jI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--jrife.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=ul7kZa15; arc=none smtp.client-ip=209.85.166.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--jrife.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="ul7kZa15" Received: by mail-io1-f73.google.com with SMTP id ca18e2360f4ac-7da41da873bso301891239f.3 for ; Fri, 10 May 2024 12:03:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1715367788; x=1715972588; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=vgof1JdDIiQsHO2U8t6nMcAU4LuwP+16QwPtEtzPHeM=; b=ul7kZa15LmCw4XcqyGIIZfkccnWZ9SpQ9COoCCA545A595pmKnqnTBk/FSnPIfS5H/ Be9o1hgZU54k53VyMRwMwazpv44/RmCaBhyQ+rdds0brn74wRbAdqY8v46x9e9ONUxdj D5vjynuePhPs5opz8qHLCLGi2mdRadVt/0We3rWl0Fv2ue88wVB1LgDFauHhN3EgWGUz z5hZxXIpPNDgqhSYaDNVzFy+cf8BdYP1oS7GYsshY0CVziZyci8klV8mIZnGGiEGWnw1 MWzxxJdAU4u93qgBltiCwZMkQxDPvZ1Gq8+sn942miayZWIXKXXSudFlhKuh/9j1UMHl Zt/Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715367788; x=1715972588; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=vgof1JdDIiQsHO2U8t6nMcAU4LuwP+16QwPtEtzPHeM=; b=GmsWiALl2x4sivnRuvFHXi24x/XWXxvXLFp2FtJhuPQUkyUH8DM0xbZ2dGunvkvSsR 2kWsGKlsEQZImGvmyOFk8Y9BalpV3qWETeqFTaDXVq8b8XkguPxHz7gqAYrysCOGV2vF 23qTVrEIj542DlEHHZ19SF/xxXe0mttV18we69CRHyAjxhBAUqZ2GJItZH2KEhdgtXb7 wzjCOnqQwtyhYVCpGjun27Isz6QWKM1tBy5DbqlaTYbTFESMyBjxXOCUhYMwvdkw47Z5 fXr3hkKA0BRlKYvHiK35jYaT5iOzRElZnX9qA7aoZuHeOJ8W4UBmVbRQgZn3Nq29VE5O UGPg== X-Gm-Message-State: AOJu0YwQUFrNZtRHtEnXuTwTc2FQzKsnx8KKfKZMtPNRkLvfYagwxJ8M QeyxIATdu9ytKSlBDiXnBKpJWK1hfOS0MKMZeBAVhKWAWgFykCSv3q2lQpkNUnjpdLQMVeN3/CZ 25xYH3hExjYgvJetYk++xAasI4GJY4Z7KQ6lVyOHRGFaQvuOaA7BzvgRvguhytzjlMW0G+T6k0N mlDlBh+esmTk0W5fiVFc2qNTg= X-Google-Smtp-Source: AGHT+IEu5Ha/9G6xoyaIJnCe7JbzsANU7IpamibLvfl0JQcsi0n2IXqcNHJI1T7nlje2/yBgL6EAPCRAUg== X-Received: from jrife.c.googlers.com ([fda3:e722:ac3:cc00:2b:ff92:c0a8:9f]) (user=jrife job=sendgmr) by 2002:a05:6638:210d:b0:488:e34a:5f72 with SMTP id 8926c6da1cb9f-4895857588dmr232481173.2.1715367788325; Fri, 10 May 2024 12:03:08 -0700 (PDT) Date: Fri, 10 May 2024 14:02:29 -0500 In-Reply-To: <20240510190246.3247730-1-jrife@google.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240510190246.3247730-1-jrife@google.com> X-Mailer: git-send-email 2.45.0.118.g7fe29c98d7-goog Message-ID: <20240510190246.3247730-13-jrife@google.com> Subject: [PATCH v1 bpf-next 12/17] selftests/bpf: Remove redundant sendmsg test cases From: Jordan Rife To: bpf@vger.kernel.org Cc: Jordan Rife , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Mykola Lysenko , Shuah Khan , Geliang Tang , Daan De Meyer , Shung-Hsi Yu , linux-kselftest@vger.kernel.org X-Patchwork-Delegate: bpf@iogearbox.net Remove these test cases completely, as the same behavior is already covered by other sendmsg* test cases in prog_tests/sock_addr.c. This just rewrites the destination address similar to sendmsg_v4_prog and sendmsg_v6_prog. Signed-off-by: Jordan Rife --- tools/testing/selftests/bpf/test_sock_addr.c | 161 ------------------- 1 file changed, 161 deletions(-) diff --git a/tools/testing/selftests/bpf/test_sock_addr.c b/tools/testing/selftests/bpf/test_sock_addr.c index 311eda4f48645..a2b587273331c 100644 --- a/tools/testing/selftests/bpf/test_sock_addr.c +++ b/tools/testing/selftests/bpf/test_sock_addr.c @@ -88,170 +88,9 @@ struct sock_addr_test { } expected_result; }; -static int sendmsg4_rw_asm_prog_load(const struct sock_addr_test *test); -static int sendmsg6_rw_asm_prog_load(const struct sock_addr_test *test); - static struct sock_addr_test tests[] = { - /* sendmsg */ - { - "sendmsg4: rewrite IP & port (asm)", - sendmsg4_rw_asm_prog_load, - BPF_CGROUP_UDP4_SENDMSG, - BPF_CGROUP_UDP4_SENDMSG, - AF_INET, - SOCK_DGRAM, - SERV4_IP, - SERV4_PORT, - SERV4_REWRITE_IP, - SERV4_REWRITE_PORT, - SRC4_REWRITE_IP, - SUCCESS, - }, - { - "sendmsg6: rewrite IP & port (asm)", - sendmsg6_rw_asm_prog_load, - BPF_CGROUP_UDP6_SENDMSG, - BPF_CGROUP_UDP6_SENDMSG, - AF_INET6, - SOCK_DGRAM, - SERV6_IP, - SERV6_PORT, - SERV6_REWRITE_IP, - SERV6_REWRITE_PORT, - SRC6_REWRITE_IP, - SUCCESS, - }, }; -static int load_insns(const struct sock_addr_test *test, - const struct bpf_insn *insns, size_t insns_cnt) -{ - LIBBPF_OPTS(bpf_prog_load_opts, opts); - int ret; - - opts.expected_attach_type = test->expected_attach_type; - opts.log_buf = bpf_log_buf; - opts.log_size = BPF_LOG_BUF_SIZE; - - ret = bpf_prog_load(BPF_PROG_TYPE_CGROUP_SOCK_ADDR, NULL, "GPL", insns, insns_cnt, &opts); - if (ret < 0 && test->expected_result != LOAD_REJECT) { - log_err(">>> Loading program error.\n" - ">>> Verifier output:\n%s\n-------\n", bpf_log_buf); - } - - return ret; -} - -static int sendmsg4_rw_asm_prog_load(const struct sock_addr_test *test) -{ - struct sockaddr_in dst4_rw_addr; - struct in_addr src4_rw_ip; - - if (inet_pton(AF_INET, SRC4_REWRITE_IP, (void *)&src4_rw_ip) != 1) { - log_err("Invalid IPv4: %s", SRC4_REWRITE_IP); - return -1; - } - - if (make_sockaddr(AF_INET, SERV4_REWRITE_IP, SERV4_REWRITE_PORT, - (struct sockaddr_storage *)&dst4_rw_addr, - NULL) == -1) - return -1; - - struct bpf_insn insns[] = { - BPF_MOV64_REG(BPF_REG_6, BPF_REG_1), - - /* if (sk.family == AF_INET && */ - BPF_LDX_MEM(BPF_W, BPF_REG_7, BPF_REG_6, - offsetof(struct bpf_sock_addr, family)), - BPF_JMP_IMM(BPF_JNE, BPF_REG_7, AF_INET, 8), - - /* sk.type == SOCK_DGRAM) { */ - BPF_LDX_MEM(BPF_W, BPF_REG_7, BPF_REG_6, - offsetof(struct bpf_sock_addr, type)), - BPF_JMP_IMM(BPF_JNE, BPF_REG_7, SOCK_DGRAM, 6), - - /* msg_src_ip4 = src4_rw_ip */ - BPF_MOV32_IMM(BPF_REG_7, src4_rw_ip.s_addr), - BPF_STX_MEM(BPF_W, BPF_REG_6, BPF_REG_7, - offsetof(struct bpf_sock_addr, msg_src_ip4)), - - /* user_ip4 = dst4_rw_addr.sin_addr */ - BPF_MOV32_IMM(BPF_REG_7, dst4_rw_addr.sin_addr.s_addr), - BPF_STX_MEM(BPF_W, BPF_REG_6, BPF_REG_7, - offsetof(struct bpf_sock_addr, user_ip4)), - - /* user_port = dst4_rw_addr.sin_port */ - BPF_MOV32_IMM(BPF_REG_7, dst4_rw_addr.sin_port), - BPF_STX_MEM(BPF_W, BPF_REG_6, BPF_REG_7, - offsetof(struct bpf_sock_addr, user_port)), - /* } */ - - /* return 1 */ - BPF_MOV64_IMM(BPF_REG_0, 1), - BPF_EXIT_INSN(), - }; - - return load_insns(test, insns, ARRAY_SIZE(insns)); -} - -static int sendmsg6_rw_dst_asm_prog_load(const struct sock_addr_test *test, - const char *rw_dst_ip) -{ - struct sockaddr_in6 dst6_rw_addr; - struct in6_addr src6_rw_ip; - - if (inet_pton(AF_INET6, SRC6_REWRITE_IP, (void *)&src6_rw_ip) != 1) { - log_err("Invalid IPv6: %s", SRC6_REWRITE_IP); - return -1; - } - - if (make_sockaddr(AF_INET6, rw_dst_ip, SERV6_REWRITE_PORT, - (struct sockaddr_storage *)&dst6_rw_addr, - NULL) == -1) - return -1; - - struct bpf_insn insns[] = { - BPF_MOV64_REG(BPF_REG_6, BPF_REG_1), - - /* if (sk.family == AF_INET6) { */ - BPF_LDX_MEM(BPF_W, BPF_REG_7, BPF_REG_6, - offsetof(struct bpf_sock_addr, family)), - BPF_JMP_IMM(BPF_JNE, BPF_REG_7, AF_INET6, 18), - -#define STORE_IPV6_WORD_N(DST, SRC, N) \ - BPF_MOV32_IMM(BPF_REG_7, SRC[N]), \ - BPF_STX_MEM(BPF_W, BPF_REG_6, BPF_REG_7, \ - offsetof(struct bpf_sock_addr, DST[N])) - -#define STORE_IPV6(DST, SRC) \ - STORE_IPV6_WORD_N(DST, SRC, 0), \ - STORE_IPV6_WORD_N(DST, SRC, 1), \ - STORE_IPV6_WORD_N(DST, SRC, 2), \ - STORE_IPV6_WORD_N(DST, SRC, 3) - - STORE_IPV6(msg_src_ip6, src6_rw_ip.s6_addr32), - STORE_IPV6(user_ip6, dst6_rw_addr.sin6_addr.s6_addr32), - - /* user_port = dst6_rw_addr.sin6_port */ - BPF_MOV32_IMM(BPF_REG_7, dst6_rw_addr.sin6_port), - BPF_STX_MEM(BPF_W, BPF_REG_6, BPF_REG_7, - offsetof(struct bpf_sock_addr, user_port)), - - /* } */ - - /* return 1 */ - BPF_MOV64_IMM(BPF_REG_0, 1), - BPF_EXIT_INSN(), - }; - - return load_insns(test, insns, ARRAY_SIZE(insns)); -} - -static int sendmsg6_rw_asm_prog_load(const struct sock_addr_test *test) -{ - return sendmsg6_rw_dst_asm_prog_load(test, SERV6_REWRITE_IP); -} - static int cmp_addr(const struct sockaddr_storage *addr1, const struct sockaddr_storage *addr2, int cmp_port) { From patchwork Fri May 10 19:02:30 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jordan Rife X-Patchwork-Id: 13661860 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-io1-f74.google.com (mail-io1-f74.google.com [209.85.166.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D3A3945023 for ; Fri, 10 May 2024 19:03:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.166.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715367794; cv=none; b=TBWnxO8/9imZ06FWypJnpd4ubt/87TeD9uoIOJVISdla+zk3UCKZaJ8ZKWnY/ycvwBuscR6K0BzeLx18uW+IaYXc/ZEJd/U5HeL59+rsY4Fa7fFaI/sS7PwkDie+zAWvH45NwhoaKb7rgSKhqG7f2P3qw9B47RErSOoJ6b15kwg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715367794; c=relaxed/simple; bh=tpcuX1lsX+7m7+4UGzGs//nK3dpdTMA83w+9IE/GC2I=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=YRzMW0y6nltW7n8B6E1Kq3reWL0xUIwEMbZwtV4MsEdEblmw9WF065xOpdrRMkaEPcnsV731EKOR4nHJZARUgpQrBapFwqy+IlOVh5yx60rQ5CfQCrBmJcorlkJiia2uM++NZN8idgC1RWdDsF0TTuOIa/FFGmuiMuAu/ND54qw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--jrife.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=X1pP/TPx; arc=none smtp.client-ip=209.85.166.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--jrife.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="X1pP/TPx" Received: by mail-io1-f74.google.com with SMTP id ca18e2360f4ac-7e17a8bed9eso193646839f.0 for ; Fri, 10 May 2024 12:03:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1715367790; x=1715972590; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=QUKODdBPNP/+fMBcCuGO4XbHWmxiUDNXspGEKF7iwTE=; b=X1pP/TPxYOAzf7bI1eApCNoRtUfa8xc3nuUvbAktyzdiBDsGlvP/Eoty/vpLZgI9Qe CtRzjirAcOcfKsnYVsP8Uahu/qLgvYhpKwyv2fGL6IOk0+MnMVdjpk1a3chS4PfU+kUl Bu9kR+DQMFu3PyXI/QPL33l/7V6tDghpXUBtY1StPETPKpA9RoEU/yZFnshZYiL4Ogac rACH2pYqtMvPKS8PBki7bEHuX7RsV2pQV6QwxglqQQrQ6AX+AT5ulzTi2PK/V0ay0hB4 kAXbZP6Htil+uGGjgYnn40+E9XnHTtvGG/HkPV9FQglywcCEvBG7T4MqSuojWOt6I95t TmrA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715367790; x=1715972590; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=QUKODdBPNP/+fMBcCuGO4XbHWmxiUDNXspGEKF7iwTE=; b=kjGW/MANd4ZGGANXyueN0f9edOvEyIi3MPpbpGotJsf+KcE4X2zJDmiEuFTdiCbQUE exLT/hB0SUfHKnYC71ElLcFt4Nem3TjYiL2t4PBIm44k5QIQiPoB0yBXdMvFD8/XLU6j QCVRdp8UvF8gCpUH4u1wnF9fQ6+ITm7deEXSfb6R/wB9EHG1/m30sG3wa9SCBTuQx6lW 78NuB3YkR/bcAYTs8dm2OdSN43jbRL80Fu/Ho6UWZHkgAHWzYiXw9AbXgeXRKIVxYkiD 0NToSUIxm2ckBMwP1nH0s+anFdB7TfTOsk+NctRqkUsz36qw5aJeyiG0pidTvOdz0g7S a/7g== X-Gm-Message-State: AOJu0YybaWAgqqCunVC8h8LqWD0jTVSLZPE8bpui7Un4CHgYB6fs1xDZ Htfsvc3sYOUMfTtFpbFpRRa3Ijs3cxZpMVCj3UciiO0tXZgy6j+2O/Tp/G/VKu4+M4tZt9RvQcK tNSAPnQG934jSHJOCimY3j9V2MzxbAnxWJ7vu6hWDC+SG2r0YNlKQ1ottCywCYh18EvmYB0iCtV lmP09QCR7zepXjP4saWcMfT+Q= X-Google-Smtp-Source: AGHT+IHa924EBVpwCqsttRMEFgomQJ7Wb+/4cpTH1sPijl8MmbDZCVkPHAu3g2hnteBDeKp5gITKamFzeQ== X-Received: from jrife.c.googlers.com ([fda3:e722:ac3:cc00:2b:ff92:c0a8:9f]) (user=jrife job=sendgmr) by 2002:a05:6602:608c:b0:7de:3f44:a6fe with SMTP id ca18e2360f4ac-7e1b519cfb4mr10981839f.1.1715367790048; Fri, 10 May 2024 12:03:10 -0700 (PDT) Date: Fri, 10 May 2024 14:02:30 -0500 In-Reply-To: <20240510190246.3247730-1-jrife@google.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240510190246.3247730-1-jrife@google.com> X-Mailer: git-send-email 2.45.0.118.g7fe29c98d7-goog Message-ID: <20240510190246.3247730-14-jrife@google.com> Subject: [PATCH v1 bpf-next 13/17] selftests/bpf: Retire test_sock_addr.(c|sh) From: Jordan Rife To: bpf@vger.kernel.org Cc: Jordan Rife , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Mykola Lysenko , Shuah Khan , Geliang Tang , Daan De Meyer , Shung-Hsi Yu , linux-kselftest@vger.kernel.org X-Patchwork-Delegate: bpf@iogearbox.net Fully remove test_sock_addr.c and test_sock_addr.sh, as test coverage has been fully moved to prog_tests/sock_addr.c. Signed-off-by: Jordan Rife --- tools/testing/selftests/bpf/.gitignore | 1 - tools/testing/selftests/bpf/Makefile | 4 +- tools/testing/selftests/bpf/test_sock_addr.c | 574 ------------------ tools/testing/selftests/bpf/test_sock_addr.sh | 58 -- 4 files changed, 1 insertion(+), 636 deletions(-) delete mode 100644 tools/testing/selftests/bpf/test_sock_addr.c delete mode 100755 tools/testing/selftests/bpf/test_sock_addr.sh diff --git a/tools/testing/selftests/bpf/.gitignore b/tools/testing/selftests/bpf/.gitignore index f1aebabfb0176..5025401323afb 100644 --- a/tools/testing/selftests/bpf/.gitignore +++ b/tools/testing/selftests/bpf/.gitignore @@ -17,7 +17,6 @@ test_dev_cgroup test_verifier_log feature test_sock -test_sock_addr urandom_read test_sockmap test_lirc_mode2_user diff --git a/tools/testing/selftests/bpf/Makefile b/tools/testing/selftests/bpf/Makefile index 135023a357b3b..ed381b0197fe4 100644 --- a/tools/testing/selftests/bpf/Makefile +++ b/tools/testing/selftests/bpf/Makefile @@ -115,7 +115,6 @@ TEST_PROGS := test_kmod.sh \ test_xdp_redirect_multi.sh \ test_xdp_meta.sh \ test_xdp_veth.sh \ - test_sock_addr.sh \ test_tunnel.sh \ test_lwt_seg6local.sh \ test_lirc_mode2.sh \ @@ -140,7 +139,7 @@ TEST_PROGS_EXTENDED := with_addr.sh \ test_xdp_vlan.sh test_bpftool.py # Compile but not part of 'make run_tests' -TEST_GEN_PROGS_EXTENDED = test_sock_addr test_skb_cgroup_id_user \ +TEST_GEN_PROGS_EXTENDED = test_skb_cgroup_id_user \ flow_dissector_load test_flow_dissector test_tcp_check_syncookie_user \ test_lirc_mode2_user xdping test_cpp runqslower bench bpf_testmod.ko \ xskxceiver xdp_redirect_multi xdp_synproxy veristat xdp_hw_metadata \ @@ -296,7 +295,6 @@ NETWORK_HELPERS := $(OUTPUT)/network_helpers.o $(OUTPUT)/test_dev_cgroup: $(CGROUP_HELPERS) $(TESTING_HELPERS) $(OUTPUT)/test_skb_cgroup_id_user: $(CGROUP_HELPERS) $(TESTING_HELPERS) $(OUTPUT)/test_sock: $(CGROUP_HELPERS) $(TESTING_HELPERS) -$(OUTPUT)/test_sock_addr: $(CGROUP_HELPERS) $(TESTING_HELPERS) $(NETWORK_HELPERS) $(OUTPUT)/test_sockmap: $(CGROUP_HELPERS) $(TESTING_HELPERS) $(OUTPUT)/test_tcpnotify_user: $(CGROUP_HELPERS) $(TESTING_HELPERS) $(TRACE_HELPERS) $(OUTPUT)/get_cgroup_id_user: $(CGROUP_HELPERS) $(TESTING_HELPERS) diff --git a/tools/testing/selftests/bpf/test_sock_addr.c b/tools/testing/selftests/bpf/test_sock_addr.c deleted file mode 100644 index a2b587273331c..0000000000000 --- a/tools/testing/selftests/bpf/test_sock_addr.c +++ /dev/null @@ -1,574 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0 -// Copyright (c) 2018 Facebook - -#define _GNU_SOURCE - -#include -#include -#include - -#include -#include -#include -#include -#include - -#include - -#include -#include - -#include "cgroup_helpers.h" -#include "network_helpers.h" -#include "testing_helpers.h" -#include "bpf_util.h" - -#ifndef ENOTSUPP -# define ENOTSUPP 524 -#endif - -#define CG_PATH "/foo" -#define CONNECT4_PROG_PATH "./connect4_prog.bpf.o" -#define CONNECT6_PROG_PATH "./connect6_prog.bpf.o" -#define SENDMSG4_PROG_PATH "./sendmsg4_prog.bpf.o" -#define SENDMSG6_PROG_PATH "./sendmsg6_prog.bpf.o" -#define RECVMSG4_PROG_PATH "./recvmsg4_prog.bpf.o" -#define RECVMSG6_PROG_PATH "./recvmsg6_prog.bpf.o" -#define BIND4_PROG_PATH "./bind4_prog.bpf.o" -#define BIND6_PROG_PATH "./bind6_prog.bpf.o" - -#define SERV4_IP "192.168.1.254" -#define SERV4_REWRITE_IP "127.0.0.1" -#define SRC4_IP "172.16.0.1" -#define SRC4_REWRITE_IP "127.0.0.4" -#define SERV4_PORT 4040 -#define SERV4_REWRITE_PORT 4444 - -#define SERV6_IP "face:b00c:1234:5678::abcd" -#define SERV6_REWRITE_IP "::1" -#define SERV6_V4MAPPED_IP "::ffff:192.168.0.4" -#define SRC6_IP "::1" -#define SRC6_REWRITE_IP "::6" -#define WILDCARD6_IP "::" -#define SERV6_PORT 6060 -#define SERV6_REWRITE_PORT 6666 - -#define INET_NTOP_BUF 40 - -struct sock_addr_test; - -typedef int (*load_fn)(const struct sock_addr_test *test); -typedef int (*info_fn)(int, struct sockaddr *, socklen_t *); - -char bpf_log_buf[BPF_LOG_BUF_SIZE]; - -struct sock_addr_test { - const char *descr; - /* BPF prog properties */ - load_fn loadfn; - enum bpf_attach_type expected_attach_type; - enum bpf_attach_type attach_type; - /* Socket properties */ - int domain; - int type; - /* IP:port pairs for BPF prog to override */ - const char *requested_ip; - unsigned short requested_port; - const char *expected_ip; - unsigned short expected_port; - const char *expected_src_ip; - /* Expected test result */ - enum { - LOAD_REJECT, - ATTACH_REJECT, - ATTACH_OKAY, - SYSCALL_EPERM, - SYSCALL_ENOTSUPP, - SUCCESS, - } expected_result; -}; - -static struct sock_addr_test tests[] = { -}; - -static int cmp_addr(const struct sockaddr_storage *addr1, - const struct sockaddr_storage *addr2, int cmp_port) -{ - const struct sockaddr_in *four1, *four2; - const struct sockaddr_in6 *six1, *six2; - - if (addr1->ss_family != addr2->ss_family) - return -1; - - if (addr1->ss_family == AF_INET) { - four1 = (const struct sockaddr_in *)addr1; - four2 = (const struct sockaddr_in *)addr2; - return !((four1->sin_port == four2->sin_port || !cmp_port) && - four1->sin_addr.s_addr == four2->sin_addr.s_addr); - } else if (addr1->ss_family == AF_INET6) { - six1 = (const struct sockaddr_in6 *)addr1; - six2 = (const struct sockaddr_in6 *)addr2; - return !((six1->sin6_port == six2->sin6_port || !cmp_port) && - !memcmp(&six1->sin6_addr, &six2->sin6_addr, - sizeof(struct in6_addr))); - } - - return -1; -} - -static int cmp_sock_addr(info_fn fn, int sock1, - const struct sockaddr_storage *addr2, int cmp_port) -{ - struct sockaddr_storage addr1; - socklen_t len1 = sizeof(addr1); - - memset(&addr1, 0, len1); - if (fn(sock1, (struct sockaddr *)&addr1, (socklen_t *)&len1) != 0) - return -1; - - return cmp_addr(&addr1, addr2, cmp_port); -} - -static int cmp_local_ip(int sock1, const struct sockaddr_storage *addr2) -{ - return cmp_sock_addr(getsockname, sock1, addr2, /*cmp_port*/ 0); -} - -static int cmp_local_addr(int sock1, const struct sockaddr_storage *addr2) -{ - return cmp_sock_addr(getsockname, sock1, addr2, /*cmp_port*/ 1); -} - -static int cmp_peer_addr(int sock1, const struct sockaddr_storage *addr2) -{ - return cmp_sock_addr(getpeername, sock1, addr2, /*cmp_port*/ 1); -} - -int init_pktinfo(int domain, struct cmsghdr *cmsg) -{ - struct in6_pktinfo *pktinfo6; - struct in_pktinfo *pktinfo4; - - if (domain == AF_INET) { - cmsg->cmsg_level = SOL_IP; - cmsg->cmsg_type = IP_PKTINFO; - cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo)); - pktinfo4 = (struct in_pktinfo *)CMSG_DATA(cmsg); - memset(pktinfo4, 0, sizeof(struct in_pktinfo)); - if (inet_pton(domain, SRC4_IP, - (void *)&pktinfo4->ipi_spec_dst) != 1) - return -1; - } else if (domain == AF_INET6) { - cmsg->cmsg_level = SOL_IPV6; - cmsg->cmsg_type = IPV6_PKTINFO; - cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo)); - pktinfo6 = (struct in6_pktinfo *)CMSG_DATA(cmsg); - memset(pktinfo6, 0, sizeof(struct in6_pktinfo)); - if (inet_pton(domain, SRC6_IP, - (void *)&pktinfo6->ipi6_addr) != 1) - return -1; - } else { - return -1; - } - - return 0; -} - -static int sendmsg_to_server(int type, const struct sockaddr_storage *addr, - socklen_t addr_len, int set_cmsg, int flags, - int *syscall_err) -{ - union { - char buf[CMSG_SPACE(sizeof(struct in6_pktinfo))]; - struct cmsghdr align; - } control6; - union { - char buf[CMSG_SPACE(sizeof(struct in_pktinfo))]; - struct cmsghdr align; - } control4; - struct msghdr hdr; - struct iovec iov; - char data = 'a'; - int domain; - int fd = -1; - - domain = addr->ss_family; - - if (domain != AF_INET && domain != AF_INET6) { - log_err("Unsupported address family"); - goto err; - } - - fd = socket(domain, type, 0); - if (fd == -1) { - log_err("Failed to create client socket"); - goto err; - } - - memset(&iov, 0, sizeof(iov)); - iov.iov_base = &data; - iov.iov_len = sizeof(data); - - memset(&hdr, 0, sizeof(hdr)); - hdr.msg_name = (void *)addr; - hdr.msg_namelen = addr_len; - hdr.msg_iov = &iov; - hdr.msg_iovlen = 1; - - if (set_cmsg) { - if (domain == AF_INET) { - hdr.msg_control = &control4; - hdr.msg_controllen = sizeof(control4.buf); - } else if (domain == AF_INET6) { - hdr.msg_control = &control6; - hdr.msg_controllen = sizeof(control6.buf); - } - if (init_pktinfo(domain, CMSG_FIRSTHDR(&hdr))) { - log_err("Fail to init pktinfo"); - goto err; - } - } - - if (sendmsg(fd, &hdr, flags) != sizeof(data)) { - log_err("Fail to send message to server"); - *syscall_err = errno; - goto err; - } - - goto out; -err: - close(fd); - fd = -1; -out: - return fd; -} - -static int fastconnect_to_server(const struct sockaddr_storage *addr, - socklen_t addr_len) -{ - int sendmsg_err; - - return sendmsg_to_server(SOCK_STREAM, addr, addr_len, /*set_cmsg*/0, - MSG_FASTOPEN, &sendmsg_err); -} - -static int recvmsg_from_client(int sockfd, struct sockaddr_storage *src_addr) -{ - struct timeval tv; - struct msghdr hdr; - struct iovec iov; - char data[64]; - fd_set rfds; - - FD_ZERO(&rfds); - FD_SET(sockfd, &rfds); - - tv.tv_sec = 2; - tv.tv_usec = 0; - - if (select(sockfd + 1, &rfds, NULL, NULL, &tv) <= 0 || - !FD_ISSET(sockfd, &rfds)) - return -1; - - memset(&iov, 0, sizeof(iov)); - iov.iov_base = data; - iov.iov_len = sizeof(data); - - memset(&hdr, 0, sizeof(hdr)); - hdr.msg_name = src_addr; - hdr.msg_namelen = sizeof(struct sockaddr_storage); - hdr.msg_iov = &iov; - hdr.msg_iovlen = 1; - - return recvmsg(sockfd, &hdr, 0); -} - -static int init_addrs(const struct sock_addr_test *test, - struct sockaddr_storage *requested_addr, - struct sockaddr_storage *expected_addr, - struct sockaddr_storage *expected_src_addr) -{ - if (make_sockaddr(test->domain, test->expected_ip, test->expected_port, - expected_addr, NULL) == -1) - goto err; - - if (make_sockaddr(test->domain, test->requested_ip, test->requested_port, - requested_addr, NULL) == -1) - goto err; - - if (test->expected_src_ip && - make_sockaddr(test->domain, test->expected_src_ip, 0, - expected_src_addr, NULL) == -1) - goto err; - - return 0; -err: - return -1; -} - -static int run_bind_test_case(const struct sock_addr_test *test) -{ - socklen_t addr_len = sizeof(struct sockaddr_storage); - struct sockaddr_storage requested_addr; - struct sockaddr_storage expected_addr; - int clientfd = -1; - int servfd = -1; - int err = 0; - - if (init_addrs(test, &requested_addr, &expected_addr, NULL)) - goto err; - - servfd = start_server_addr(test->type, &requested_addr, addr_len, NULL); - if (servfd == -1) - goto err; - - if (cmp_local_addr(servfd, &expected_addr)) - goto err; - - /* Try to connect to server just in case */ - clientfd = connect_to_addr(test->type, &expected_addr, addr_len, NULL); - if (clientfd == -1) - goto err; - - goto out; -err: - err = -1; -out: - close(clientfd); - close(servfd); - return err; -} - -static int run_connect_test_case(const struct sock_addr_test *test) -{ - socklen_t addr_len = sizeof(struct sockaddr_storage); - struct sockaddr_storage expected_src_addr; - struct sockaddr_storage requested_addr; - struct sockaddr_storage expected_addr; - int clientfd = -1; - int servfd = -1; - int err = 0; - - if (init_addrs(test, &requested_addr, &expected_addr, - &expected_src_addr)) - goto err; - - /* Prepare server to connect to */ - servfd = start_server_addr(test->type, &expected_addr, addr_len, NULL); - if (servfd == -1) - goto err; - - clientfd = connect_to_addr(test->type, &requested_addr, addr_len, NULL); - if (clientfd == -1) - goto err; - - /* Make sure src and dst addrs were overridden properly */ - if (cmp_peer_addr(clientfd, &expected_addr)) - goto err; - - if (cmp_local_ip(clientfd, &expected_src_addr)) - goto err; - - if (test->type == SOCK_STREAM) { - /* Test TCP Fast Open scenario */ - clientfd = fastconnect_to_server(&requested_addr, addr_len); - if (clientfd == -1) - goto err; - - /* Make sure src and dst addrs were overridden properly */ - if (cmp_peer_addr(clientfd, &expected_addr)) - goto err; - - if (cmp_local_ip(clientfd, &expected_src_addr)) - goto err; - } - - goto out; -err: - err = -1; -out: - close(clientfd); - close(servfd); - return err; -} - -static int run_xmsg_test_case(const struct sock_addr_test *test, int max_cmsg) -{ - socklen_t addr_len = sizeof(struct sockaddr_storage); - struct sockaddr_storage expected_addr; - struct sockaddr_storage server_addr; - struct sockaddr_storage sendmsg_addr; - struct sockaddr_storage recvmsg_addr; - int clientfd = -1; - int servfd = -1; - int set_cmsg; - int err = 0; - - if (test->type != SOCK_DGRAM) - goto err; - - if (init_addrs(test, &sendmsg_addr, &server_addr, &expected_addr)) - goto err; - - /* Prepare server to sendmsg to */ - servfd = start_server_addr(test->type, &server_addr, addr_len, NULL); - if (servfd == -1) - goto err; - - for (set_cmsg = 0; set_cmsg <= max_cmsg; ++set_cmsg) { - if (clientfd >= 0) - close(clientfd); - - clientfd = sendmsg_to_server(test->type, &sendmsg_addr, - addr_len, set_cmsg, /*flags*/0, - &err); - if (err) - goto out; - else if (clientfd == -1) - goto err; - - /* Try to receive message on server instead of using - * getpeername(2) on client socket, to check that client's - * destination address was rewritten properly, since - * getpeername(2) doesn't work with unconnected datagram - * sockets. - * - * Get source address from recvmsg(2) as well to make sure - * source was rewritten properly: getsockname(2) can't be used - * since socket is unconnected and source defined for one - * specific packet may differ from the one used by default and - * returned by getsockname(2). - */ - if (recvmsg_from_client(servfd, &recvmsg_addr) == -1) - goto err; - - if (cmp_addr(&recvmsg_addr, &expected_addr, /*cmp_port*/0)) - goto err; - } - - goto out; -err: - err = -1; -out: - close(clientfd); - close(servfd); - return err; -} - -static int run_test_case(int cgfd, const struct sock_addr_test *test) -{ - int progfd = -1; - int err = 0; - - printf("Test case: %s .. ", test->descr); - - progfd = test->loadfn(test); - if (test->expected_result == LOAD_REJECT && progfd < 0) - goto out; - else if (test->expected_result == LOAD_REJECT || progfd < 0) - goto err; - - err = bpf_prog_attach(progfd, cgfd, test->attach_type, - BPF_F_ALLOW_OVERRIDE); - if (test->expected_result == ATTACH_REJECT && err) { - err = 0; /* error was expected, reset it */ - goto out; - } else if (test->expected_result == ATTACH_REJECT || err) { - goto err; - } else if (test->expected_result == ATTACH_OKAY) { - err = 0; - goto out; - } - - switch (test->attach_type) { - case BPF_CGROUP_INET4_BIND: - case BPF_CGROUP_INET6_BIND: - err = run_bind_test_case(test); - break; - case BPF_CGROUP_INET4_CONNECT: - case BPF_CGROUP_INET6_CONNECT: - err = run_connect_test_case(test); - break; - case BPF_CGROUP_UDP4_SENDMSG: - case BPF_CGROUP_UDP6_SENDMSG: - err = run_xmsg_test_case(test, 1); - break; - case BPF_CGROUP_UDP4_RECVMSG: - case BPF_CGROUP_UDP6_RECVMSG: - err = run_xmsg_test_case(test, 0); - break; - default: - goto err; - } - - if (test->expected_result == SYSCALL_EPERM && err == EPERM) { - err = 0; /* error was expected, reset it */ - goto out; - } - - if (test->expected_result == SYSCALL_ENOTSUPP && err == ENOTSUPP) { - err = 0; /* error was expected, reset it */ - goto out; - } - - if (err || test->expected_result != SUCCESS) - goto err; - - goto out; -err: - err = -1; -out: - /* Detaching w/o checking return code: best effort attempt. */ - if (progfd != -1) - bpf_prog_detach(cgfd, test->attach_type); - close(progfd); - printf("[%s]\n", err ? "FAIL" : "PASS"); - return err; -} - -static int run_tests(int cgfd) -{ - int passes = 0; - int fails = 0; - int i; - - for (i = 0; i < ARRAY_SIZE(tests); ++i) { - if (run_test_case(cgfd, &tests[i])) - ++fails; - else - ++passes; - } - printf("Summary: %d PASSED, %d FAILED\n", passes, fails); - return fails ? -1 : 0; -} - -int main(int argc, char **argv) -{ - int cgfd = -1; - int err = 0; - - if (argc < 2) { - fprintf(stderr, - "%s has to be run via %s.sh. Skip direct run.\n", - argv[0], argv[0]); - exit(err); - } - - cgfd = cgroup_setup_and_join(CG_PATH); - if (cgfd < 0) - goto err; - - /* Use libbpf 1.0 API mode */ - libbpf_set_strict_mode(LIBBPF_STRICT_ALL); - - if (run_tests(cgfd)) - goto err; - - goto out; -err: - err = -1; -out: - close(cgfd); - cleanup_cgroup_environment(); - return err; -} diff --git a/tools/testing/selftests/bpf/test_sock_addr.sh b/tools/testing/selftests/bpf/test_sock_addr.sh deleted file mode 100755 index 3b9fdb8094aa2..0000000000000 --- a/tools/testing/selftests/bpf/test_sock_addr.sh +++ /dev/null @@ -1,58 +0,0 @@ -#!/bin/sh - -set -eu - -ping_once() -{ - type ping${1} >/dev/null 2>&1 && PING="ping${1}" || PING="ping -${1}" - $PING -q -c 1 -W 1 ${2%%/*} >/dev/null 2>&1 -} - -wait_for_ip() -{ - local _i - echo -n "Wait for testing IPv4/IPv6 to become available " - for _i in $(seq ${MAX_PING_TRIES}); do - echo -n "." - if ping_once 4 ${TEST_IPv4} && ping_once 6 ${TEST_IPv6}; then - echo " OK" - return - fi - done - echo 1>&2 "ERROR: Timeout waiting for test IP to become available." - exit 1 -} - -setup() -{ - # Create testing interfaces not to interfere with current environment. - ip link add dev ${TEST_IF} type veth peer name ${TEST_IF_PEER} - ip link set ${TEST_IF} up - ip link set ${TEST_IF_PEER} up - - ip -4 addr add ${TEST_IPv4} dev ${TEST_IF} - ip -6 addr add ${TEST_IPv6} dev ${TEST_IF} - wait_for_ip -} - -cleanup() -{ - ip link del ${TEST_IF} 2>/dev/null || : - ip link del ${TEST_IF_PEER} 2>/dev/null || : -} - -main() -{ - trap cleanup EXIT 2 3 6 15 - setup - ./test_sock_addr setup_done -} - -BASENAME=$(basename $0 .sh) -TEST_IF="${BASENAME}1" -TEST_IF_PEER="${BASENAME}2" -TEST_IPv4="127.0.0.4/8" -TEST_IPv6="::6/128" -MAX_PING_TRIES=5 - -main From patchwork Fri May 10 19:02:31 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jordan Rife X-Patchwork-Id: 13661861 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-yb1-f202.google.com (mail-yb1-f202.google.com [209.85.219.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B7FCC446A1 for ; Fri, 10 May 2024 19:03:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715367794; cv=none; b=BJU3C47mBwIuw3T2aoSv+raGjPxeVNoVRo6qz+4LsVb4UyA0kNy97kA+gy1KPmgUTmgNWUEGCz354YhKbupkjU7nUofdNBAz2KcXtHozgfO0kFJ7BY0s6/adqr7/YHy3EuOay04TJ5hWJZLHlZrF3ld0RfW2VyaEo3tJU/5EJBg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715367794; c=relaxed/simple; bh=tl7uYqB6OKFZzukEsSW1YKfc/oU1gj82SWaMnEhbGe8=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=bHFQYdOIpaRF0jkCW/IeLkPq99bpKhpYl1Ghpi4xr2uB2Uc0oUyIAgcG/KIFSHfK+tZwcoOuMu9utxsD2MmjoBeiFOQjVN3w/OLDtpIuVVIc5RUsOz+fexDdEcm9ItPEFaVAI/PpLZEJc2O1l5iAl9JkaJlVutkOPl5zE4G2Vk4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--jrife.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=fQ1X7Dpr; arc=none smtp.client-ip=209.85.219.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--jrife.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="fQ1X7Dpr" Received: by mail-yb1-f202.google.com with SMTP id 3f1490d57ef6-de60cd96bf3so5060855276.0 for ; Fri, 10 May 2024 12:03:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1715367792; x=1715972592; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=muJVZn0eqnPzZVokEnAWChvrCgWqrca9sExKTVTOn34=; b=fQ1X7Dprg+goCox+FDeL4HiNjXfThic1TISgnD86QZnfKIgdHGa4QgNG2RewyTehUj oFO8hLIqAADGy01BiPD+4Nj5kscW/ClgtZIo7hhWElR94abB8CuAIGdlPnXz0b64Mxua McVRYACz2gCdDZV13e485HiNgf2CGRXV2Ku5ogLqQ8uPahHlmBawtU5SeANFvt7F5H7q atrKpe9j+sFqIq/idIHOeFQcgY99kxxzQxZ52meDgh8lpgVGB1qaZW0BgL04k0Cgkn1O 4tVeh9wWtworVWbrNKCpPVFe/fdA0SGwGNcr1ZxI0R+stcapfbzOXu0Ee36vaaUFNA4E CoIQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715367792; x=1715972592; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=muJVZn0eqnPzZVokEnAWChvrCgWqrca9sExKTVTOn34=; b=L7paveBCIxK7xMCSTFNVWUoK+z0UbTTT6JLbQdd0/95CndeumlBqa3aV9xj78KFiZ3 zXxxfN/0kJdpHGH1coXlBRd8K6fZyDRVISNN9EmecNaeDJjDKhp7dbxw57O7Y60FtU6u R3eLigkzouVT7nhU/zr1c7ugDR8+s0RnFDzuCFHV0OoO3mxuf9X7vnFOvzetmQTnXKNo Y4rHvbCnURWh74JQ1M0iFf0j2mpUvuKIqr8P/TZYhU8do+aJD1SurLvO8CcqybScMHMx Uto0lRBEWFS0aAyhC80tKlPjdYnAiJHyfYVBlt+3SyJV7ZejdAx5GikCpCzi49B4HvjG JHFg== X-Gm-Message-State: AOJu0YyjMI3mWrucwO9UhRn7mc+JwzPWxem7LNoRhM8GctqVivgNtq4w eZJRkFL/stpmmO517RlpJOpvqksl7mswCrp9WfgLp/4vWjyFzWILuACOFKv5y0BvgS3lEJf+Gja cHcTkEZTEfJwdDw5EX4oOVRjqGNcZHydPq+SVXE8UfZOqU6CTcBeD6RmshqWiHgCIA89w1iZo4Z 5Nbhit+Q63KXOLF7FbtRHkG20= X-Google-Smtp-Source: AGHT+IEtzdk5stWm8/oEmcYfSAoQtnbegZorgWM0U+9BcIk8LlAcKaluoAnFYHzMngso7apm6TwbSQLGKA== X-Received: from jrife.c.googlers.com ([fda3:e722:ac3:cc00:2b:ff92:c0a8:9f]) (user=jrife job=sendgmr) by 2002:a05:6902:1004:b0:dbe:d0a9:2be3 with SMTP id 3f1490d57ef6-dee4e558e2dmr1022404276.3.1715367791474; Fri, 10 May 2024 12:03:11 -0700 (PDT) Date: Fri, 10 May 2024 14:02:31 -0500 In-Reply-To: <20240510190246.3247730-1-jrife@google.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240510190246.3247730-1-jrife@google.com> X-Mailer: git-send-email 2.45.0.118.g7fe29c98d7-goog Message-ID: <20240510190246.3247730-15-jrife@google.com> Subject: [PATCH v1 bpf-next 14/17] selftests/bpf: Expand sockaddr program return value tests From: Jordan Rife To: bpf@vger.kernel.org Cc: Jordan Rife , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Mykola Lysenko , Shuah Khan , Geliang Tang , Daan De Meyer , Shung-Hsi Yu , linux-kselftest@vger.kernel.org X-Patchwork-Delegate: bpf@iogearbox.net This patch expands verifier coverage for program return values to cover bind, connect, sendmsg, getsockname, and getpeername hooks. It also rounds out the recvmsg coverage by adding test cases for recvmsg_unix hooks. Signed-off-by: Jordan Rife --- .../selftests/bpf/progs/verifier_sock_addr.c | 294 ++++++++++++++++++ 1 file changed, 294 insertions(+) diff --git a/tools/testing/selftests/bpf/progs/verifier_sock_addr.c b/tools/testing/selftests/bpf/progs/verifier_sock_addr.c index 5081fa723d3a7..9c31448a0f520 100644 --- a/tools/testing/selftests/bpf/progs/verifier_sock_addr.c +++ b/tools/testing/selftests/bpf/progs/verifier_sock_addr.c @@ -34,4 +34,298 @@ int recvmsg6_bad_return_code(struct bpf_sock_addr *ctx) return 0; } +SEC("cgroup/recvmsg_unix") +__success +int recvmsg_unix_good_return_code(struct bpf_sock_addr *ctx) +{ + return 1; +} + +SEC("cgroup/recvmsg_unix") +__failure __msg("At program exit the register R0 has smin=0 smax=0 should have been in [1, 1]") +int recvmsg_unix_bad_return_code(struct bpf_sock_addr *ctx) +{ + return 0; +} + +SEC("cgroup/sendmsg4") +__success +int sendmsg4_good_return_code_0(struct bpf_sock_addr *ctx) +{ + return 0; +} + +SEC("cgroup/sendmsg4") +__success +int sendmsg4_good_return_code_1(struct bpf_sock_addr *ctx) +{ + return 1; +} + +SEC("cgroup/sendmsg4") +__failure __msg("At program exit the register R0 has smin=2 smax=2 should have been in [0, 1]") +int sendmsg4_bad_return_code(struct bpf_sock_addr *ctx) +{ + return 2; +} + +SEC("cgroup/sendmsg6") +__success +int sendmsg6_good_return_code_0(struct bpf_sock_addr *ctx) +{ + return 0; +} + +SEC("cgroup/sendmsg6") +__success +int sendmsg6_good_return_code_1(struct bpf_sock_addr *ctx) +{ + return 1; +} + +SEC("cgroup/sendmsg6") +__failure __msg("At program exit the register R0 has smin=2 smax=2 should have been in [0, 1]") +int sendmsg6_bad_return_code(struct bpf_sock_addr *ctx) +{ + return 2; +} + +SEC("cgroup/sendmsg_unix") +__success +int sendmsg_unix_good_return_code_0(struct bpf_sock_addr *ctx) +{ + return 0; +} + +SEC("cgroup/sendmsg_unix") +__success +int sendmsg_unix_good_return_code_1(struct bpf_sock_addr *ctx) +{ + return 1; +} + +SEC("cgroup/sendmsg_unix") +__failure __msg("At program exit the register R0 has smin=2 smax=2 should have been in [0, 1]") +int sendmsg_unix_bad_return_code(struct bpf_sock_addr *ctx) +{ + return 2; +} + +SEC("cgroup/getpeername4") +__success +int getpeername4_good_return_code(struct bpf_sock_addr *ctx) +{ + return 1; +} + +SEC("cgroup/getpeername4") +__failure __msg("At program exit the register R0 has smin=0 smax=0 should have been in [1, 1]") +int getpeername4_bad_return_code(struct bpf_sock_addr *ctx) +{ + return 0; +} + +SEC("cgroup/getpeername6") +__success +int getpeername6_good_return_code(struct bpf_sock_addr *ctx) +{ + return 1; +} + +SEC("cgroup/getpeername6") +__failure __msg("At program exit the register R0 has smin=0 smax=0 should have been in [1, 1]") +int getpeername6_bad_return_code(struct bpf_sock_addr *ctx) +{ + return 0; +} + +SEC("cgroup/getpeername_unix") +__success +int getpeername_unix_good_return_code(struct bpf_sock_addr *ctx) +{ + return 1; +} + +SEC("cgroup/getpeername_unix") +__failure __msg("At program exit the register R0 has smin=0 smax=0 should have been in [1, 1]") +int getpeername_unix_bad_return_code(struct bpf_sock_addr *ctx) +{ + return 0; +} + +SEC("cgroup/getsockname4") +__success +int getsockname4_good_return_code(struct bpf_sock_addr *ctx) +{ + return 1; +} + +SEC("cgroup/getsockname4") +__failure __msg("At program exit the register R0 has smin=0 smax=0 should have been in [1, 1]") +int getsockname4_bad_return_code(struct bpf_sock_addr *ctx) +{ + return 0; +} + +SEC("cgroup/getsockname6") +__success +int getsockname6_good_return_code(struct bpf_sock_addr *ctx) +{ + return 1; +} + +SEC("cgroup/getsockname6") +__failure __msg("At program exit the register R0 has smin=0 smax=0 should have been in [1, 1]") +int getsockname6_bad_return_code(struct bpf_sock_addr *ctx) +{ + return 0; +} + +SEC("cgroup/getsockname_unix") +__success +int getsockname_unix_good_return_code(struct bpf_sock_addr *ctx) +{ + return 1; +} + +SEC("cgroup/getsockname_unix") +__failure __msg("At program exit the register R0 has smin=0 smax=0 should have been in [1, 1]") +int getsockname_unix_unix_bad_return_code(struct bpf_sock_addr *ctx) +{ + return 0; +} + +SEC("cgroup/bind4") +__success +int bind4_good_return_code_0(struct bpf_sock_addr *ctx) +{ + return 0; +} + +SEC("cgroup/bind4") +__success +int bind4_good_return_code_1(struct bpf_sock_addr *ctx) +{ + return 1; +} + +SEC("cgroup/bind4") +__success +int bind4_good_return_code_2(struct bpf_sock_addr *ctx) +{ + return 2; +} + +SEC("cgroup/bind4") +__success +int bind4_good_return_code_3(struct bpf_sock_addr *ctx) +{ + return 3; +} + +SEC("cgroup/bind4") +__failure __msg("At program exit the register R0 has smin=4 smax=4 should have been in [0, 3]") +int bind4_bad_return_code(struct bpf_sock_addr *ctx) +{ + return 4; +} + +SEC("cgroup/bind6") +__success +int bind6_good_return_code_0(struct bpf_sock_addr *ctx) +{ + return 0; +} + +SEC("cgroup/bind6") +__success +int bind6_good_return_code_1(struct bpf_sock_addr *ctx) +{ + return 1; +} + +SEC("cgroup/bind6") +__success +int bind6_good_return_code_2(struct bpf_sock_addr *ctx) +{ + return 2; +} + +SEC("cgroup/bind6") +__success +int bind6_good_return_code_3(struct bpf_sock_addr *ctx) +{ + return 3; +} + +SEC("cgroup/bind6") +__failure __msg("At program exit the register R0 has smin=4 smax=4 should have been in [0, 3]") +int bind6_bad_return_code(struct bpf_sock_addr *ctx) +{ + return 4; +} + +SEC("cgroup/connect4") +__success +int connect4_good_return_code_0(struct bpf_sock_addr *ctx) +{ + return 0; +} + +SEC("cgroup/connect4") +__success +int connect4_good_return_code_1(struct bpf_sock_addr *ctx) +{ + return 1; +} + +SEC("cgroup/connect4") +__failure __msg("At program exit the register R0 has smin=2 smax=2 should have been in [0, 1]") +int connect4_bad_return_code(struct bpf_sock_addr *ctx) +{ + return 2; +} + +SEC("cgroup/connect6") +__success +int connect6_good_return_code_0(struct bpf_sock_addr *ctx) +{ + return 0; +} + +SEC("cgroup/connect6") +__success +int connect6_good_return_code_1(struct bpf_sock_addr *ctx) +{ + return 1; +} + +SEC("cgroup/connect6") +__failure __msg("At program exit the register R0 has smin=2 smax=2 should have been in [0, 1]") +int connect6_bad_return_code(struct bpf_sock_addr *ctx) +{ + return 2; +} + +SEC("cgroup/connect_unix") +__success +int connect_unix_good_return_code_0(struct bpf_sock_addr *ctx) +{ + return 0; +} + +SEC("cgroup/connect_unix") +__success +int connect_unix_good_return_code_1(struct bpf_sock_addr *ctx) +{ + return 1; +} + +SEC("cgroup/connect_unix") +__failure __msg("At program exit the register R0 has smin=2 smax=2 should have been in [0, 1]") +int connect_unix_bad_return_code(struct bpf_sock_addr *ctx) +{ + return 2; +} + char _license[] SEC("license") = "GPL"; From patchwork Fri May 10 19:02:32 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jordan Rife X-Patchwork-Id: 13661862 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-yb1-f201.google.com (mail-yb1-f201.google.com [209.85.219.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A1D8448CE0 for ; Fri, 10 May 2024 19:03:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715367796; cv=none; b=l2jfeYVIZlpv1dUq7Hl5lwfN7j9CW6kVbFZCLt+aRLDfXuogq2JlrQwWDm9JFe+LfGQE47gfhKqvCpKIWX1SURWrjPQSCwPBaVb4dwN1g5GAZF/+Fw9oKvGvwL7RVG6Y6I1TBp8lDgYBqX9sEMtENA+YYmv4EC5oSq/R9QJGXYM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715367796; c=relaxed/simple; bh=bRcw1943cH77mG2/ZP6FPr847/uKREi3NhnnCguvWNg=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=OVmMUV4hKbg5W4sShJXl/xysQMHaWExVpyAHD/Tb/un3EpFCV9FBR+lXOcTvlwg0cMHyMI/et11AAbRTjrI9OtWXCAvwy2g0vH2EUjW0TEGNv5dhGMWD44PCoreVEPrLA2AHQHCXwpEAKVT2Na8yPxPDUB5ooVDiWgoHjoLIoeM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--jrife.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=T+3Bi89L; arc=none smtp.client-ip=209.85.219.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--jrife.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="T+3Bi89L" Received: by mail-yb1-f201.google.com with SMTP id 3f1490d57ef6-de61a10141fso3341583276.1 for ; Fri, 10 May 2024 12:03:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1715367794; x=1715972594; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=r9uR3cPOO2I0btChfqLpnIYWCHE0wNIxkZ7R2oIXmu4=; b=T+3Bi89LMjj0OT2qPysx1WdyrTshd13wnnj+KMiIAGEJ3Aonzj46GnRPXIQ/0FgqkC WrXQu7db71DXea+pEpFVRbYXZIix11N6lzL6spEA37LLCqnLBZ+B+RCnlKdkzgM7GD9C LTa63YtlbsdIRCbgNJ9znh+kQBBFLTl6XsAVI1EU6Bj3/L8sbyuBEV/0jjoRwebdKKrM Cjd1UTWI8vXCUoNoZh2tg2hnBtj5IGsQKp/n6xeo1U0C8nQdNKucPn4DkdpLUsThLIvj M4bVRn9ZuLyY1Q5HKdKDsojwZKXnBMpk+tBKDrGrFUumoI0JS7jFx0NVqdCnqo/D1u/e SPWA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715367794; x=1715972594; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=r9uR3cPOO2I0btChfqLpnIYWCHE0wNIxkZ7R2oIXmu4=; b=iJsP8WODzG81IPs1spON/XxtL0mSy63/YO1AMSPUuW9eMaDczMmrJLbaDxjByFBbMP Gqw9tXzI+gn9czg1rnnFOzAN8CH4sRxZduOQpFintOF1SvU54+1P9ppFckL9Bpdy+NZR 92FF2ae/l5JGt7SqYcNrqxf4DlEMSH/epvsllwrnbBv56D/tcCrFhM1e/M6Zg1BsMdKh zWm8to3B5TnT5SJSEreuM5Jby9PXChcr+JoRZ9C+zlxt3Xb0JA+/LWlAavHi33jfSh1S Vu5NXKr/y9v4A2Uu5OeaZn7tPhpVkd4qEieNmxONgPG0q9U4EExl0pdsG0rHd92Jd1Q5 fCcQ== X-Gm-Message-State: AOJu0YxGJ8GSPP5xwC3tA4Sy8di/NOFEZ5mszQqiwzVUe0DuaGjXxiez MQ2A28uWGS48ClhILaN4t5SxUa0CvpRP+EhDcM7cDGUwIirBNwOoTkcqDNpc/Pb1n6hJkgLxXeP EXDIDvTfmHLOn87GP27on1g4aflzLjxVpJQOBe0kbsK/yGuGLZ7k/TFhp5imbiYHcl4XSdSo3aw 2h5ZNNPEc9oju3/ojOWghskpQ= X-Google-Smtp-Source: AGHT+IExMfyEtNP5nY9FWVOf4elIuRS+nOct7NTPxs0AoYN7KiRd1mdk1gSXpLfdshqClFW4EjkLP3FB6Q== X-Received: from jrife.c.googlers.com ([fda3:e722:ac3:cc00:2b:ff92:c0a8:9f]) (user=jrife job=sendgmr) by 2002:a25:1982:0:b0:dcd:2f3e:4d18 with SMTP id 3f1490d57ef6-dee4f364f84mr276030276.12.1715367793177; Fri, 10 May 2024 12:03:13 -0700 (PDT) Date: Fri, 10 May 2024 14:02:32 -0500 In-Reply-To: <20240510190246.3247730-1-jrife@google.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240510190246.3247730-1-jrife@google.com> X-Mailer: git-send-email 2.45.0.118.g7fe29c98d7-goog Message-ID: <20240510190246.3247730-16-jrife@google.com> Subject: [PATCH v1 bpf-next 15/17] sefltests/bpf: Expand sockaddr hook deny tests From: Jordan Rife To: bpf@vger.kernel.org Cc: Jordan Rife , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Mykola Lysenko , Shuah Khan , Geliang Tang , Daan De Meyer , Shung-Hsi Yu , linux-kselftest@vger.kernel.org X-Patchwork-Delegate: bpf@iogearbox.net This patch expands test coverage for EPERM tests to include connect and bind calls and rounds out the coverage for sendmsg by adding tests for sendmsg_unix. Signed-off-by: Jordan Rife --- .../selftests/bpf/prog_tests/sock_addr.c | 342 ++++++++++++++++++ .../testing/selftests/bpf/progs/bind4_prog.c | 6 + .../testing/selftests/bpf/progs/bind6_prog.c | 6 + .../selftests/bpf/progs/connect4_prog.c | 6 + .../selftests/bpf/progs/connect6_prog.c | 6 + .../selftests/bpf/progs/connect_unix_prog.c | 6 + .../selftests/bpf/progs/sendmsg_unix_prog.c | 6 + 7 files changed, 378 insertions(+) diff --git a/tools/testing/selftests/bpf/prog_tests/sock_addr.c b/tools/testing/selftests/bpf/prog_tests/sock_addr.c index ebd5e58e38c5c..0477b4080b2e8 100644 --- a/tools/testing/selftests/bpf/prog_tests/sock_addr.c +++ b/tools/testing/selftests/bpf/prog_tests/sock_addr.c @@ -439,13 +439,18 @@ static void prog_name##_destroy(void *skel) \ BPF_SKEL_FUNCS(bind4_prog, bind_v4_prog); BPF_SKEL_FUNCS_RAW(bind4_prog, bind_v4_prog); +BPF_SKEL_FUNCS(bind4_prog, bind_v4_deny_prog); BPF_SKEL_FUNCS(bind6_prog, bind_v6_prog); BPF_SKEL_FUNCS_RAW(bind6_prog, bind_v6_prog); +BPF_SKEL_FUNCS(bind6_prog, bind_v6_deny_prog); BPF_SKEL_FUNCS(connect4_prog, connect_v4_prog); BPF_SKEL_FUNCS_RAW(connect4_prog, connect_v4_prog); +BPF_SKEL_FUNCS(connect4_prog, connect_v4_deny_prog); BPF_SKEL_FUNCS(connect6_prog, connect_v6_prog); BPF_SKEL_FUNCS_RAW(connect6_prog, connect_v6_prog); +BPF_SKEL_FUNCS(connect6_prog, connect_v6_deny_prog); BPF_SKEL_FUNCS(connect_unix_prog, connect_unix_prog); +BPF_SKEL_FUNCS(connect_unix_prog, connect_unix_deny_prog); BPF_SKEL_FUNCS(sendmsg4_prog, sendmsg_v4_prog); BPF_SKEL_FUNCS_RAW(sendmsg4_prog, sendmsg_v4_prog); BPF_SKEL_FUNCS(sendmsg4_prog, sendmsg_v4_deny_prog); @@ -456,6 +461,7 @@ BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_preserve_dst_prog); BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_v4mapped_prog); BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_wildcard_prog); BPF_SKEL_FUNCS(sendmsg_unix_prog, sendmsg_unix_prog); +BPF_SKEL_FUNCS(sendmsg_unix_prog, sendmsg_unix_deny_prog); BPF_SKEL_FUNCS(recvmsg4_prog, recvmsg4_prog); BPF_SKEL_FUNCS(recvmsg6_prog, recvmsg6_prog); BPF_SKEL_FUNCS(recvmsg_unix_prog, recvmsg_unix_prog); @@ -480,6 +486,22 @@ static struct sock_addr_test tests[] = { NULL, SUCCESS, }, + { + SOCK_ADDR_TEST_BIND, + "bind4: bind deny (stream)", + bind_v4_deny_prog_load, + bind_v4_deny_prog_destroy, + BPF_CGROUP_INET4_BIND, + &user_ops, + AF_INET, + SOCK_STREAM, + SERV4_IP, + SERV4_PORT, + SERV4_REWRITE_IP, + SERV4_REWRITE_PORT, + NULL, + SYSCALL_EPERM, + }, { SOCK_ADDR_TEST_BIND, "bind4: bind (dgram)", @@ -496,6 +518,22 @@ static struct sock_addr_test tests[] = { NULL, SUCCESS, }, + { + SOCK_ADDR_TEST_BIND, + "bind4: bind deny (dgram)", + bind_v4_deny_prog_load, + bind_v4_deny_prog_destroy, + BPF_CGROUP_INET4_BIND, + &user_ops, + AF_INET, + SOCK_DGRAM, + SERV4_IP, + SERV4_PORT, + SERV4_REWRITE_IP, + SERV4_REWRITE_PORT, + NULL, + SYSCALL_EPERM, + }, { SOCK_ADDR_TEST_BIND, "bind4: load prog with wrong expected attach type", @@ -544,6 +582,22 @@ static struct sock_addr_test tests[] = { NULL, SUCCESS, }, + { + SOCK_ADDR_TEST_BIND, + "bind6: bind deny (stream)", + bind_v6_deny_prog_load, + bind_v6_deny_prog_destroy, + BPF_CGROUP_INET6_BIND, + &user_ops, + AF_INET6, + SOCK_STREAM, + SERV6_IP, + SERV6_PORT, + SERV6_REWRITE_IP, + SERV6_REWRITE_PORT, + NULL, + SYSCALL_EPERM, + }, { SOCK_ADDR_TEST_BIND, "bind6: bind (dgram)", @@ -560,6 +614,22 @@ static struct sock_addr_test tests[] = { NULL, SUCCESS, }, + { + SOCK_ADDR_TEST_BIND, + "bind6: bind deny (dgram)", + bind_v6_deny_prog_load, + bind_v6_deny_prog_destroy, + BPF_CGROUP_INET6_BIND, + &user_ops, + AF_INET6, + SOCK_DGRAM, + SERV6_IP, + SERV6_PORT, + SERV6_REWRITE_IP, + SERV6_REWRITE_PORT, + NULL, + SYSCALL_EPERM, + }, { SOCK_ADDR_TEST_BIND, "bind6: load prog with wrong expected attach type", @@ -610,6 +680,22 @@ static struct sock_addr_test tests[] = { NULL, SUCCESS, }, + { + SOCK_ADDR_TEST_BIND, + "bind4: kernel_bind deny (stream)", + bind_v4_deny_prog_load, + bind_v4_deny_prog_destroy, + BPF_CGROUP_INET4_BIND, + &kern_ops_sock_sendmsg, + AF_INET, + SOCK_STREAM, + SERV4_IP, + SERV4_PORT, + SERV4_REWRITE_IP, + SERV4_REWRITE_PORT, + NULL, + SYSCALL_EPERM, + }, { SOCK_ADDR_TEST_BIND, "bind4: kernel_bind (dgram)", @@ -626,6 +712,22 @@ static struct sock_addr_test tests[] = { NULL, SUCCESS, }, + { + SOCK_ADDR_TEST_BIND, + "bind4: kernel_bind deny (dgram)", + bind_v4_deny_prog_load, + bind_v4_deny_prog_destroy, + BPF_CGROUP_INET4_BIND, + &kern_ops_sock_sendmsg, + AF_INET, + SOCK_DGRAM, + SERV4_IP, + SERV4_PORT, + SERV4_REWRITE_IP, + SERV4_REWRITE_PORT, + NULL, + SYSCALL_EPERM, + }, { SOCK_ADDR_TEST_BIND, "bind6: kernel_bind (stream)", @@ -642,6 +744,22 @@ static struct sock_addr_test tests[] = { NULL, SUCCESS, }, + { + SOCK_ADDR_TEST_BIND, + "bind6: kernel_bind deny (stream)", + bind_v6_deny_prog_load, + bind_v6_deny_prog_destroy, + BPF_CGROUP_INET6_BIND, + &kern_ops_sock_sendmsg, + AF_INET6, + SOCK_STREAM, + SERV6_IP, + SERV6_PORT, + SERV6_REWRITE_IP, + SERV6_REWRITE_PORT, + NULL, + SYSCALL_EPERM, + }, { SOCK_ADDR_TEST_BIND, "bind6: kernel_bind (dgram)", @@ -658,6 +776,22 @@ static struct sock_addr_test tests[] = { NULL, SUCCESS, }, + { + SOCK_ADDR_TEST_BIND, + "bind6: kernel_bind deny (dgram)", + bind_v6_deny_prog_load, + bind_v6_deny_prog_destroy, + BPF_CGROUP_INET6_BIND, + &kern_ops_sock_sendmsg, + AF_INET6, + SOCK_DGRAM, + SERV6_IP, + SERV6_PORT, + SERV6_REWRITE_IP, + SERV6_REWRITE_PORT, + NULL, + SYSCALL_EPERM, + }, /* connect - system calls */ { @@ -676,6 +810,22 @@ static struct sock_addr_test tests[] = { SRC4_REWRITE_IP, SUCCESS, }, + { + SOCK_ADDR_TEST_CONNECT, + "connect4: connect deny (stream)", + connect_v4_deny_prog_load, + connect_v4_deny_prog_destroy, + BPF_CGROUP_INET4_CONNECT, + &user_ops, + AF_INET, + SOCK_STREAM, + SERV4_IP, + SERV4_PORT, + SERV4_REWRITE_IP, + SERV4_REWRITE_PORT, + SRC4_REWRITE_IP, + SYSCALL_EPERM, + }, { SOCK_ADDR_TEST_CONNECT, "connect4: connect (dgram)", @@ -692,6 +842,22 @@ static struct sock_addr_test tests[] = { SRC4_REWRITE_IP, SUCCESS, }, + { + SOCK_ADDR_TEST_CONNECT, + "connect4: connect deny (dgram)", + connect_v4_deny_prog_load, + connect_v4_deny_prog_destroy, + BPF_CGROUP_INET4_CONNECT, + &user_ops, + AF_INET, + SOCK_DGRAM, + SERV4_IP, + SERV4_PORT, + SERV4_REWRITE_IP, + SERV4_REWRITE_PORT, + SRC4_REWRITE_IP, + SYSCALL_EPERM, + }, { SOCK_ADDR_TEST_CONNECT, "connect4: load prog with wrong expected attach type", @@ -740,6 +906,22 @@ static struct sock_addr_test tests[] = { SRC6_REWRITE_IP, SUCCESS, }, + { + SOCK_ADDR_TEST_CONNECT, + "connect6: connect deny (stream)", + connect_v6_deny_prog_load, + connect_v6_deny_prog_destroy, + BPF_CGROUP_INET6_CONNECT, + &user_ops, + AF_INET6, + SOCK_STREAM, + SERV6_IP, + SERV6_PORT, + SERV6_REWRITE_IP, + SERV6_REWRITE_PORT, + SRC6_REWRITE_IP, + SYSCALL_EPERM, + }, { SOCK_ADDR_TEST_CONNECT, "connect6: connect (dgram)", @@ -756,6 +938,22 @@ static struct sock_addr_test tests[] = { SRC6_REWRITE_IP, SUCCESS, }, + { + SOCK_ADDR_TEST_CONNECT, + "connect6: connect deny (dgram)", + connect_v6_deny_prog_load, + connect_v6_deny_prog_destroy, + BPF_CGROUP_INET6_CONNECT, + &user_ops, + AF_INET6, + SOCK_DGRAM, + SERV6_IP, + SERV6_PORT, + SERV6_REWRITE_IP, + SERV6_REWRITE_PORT, + SRC6_REWRITE_IP, + SYSCALL_EPERM, + }, { SOCK_ADDR_TEST_CONNECT, "connect6: load prog with wrong expected attach type", @@ -804,6 +1002,22 @@ static struct sock_addr_test tests[] = { NULL, SUCCESS, }, + { + SOCK_ADDR_TEST_CONNECT, + "connect_unix: connect deny (stream)", + connect_unix_deny_prog_load, + connect_unix_deny_prog_destroy, + BPF_CGROUP_UNIX_CONNECT, + &user_ops, + AF_UNIX, + SOCK_STREAM, + SERVUN_ADDRESS, + 0, + SERVUN_REWRITE_ADDRESS, + 0, + NULL, + SYSCALL_EPERM, + }, /* connect - kernel calls */ { @@ -822,6 +1036,22 @@ static struct sock_addr_test tests[] = { SRC4_REWRITE_IP, SUCCESS, }, + { + SOCK_ADDR_TEST_CONNECT, + "connect4: kernel_connect deny (stream)", + connect_v4_deny_prog_load, + connect_v4_deny_prog_destroy, + BPF_CGROUP_INET4_CONNECT, + &kern_ops_sock_sendmsg, + AF_INET, + SOCK_STREAM, + SERV4_IP, + SERV4_PORT, + SERV4_REWRITE_IP, + SERV4_REWRITE_PORT, + SRC4_REWRITE_IP, + SYSCALL_EPERM, + }, { SOCK_ADDR_TEST_CONNECT, "connect4: kernel_connect (dgram)", @@ -838,6 +1068,22 @@ static struct sock_addr_test tests[] = { SRC4_REWRITE_IP, SUCCESS, }, + { + SOCK_ADDR_TEST_CONNECT, + "connect4: kernel_connect deny (dgram)", + connect_v4_deny_prog_load, + connect_v4_deny_prog_destroy, + BPF_CGROUP_INET4_CONNECT, + &kern_ops_sock_sendmsg, + AF_INET, + SOCK_DGRAM, + SERV4_IP, + SERV4_PORT, + SERV4_REWRITE_IP, + SERV4_REWRITE_PORT, + SRC4_REWRITE_IP, + SYSCALL_EPERM, + }, { SOCK_ADDR_TEST_CONNECT, "connect6: kernel_connect (stream)", @@ -854,6 +1100,22 @@ static struct sock_addr_test tests[] = { SRC6_REWRITE_IP, SUCCESS, }, + { + SOCK_ADDR_TEST_CONNECT, + "connect6: kernel_connect deny (stream)", + connect_v6_deny_prog_load, + connect_v6_deny_prog_destroy, + BPF_CGROUP_INET6_CONNECT, + &kern_ops_sock_sendmsg, + AF_INET6, + SOCK_STREAM, + SERV6_IP, + SERV6_PORT, + SERV6_REWRITE_IP, + SERV6_REWRITE_PORT, + SRC6_REWRITE_IP, + SYSCALL_EPERM, + }, { SOCK_ADDR_TEST_CONNECT, "connect6: kernel_connect (dgram)", @@ -870,6 +1132,22 @@ static struct sock_addr_test tests[] = { SRC6_REWRITE_IP, SUCCESS, }, + { + SOCK_ADDR_TEST_CONNECT, + "connect6: kernel_connect deny (dgram)", + connect_v6_deny_prog_load, + connect_v6_deny_prog_destroy, + BPF_CGROUP_INET6_CONNECT, + &kern_ops_sock_sendmsg, + AF_INET6, + SOCK_DGRAM, + SERV6_IP, + SERV6_PORT, + SERV6_REWRITE_IP, + SERV6_REWRITE_PORT, + SRC6_REWRITE_IP, + SYSCALL_EPERM, + }, { SOCK_ADDR_TEST_CONNECT, "connect_unix: kernel_connect (dgram)", @@ -886,6 +1164,22 @@ static struct sock_addr_test tests[] = { NULL, SUCCESS, }, + { + SOCK_ADDR_TEST_CONNECT, + "connect_unix: kernel_connect deny (dgram)", + connect_unix_deny_prog_load, + connect_unix_deny_prog_destroy, + BPF_CGROUP_UNIX_CONNECT, + &kern_ops_sock_sendmsg, + AF_UNIX, + SOCK_STREAM, + SERVUN_ADDRESS, + 0, + SERVUN_REWRITE_ADDRESS, + 0, + NULL, + SYSCALL_EPERM, + }, /* sendmsg - system calls */ { @@ -1080,6 +1374,22 @@ static struct sock_addr_test tests[] = { NULL, SUCCESS, }, + { + SOCK_ADDR_TEST_SENDMSG, + "sendmsg_unix: sendmsg deny (dgram)", + sendmsg_unix_deny_prog_load, + sendmsg_unix_deny_prog_destroy, + BPF_CGROUP_UNIX_SENDMSG, + &user_ops, + AF_UNIX, + SOCK_DGRAM, + SERVUN_ADDRESS, + 0, + SERVUN_REWRITE_ADDRESS, + 0, + NULL, + SYSCALL_EPERM, + }, /* sendmsg - kernel calls (sock_sendmsg) */ { @@ -1178,6 +1488,22 @@ static struct sock_addr_test tests[] = { NULL, SUCCESS, }, + { + SOCK_ADDR_TEST_SENDMSG, + "sendmsg_unix: sock_sendmsg deny (dgram)", + sendmsg_unix_deny_prog_load, + sendmsg_unix_deny_prog_destroy, + BPF_CGROUP_UNIX_SENDMSG, + &kern_ops_sock_sendmsg, + AF_UNIX, + SOCK_DGRAM, + SERVUN_ADDRESS, + 0, + SERVUN_REWRITE_ADDRESS, + 0, + NULL, + SYSCALL_EPERM, + }, /* sendmsg - kernel calls (kernel_sendmsg) */ { @@ -1276,6 +1602,22 @@ static struct sock_addr_test tests[] = { NULL, SUCCESS, }, + { + SOCK_ADDR_TEST_SENDMSG, + "sendmsg_unix: kernel_sendmsg deny (dgram)", + sendmsg_unix_deny_prog_load, + sendmsg_unix_deny_prog_destroy, + BPF_CGROUP_UNIX_SENDMSG, + &kern_ops_kernel_sendmsg, + AF_UNIX, + SOCK_DGRAM, + SERVUN_ADDRESS, + 0, + SERVUN_REWRITE_ADDRESS, + 0, + NULL, + SYSCALL_EPERM, + }, /* recvmsg - system calls */ { diff --git a/tools/testing/selftests/bpf/progs/bind4_prog.c b/tools/testing/selftests/bpf/progs/bind4_prog.c index 66005c1a5b367..b7ddf8ec4ee89 100644 --- a/tools/testing/selftests/bpf/progs/bind4_prog.c +++ b/tools/testing/selftests/bpf/progs/bind4_prog.c @@ -158,4 +158,10 @@ int bind_v4_prog(struct bpf_sock_addr *ctx) return 1; } +SEC("cgroup/bind4") +int bind_v4_deny_prog(struct bpf_sock_addr *ctx) +{ + return 0; +} + char _license[] SEC("license") = "GPL"; diff --git a/tools/testing/selftests/bpf/progs/bind6_prog.c b/tools/testing/selftests/bpf/progs/bind6_prog.c index 9c86c712348cf..501c3fc11d356 100644 --- a/tools/testing/selftests/bpf/progs/bind6_prog.c +++ b/tools/testing/selftests/bpf/progs/bind6_prog.c @@ -175,4 +175,10 @@ int bind_v6_prog(struct bpf_sock_addr *ctx) return 1; } +SEC("cgroup/bind6") +int bind_v6_deny_prog(struct bpf_sock_addr *ctx) +{ + return 0; +} + char _license[] SEC("license") = "GPL"; diff --git a/tools/testing/selftests/bpf/progs/connect4_prog.c b/tools/testing/selftests/bpf/progs/connect4_prog.c index bec529da7c9d2..9e9ebf27b8784 100644 --- a/tools/testing/selftests/bpf/progs/connect4_prog.c +++ b/tools/testing/selftests/bpf/progs/connect4_prog.c @@ -199,4 +199,10 @@ int connect_v4_prog(struct bpf_sock_addr *ctx) return do_bind(ctx) ? 1 : 0; } +SEC("cgroup/connect4") +int connect_v4_deny_prog(struct bpf_sock_addr *ctx) +{ + return 0; +} + char _license[] SEC("license") = "GPL"; diff --git a/tools/testing/selftests/bpf/progs/connect6_prog.c b/tools/testing/selftests/bpf/progs/connect6_prog.c index 40266d2c737c2..e98573b00ddb2 100644 --- a/tools/testing/selftests/bpf/progs/connect6_prog.c +++ b/tools/testing/selftests/bpf/progs/connect6_prog.c @@ -90,4 +90,10 @@ int connect_v6_prog(struct bpf_sock_addr *ctx) return 1; } +SEC("cgroup/connect6") +int connect_v6_deny_prog(struct bpf_sock_addr *ctx) +{ + return 0; +} + char _license[] SEC("license") = "GPL"; diff --git a/tools/testing/selftests/bpf/progs/connect_unix_prog.c b/tools/testing/selftests/bpf/progs/connect_unix_prog.c index 2ef0e0c46d17b..ba60adadb3355 100644 --- a/tools/testing/selftests/bpf/progs/connect_unix_prog.c +++ b/tools/testing/selftests/bpf/progs/connect_unix_prog.c @@ -36,4 +36,10 @@ int connect_unix_prog(struct bpf_sock_addr *ctx) return 1; } +SEC("cgroup/connect_unix") +int connect_unix_deny_prog(struct bpf_sock_addr *ctx) +{ + return 0; +} + char _license[] SEC("license") = "GPL"; diff --git a/tools/testing/selftests/bpf/progs/sendmsg_unix_prog.c b/tools/testing/selftests/bpf/progs/sendmsg_unix_prog.c index d8869b03dda9b..332d0eb1116f8 100644 --- a/tools/testing/selftests/bpf/progs/sendmsg_unix_prog.c +++ b/tools/testing/selftests/bpf/progs/sendmsg_unix_prog.c @@ -36,4 +36,10 @@ int sendmsg_unix_prog(struct bpf_sock_addr *ctx) return 1; } +SEC("cgroup/sendmsg_unix") +int sendmsg_unix_deny_prog(struct bpf_sock_addr *ctx) +{ + return 0; +} + char _license[] SEC("license") = "GPL"; From patchwork Fri May 10 19:02:33 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jordan Rife X-Patchwork-Id: 13661863 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-il1-f201.google.com (mail-il1-f201.google.com [209.85.166.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3ACF445945 for ; Fri, 10 May 2024 19:03:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.166.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715367797; cv=none; b=uiePFXO2hQ4FD6uNbnj4NT6tsePRJN0zutWJAerU6dsH0AQHF95Nzcuk5N12mGfz79sOCMb9NpFRdzXfgqfU3QHY4YwR33BTIuMwb+2tw/aWK3Yj5hnt0x+MTKR/jetm0UBUA59ryuaET7U8XZcN7Nc012BMIv8DfwOfg9CRxxY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715367797; c=relaxed/simple; bh=T0zjrJP+NJhtEGA7To/nE1u/4nq/7/uZUvODiMREuBI=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=eF9Uelf5CGEGEyjMktdrzETvNwBmiPBxgnTAgf0rXDw8MKMf8B9lE8dMN91Kax9tMDKIfEDgBfz7c25nht23xeiab04hmyhLJ4+nNdyjM6Nq+3oSmAoSG51jIrGznumnhKf7R1oXp98G8+yeI2bOok9NZrEJcACdly7t15YOrgU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--jrife.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=W3FTIWyO; arc=none smtp.client-ip=209.85.166.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--jrife.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="W3FTIWyO" Received: by mail-il1-f201.google.com with SMTP id e9e14a558f8ab-36c5ed3322aso23508675ab.1 for ; Fri, 10 May 2024 12:03:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1715367795; x=1715972595; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=0LG6b+p0f7R0KZLw/Ip8/hPBsUvl5qeWsV9/q9Vz57w=; b=W3FTIWyOJuvS1qB8QlH5+gtPX/upTdQUhX38P2t33FX0+HKyMPd3Kkgc8BZCApY37i r/N6X3v4ZKP4YG8NUaRhwNQ8J9vPAL1BuMBzyE0ooxMsOFqJguNSrelCMHbyK4uPDLgZ ZlF1txSBi1qb0/pC2BdmdTbsouCt3MJdzVvjBRLtu08iK7BXJRe6hTgHBOhYBQR+Spyj Z7uj2Kc94QRnXllthxH6pPhg+XH+eGKQQPYHRps0CYN4XlbcN6RyAVAvVFEulUCP0Alx QTEp/EfEV1SNfrCTu98QFEOE40k6ZyFJPsQCS8TYO7ztyMhWsTXRPC9hxZf0L4hrDvo8 SU1w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715367795; x=1715972595; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=0LG6b+p0f7R0KZLw/Ip8/hPBsUvl5qeWsV9/q9Vz57w=; b=cGSeJSWY+BkZyw/4ruOWRV91Ll+fbf4AqZofRzqhzwMlbtVjSWDnyUFzjYHaY83Aeq ONqXVpnKQLEoOXQsdjo6B00r28lVvJufztdJDoqXEAZh8lRDqodnrJP2RjMJQCLXTKr8 j2JQMjXHT+0xjlTXWYw3vWJb26pRqVpfKZ9aOgZgLYsaWImijhVIXI5VPA6difxK/c4C Yn8talp7FOuad54S4PRig+mRIa9weCkmF26r4krnKdcgvpLvDtX8DJLiAW7AyyDORpTs 7ceLgKVWipzy/kc65QtoK57oPuZu1q00QWeMw+JOCVs7EjO6PSRF3hBNUxMDNJCzGG6W DRgg== X-Gm-Message-State: AOJu0YwjM4T1RBB13WatF9SNa1gdkVwAAQssnWwxh4pKElpUQmBrZ7EX vpO9N8XV6HupQwOdPp15uKn4TNvSYG0xIaewmkm7nSzuUhRpf3YnuBCwbj5DsWJclV+iPJQDMsn rPNv9ogUOVXfkRS7Ujh3Ea3pUK+g0IUUDg7CfwtunQnhne4188WNbVQtO7yjxX5FW6eW1+Q2uXf Od1oiNdOrHa6UHhSiVYMpnpKI= X-Google-Smtp-Source: AGHT+IHVC4ksDd3n7KP2LAYtsFvQfCVmcXKbRCGGlpyadJiSUQMW0cVNS8pn76DZJX3NrUtP3u1dSUpg7Q== X-Received: from jrife.c.googlers.com ([fda3:e722:ac3:cc00:2b:ff92:c0a8:9f]) (user=jrife job=sendgmr) by 2002:a92:2902:0:b0:36c:11a0:7878 with SMTP id e9e14a558f8ab-36cc145874amr704145ab.2.1715367795052; Fri, 10 May 2024 12:03:15 -0700 (PDT) Date: Fri, 10 May 2024 14:02:33 -0500 In-Reply-To: <20240510190246.3247730-1-jrife@google.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240510190246.3247730-1-jrife@google.com> X-Mailer: git-send-email 2.45.0.118.g7fe29c98d7-goog Message-ID: <20240510190246.3247730-17-jrife@google.com> Subject: [PATCH v1 bpf-next 16/17] selftests/bpf: Expand getsockname and getpeername tests From: Jordan Rife To: bpf@vger.kernel.org Cc: Jordan Rife , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Mykola Lysenko , Shuah Khan , Geliang Tang , Daan De Meyer , Shung-Hsi Yu , linux-kselftest@vger.kernel.org X-Patchwork-Delegate: bpf@iogearbox.net This expands coverage for getsockname and getpeername hooks to include getsockname4, getsockname6, getpeername4, and getpeername6. Signed-off-by: Jordan Rife --- .../selftests/bpf/prog_tests/sock_addr.c | 304 +++++++++++++++++- .../selftests/bpf/progs/getpeername4_prog.c | 24 ++ .../selftests/bpf/progs/getpeername6_prog.c | 31 ++ .../selftests/bpf/progs/getsockname4_prog.c | 24 ++ .../selftests/bpf/progs/getsockname6_prog.c | 31 ++ 5 files changed, 412 insertions(+), 2 deletions(-) create mode 100644 tools/testing/selftests/bpf/progs/getpeername4_prog.c create mode 100644 tools/testing/selftests/bpf/progs/getpeername6_prog.c create mode 100644 tools/testing/selftests/bpf/progs/getsockname4_prog.c create mode 100644 tools/testing/selftests/bpf/progs/getsockname6_prog.c diff --git a/tools/testing/selftests/bpf/prog_tests/sock_addr.c b/tools/testing/selftests/bpf/prog_tests/sock_addr.c index 0477b4080b2e8..a0a40bdcfe45c 100644 --- a/tools/testing/selftests/bpf/prog_tests/sock_addr.c +++ b/tools/testing/selftests/bpf/prog_tests/sock_addr.c @@ -15,7 +15,11 @@ #include "recvmsg6_prog.skel.h" #include "sendmsg_unix_prog.skel.h" #include "recvmsg_unix_prog.skel.h" +#include "getsockname4_prog.skel.h" +#include "getsockname6_prog.skel.h" #include "getsockname_unix_prog.skel.h" +#include "getpeername4_prog.skel.h" +#include "getpeername6_prog.skel.h" #include "getpeername_unix_prog.skel.h" #include "network_helpers.h" @@ -466,7 +470,11 @@ BPF_SKEL_FUNCS(recvmsg4_prog, recvmsg4_prog); BPF_SKEL_FUNCS(recvmsg6_prog, recvmsg6_prog); BPF_SKEL_FUNCS(recvmsg_unix_prog, recvmsg_unix_prog); BPF_SKEL_FUNCS(getsockname_unix_prog, getsockname_unix_prog); +BPF_SKEL_FUNCS(getsockname4_prog, getsockname_v4_prog); +BPF_SKEL_FUNCS(getsockname6_prog, getsockname_v6_prog); BPF_SKEL_FUNCS(getpeername_unix_prog, getpeername_unix_prog); +BPF_SKEL_FUNCS(getpeername4_prog, getpeername_v4_prog); +BPF_SKEL_FUNCS(getpeername6_prog, getpeername_v6_prog); static struct sock_addr_test tests[] = { /* bind - system calls */ @@ -1688,7 +1696,71 @@ static struct sock_addr_test tests[] = { /* getsockname - system calls */ { SOCK_ADDR_TEST_GETSOCKNAME, - "getsockname_unix", + "getsockname4: getsockname (stream)", + getsockname_v4_prog_load, + getsockname_v4_prog_destroy, + BPF_CGROUP_INET4_GETSOCKNAME, + &user_ops, + AF_INET, + SOCK_STREAM, + SERV4_REWRITE_IP, + SERV4_REWRITE_PORT, + SERV4_IP, + SERV4_PORT, + NULL, + SUCCESS, + }, + { + SOCK_ADDR_TEST_GETSOCKNAME, + "getsockname4: getsockname (dgram)", + getsockname_v4_prog_load, + getsockname_v4_prog_destroy, + BPF_CGROUP_INET4_GETSOCKNAME, + &user_ops, + AF_INET, + SOCK_DGRAM, + SERV4_REWRITE_IP, + SERV4_REWRITE_PORT, + SERV4_IP, + SERV4_PORT, + NULL, + SUCCESS, + }, + { + SOCK_ADDR_TEST_GETSOCKNAME, + "getsockname6: getsockname (stream)", + getsockname_v6_prog_load, + getsockname_v6_prog_destroy, + BPF_CGROUP_INET6_GETSOCKNAME, + &user_ops, + AF_INET6, + SOCK_STREAM, + SERV6_REWRITE_IP, + SERV6_REWRITE_PORT, + SERV6_IP, + SERV6_PORT, + NULL, + SUCCESS, + }, + { + SOCK_ADDR_TEST_GETSOCKNAME, + "getsockname6: getsockname (dgram)", + getsockname_v6_prog_load, + getsockname_v6_prog_destroy, + BPF_CGROUP_INET6_GETSOCKNAME, + &user_ops, + AF_INET6, + SOCK_DGRAM, + SERV6_REWRITE_IP, + SERV6_REWRITE_PORT, + SERV6_IP, + SERV6_PORT, + NULL, + SUCCESS, + }, + { + SOCK_ADDR_TEST_GETSOCKNAME, + "getsockname_unix: getsockname", getsockname_unix_prog_load, getsockname_unix_prog_destroy, BPF_CGROUP_UNIX_GETSOCKNAME, @@ -1703,10 +1775,156 @@ static struct sock_addr_test tests[] = { SUCCESS, }, + /* getsockname - kernel calls */ + { + SOCK_ADDR_TEST_GETSOCKNAME, + "getsockname4: kernel_getsockname (stream)", + getsockname_v4_prog_load, + getsockname_v4_prog_destroy, + BPF_CGROUP_INET4_GETSOCKNAME, + &kern_ops_kernel_sendmsg, + AF_INET, + SOCK_STREAM, + SERV4_REWRITE_IP, + SERV4_REWRITE_PORT, + SERV4_IP, + SERV4_PORT, + NULL, + SUCCESS, + }, + { + SOCK_ADDR_TEST_GETSOCKNAME, + "getsockname4: kernel_getsockname (dgram)", + getsockname_v4_prog_load, + getsockname_v4_prog_destroy, + BPF_CGROUP_INET4_GETSOCKNAME, + &kern_ops_kernel_sendmsg, + AF_INET, + SOCK_DGRAM, + SERV4_REWRITE_IP, + SERV4_REWRITE_PORT, + SERV4_IP, + SERV4_PORT, + NULL, + SUCCESS, + }, + { + SOCK_ADDR_TEST_GETSOCKNAME, + "getsockname6: kernel_getsockname (stream)", + getsockname_v6_prog_load, + getsockname_v6_prog_destroy, + BPF_CGROUP_INET6_GETSOCKNAME, + &kern_ops_kernel_sendmsg, + AF_INET6, + SOCK_STREAM, + SERV6_REWRITE_IP, + SERV6_REWRITE_PORT, + SERV6_IP, + SERV6_PORT, + NULL, + SUCCESS, + }, + { + SOCK_ADDR_TEST_GETSOCKNAME, + "getsockname6: kernel_getsockname (dgram)", + getsockname_v6_prog_load, + getsockname_v6_prog_destroy, + BPF_CGROUP_INET6_GETSOCKNAME, + &kern_ops_kernel_sendmsg, + AF_INET6, + SOCK_DGRAM, + SERV6_REWRITE_IP, + SERV6_REWRITE_PORT, + SERV6_IP, + SERV6_PORT, + NULL, + SUCCESS, + }, + { + SOCK_ADDR_TEST_GETSOCKNAME, + "getsockname_unix: kernel_getsockname", + getsockname_unix_prog_load, + getsockname_unix_prog_destroy, + BPF_CGROUP_UNIX_GETSOCKNAME, + &kern_ops_kernel_sendmsg, + AF_UNIX, + SOCK_STREAM, + SERVUN_ADDRESS, + 0, + SERVUN_REWRITE_ADDRESS, + 0, + NULL, + SUCCESS, + }, + /* getpeername - system calls */ { SOCK_ADDR_TEST_GETPEERNAME, - "getpeername_unix", + "getpeername4: getpeername (stream)", + getpeername_v4_prog_load, + getpeername_v4_prog_destroy, + BPF_CGROUP_INET4_GETPEERNAME, + &user_ops, + AF_INET, + SOCK_STREAM, + SERV4_REWRITE_IP, + SERV4_REWRITE_PORT, + SERV4_IP, + SERV4_PORT, + NULL, + SUCCESS, + }, + { + SOCK_ADDR_TEST_GETPEERNAME, + "getpeername4: getpeername (dgram)", + getpeername_v4_prog_load, + getpeername_v4_prog_destroy, + BPF_CGROUP_INET4_GETPEERNAME, + &user_ops, + AF_INET, + SOCK_DGRAM, + SERV4_REWRITE_IP, + SERV4_REWRITE_PORT, + SERV4_IP, + SERV4_PORT, + NULL, + SUCCESS, + }, + { + SOCK_ADDR_TEST_GETPEERNAME, + "getpeername6: getpeername (stream)", + getpeername_v6_prog_load, + getpeername_v6_prog_destroy, + BPF_CGROUP_INET6_GETPEERNAME, + &user_ops, + AF_INET6, + SOCK_STREAM, + SERV6_REWRITE_IP, + SERV6_REWRITE_PORT, + SERV6_IP, + SERV6_PORT, + NULL, + SUCCESS, + }, + { + SOCK_ADDR_TEST_GETPEERNAME, + "getpeername6: getpeername (dgram)", + getpeername_v6_prog_load, + getpeername_v6_prog_destroy, + BPF_CGROUP_INET6_GETPEERNAME, + &user_ops, + AF_INET6, + SOCK_DGRAM, + SERV6_REWRITE_IP, + SERV6_REWRITE_PORT, + SERV6_IP, + SERV6_PORT, + NULL, + SUCCESS, + }, + { + SOCK_ADDR_TEST_GETPEERNAME, + "getpeername_unix: getpeername", getpeername_unix_prog_load, getpeername_unix_prog_destroy, BPF_CGROUP_UNIX_GETPEERNAME, @@ -1720,6 +1938,88 @@ static struct sock_addr_test tests[] = { NULL, SUCCESS, }, + + /* getpeername - kernel calls */ + { + SOCK_ADDR_TEST_GETPEERNAME, + "getpeername4: kernel_getpeername (stream)", + getpeername_v4_prog_load, + getpeername_v4_prog_destroy, + BPF_CGROUP_INET4_GETPEERNAME, + &kern_ops_kernel_sendmsg, + AF_INET, + SOCK_STREAM, + SERV4_REWRITE_IP, + SERV4_REWRITE_PORT, + SERV4_IP, + SERV4_PORT, + NULL, + SUCCESS, + }, + { + SOCK_ADDR_TEST_GETPEERNAME, + "getpeername4: kernel_getpeername (dgram)", + getpeername_v4_prog_load, + getpeername_v4_prog_destroy, + BPF_CGROUP_INET4_GETPEERNAME, + &kern_ops_kernel_sendmsg, + AF_INET, + SOCK_DGRAM, + SERV4_REWRITE_IP, + SERV4_REWRITE_PORT, + SERV4_IP, + SERV4_PORT, + NULL, + SUCCESS, + }, + { + SOCK_ADDR_TEST_GETPEERNAME, + "getpeername6: kernel_getpeername (stream)", + getpeername_v6_prog_load, + getpeername_v6_prog_destroy, + BPF_CGROUP_INET6_GETPEERNAME, + &kern_ops_kernel_sendmsg, + AF_INET6, + SOCK_STREAM, + SERV6_REWRITE_IP, + SERV6_REWRITE_PORT, + SERV6_IP, + SERV6_PORT, + NULL, + SUCCESS, + }, + { + SOCK_ADDR_TEST_GETPEERNAME, + "getpeername6: kernel_getpeername (dgram)", + getpeername_v6_prog_load, + getpeername_v6_prog_destroy, + BPF_CGROUP_INET6_GETPEERNAME, + &kern_ops_kernel_sendmsg, + AF_INET6, + SOCK_DGRAM, + SERV6_REWRITE_IP, + SERV6_REWRITE_PORT, + SERV6_IP, + SERV6_PORT, + NULL, + SUCCESS, + }, + { + SOCK_ADDR_TEST_GETPEERNAME, + "getpeername_unix: kernel_getpeername", + getpeername_unix_prog_load, + getpeername_unix_prog_destroy, + BPF_CGROUP_UNIX_GETPEERNAME, + &kern_ops_kernel_sendmsg, + AF_UNIX, + SOCK_STREAM, + SERVUN_ADDRESS, + 0, + SERVUN_REWRITE_ADDRESS, + 0, + NULL, + SUCCESS, + }, }; typedef int (*info_fn)(int, struct sockaddr *, socklen_t *); diff --git a/tools/testing/selftests/bpf/progs/getpeername4_prog.c b/tools/testing/selftests/bpf/progs/getpeername4_prog.c new file mode 100644 index 0000000000000..4c97208cd25dd --- /dev/null +++ b/tools/testing/selftests/bpf/progs/getpeername4_prog.c @@ -0,0 +1,24 @@ +// SPDX-License-Identifier: GPL-2.0 +/* Copyright (c) 2024 Google LLC */ + +#include "vmlinux.h" + +#include +#include +#include +#include +#include "bpf_kfuncs.h" + +#define REWRITE_ADDRESS_IP4 0xc0a801fe // 192.168.1.254 +#define REWRITE_ADDRESS_PORT4 4040 + +SEC("cgroup/getpeername4") +int getpeername_v4_prog(struct bpf_sock_addr *ctx) +{ + ctx->user_ip4 = bpf_htonl(REWRITE_ADDRESS_IP4); + ctx->user_port = bpf_htons(REWRITE_ADDRESS_PORT4); + + return 1; +} + +char _license[] SEC("license") = "GPL"; diff --git a/tools/testing/selftests/bpf/progs/getpeername6_prog.c b/tools/testing/selftests/bpf/progs/getpeername6_prog.c new file mode 100644 index 0000000000000..070e4d7f636c9 --- /dev/null +++ b/tools/testing/selftests/bpf/progs/getpeername6_prog.c @@ -0,0 +1,31 @@ +// SPDX-License-Identifier: GPL-2.0 +/* Copyright (c) 2024 Google LLC */ + +#include "vmlinux.h" + +#include +#include +#include +#include +#include "bpf_kfuncs.h" + +#define REWRITE_ADDRESS_IP6_0 0xfaceb00c +#define REWRITE_ADDRESS_IP6_1 0x12345678 +#define REWRITE_ADDRESS_IP6_2 0x00000000 +#define REWRITE_ADDRESS_IP6_3 0x0000abcd + +#define REWRITE_ADDRESS_PORT6 6060 + +SEC("cgroup/getpeername6") +int getpeername_v6_prog(struct bpf_sock_addr *ctx) +{ + ctx->user_ip6[0] = bpf_htonl(REWRITE_ADDRESS_IP6_0); + ctx->user_ip6[1] = bpf_htonl(REWRITE_ADDRESS_IP6_1); + ctx->user_ip6[2] = bpf_htonl(REWRITE_ADDRESS_IP6_2); + ctx->user_ip6[3] = bpf_htonl(REWRITE_ADDRESS_IP6_3); + ctx->user_port = bpf_htons(REWRITE_ADDRESS_PORT6); + + return 1; +} + +char _license[] SEC("license") = "GPL"; diff --git a/tools/testing/selftests/bpf/progs/getsockname4_prog.c b/tools/testing/selftests/bpf/progs/getsockname4_prog.c new file mode 100644 index 0000000000000..e298487c63474 --- /dev/null +++ b/tools/testing/selftests/bpf/progs/getsockname4_prog.c @@ -0,0 +1,24 @@ +// SPDX-License-Identifier: GPL-2.0 +/* Copyright (c) 2024 Google LLC */ + +#include "vmlinux.h" + +#include +#include +#include +#include +#include "bpf_kfuncs.h" + +#define REWRITE_ADDRESS_IP4 0xc0a801fe // 192.168.1.254 +#define REWRITE_ADDRESS_PORT4 4040 + +SEC("cgroup/getsockname4") +int getsockname_v4_prog(struct bpf_sock_addr *ctx) +{ + ctx->user_ip4 = bpf_htonl(REWRITE_ADDRESS_IP4); + ctx->user_port = bpf_htons(REWRITE_ADDRESS_PORT4); + + return 1; +} + +char _license[] SEC("license") = "GPL"; diff --git a/tools/testing/selftests/bpf/progs/getsockname6_prog.c b/tools/testing/selftests/bpf/progs/getsockname6_prog.c new file mode 100644 index 0000000000000..811d10cd55258 --- /dev/null +++ b/tools/testing/selftests/bpf/progs/getsockname6_prog.c @@ -0,0 +1,31 @@ +// SPDX-License-Identifier: GPL-2.0 +/* Copyright (c) 2024 Google LLC */ + +#include "vmlinux.h" + +#include +#include +#include +#include +#include "bpf_kfuncs.h" + +#define REWRITE_ADDRESS_IP6_0 0xfaceb00c +#define REWRITE_ADDRESS_IP6_1 0x12345678 +#define REWRITE_ADDRESS_IP6_2 0x00000000 +#define REWRITE_ADDRESS_IP6_3 0x0000abcd + +#define REWRITE_ADDRESS_PORT6 6060 + +SEC("cgroup/getsockname6") +int getsockname_v6_prog(struct bpf_sock_addr *ctx) +{ + ctx->user_ip6[0] = bpf_htonl(REWRITE_ADDRESS_IP6_0); + ctx->user_ip6[1] = bpf_htonl(REWRITE_ADDRESS_IP6_1); + ctx->user_ip6[2] = bpf_htonl(REWRITE_ADDRESS_IP6_2); + ctx->user_ip6[3] = bpf_htonl(REWRITE_ADDRESS_IP6_3); + ctx->user_port = bpf_htons(REWRITE_ADDRESS_PORT6); + + return 1; +} + +char _license[] SEC("license") = "GPL"; From patchwork Fri May 10 19:02:34 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jordan Rife X-Patchwork-Id: 13661864 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-io1-f73.google.com (mail-io1-f73.google.com [209.85.166.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9B4A14AEDA for ; Fri, 10 May 2024 19:03:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.166.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715367799; cv=none; b=WqSp9Z20qx2G+hNqjDK6tt5Urd78DUkFl5ChdA2UQVSQlgMAwXsDIOdzofqlMOxfBthz+ab/JuhBmpMeph2L6ou3tPek4MY8mpzKph+ykYRBvy7kqq9GAB84aNjFm62EujBLCrOQWzuvfhI+hGBZVH6pZfHPfgFIpzH0LM/1p9M= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715367799; c=relaxed/simple; bh=QPt649Dq3mtHzhRuSP7r3zVF2ZsUvH7Go6Z0gBLMFMs=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=tyojjtkbNugkPOWcncxSscb8jtQ1Cuz4R6mv1Al8O4P4KlmvrAbuOWIj4M5gPBlgKigE3ycVOUf+bjK6gBn/ymgI5ScyOmTWDfYzIIZZpcv8zhQM+VWBDkWaJbWw6NKIAvpS2+PCqCrBY7Bdaebx6pdM/n8BrhARQMlZdKuch04= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--jrife.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=SwD3aY8S; arc=none smtp.client-ip=209.85.166.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--jrife.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="SwD3aY8S" Received: by mail-io1-f73.google.com with SMTP id ca18e2360f4ac-7e1ac2fbcb7so217981139f.0 for ; Fri, 10 May 2024 12:03:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1715367797; x=1715972597; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=IbaVMkO2P+QgmzRRc4Phg/jScUnbUBiKXRLvfEhKm3I=; b=SwD3aY8Srhw9bA5wHdZY72yS3ztIZ6Am7p6Bgomy5toaB4BgFluJvSzG4WHymFGgfV PX8NHAICDPDt6he9s9T6mVOB4LI8eZL32NT7gbjOBO0iWSoTRWBvSmmsUV1q+fISZYX8 qo9CeA43EraCEDk6xBfq09exFDu/kYANyJrbwdzHVJ+mcSopTlcV7kEg2MNwIiCF58FH LygpdNKdzABBloBE2mX97r7ntw6/GO9h4uqK9RVcS7E2VVg2HB5UKTYwlqkZv22D+ga/ hWtITy+ngfKLrBr9XKNIX4zH23fYC3A73T+5fj3B+7LhFTnBnlBWJMTKwEO6llhx0gtb ucLw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715367797; x=1715972597; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=IbaVMkO2P+QgmzRRc4Phg/jScUnbUBiKXRLvfEhKm3I=; b=A974Hy2OKCFw6x3SxZv1WGxmsawwUw1tFjxdEolWjQgV3R9r+IvjJNP4fIQ8wkCDfI H1mGEsSxM8nGuh0+H7WmzrV3vH/pgiQWRqaGFGnjrQHd1oOEGs+uUGLhNBP4OLnbfhzc /I7vJyliIt9tD1oLieD5vTVFFE3aGV32LNXBqD+H8MXbi1tRU2C/tR9lUXYcPu2v6Mo6 MTpcpdv/HYDumeIWKhpmGLOYDBE2smuCLKAvyvtk2xjeODedfNM5Tf6m8q+wGQk37Lc/ TR4hxars4Ls1WBWFSk2WMYAI8sr0qG23xYv1NMgBy7XxXaDKrQ1dHoQmYp+yrGU/miew G2aw== X-Gm-Message-State: AOJu0YyQXEfXxYF4StmopvCb5Fmod5KXWg2wycw27Sz/w5tLVJbmUFie f3P1vvUfMec7ZS4H8Y1tLARPjuKpobvVP9C+r1erqWAU5h11r0clLHqMBK1JWMDW9iQSAtpU1hu //qmMmLvQ2seYpXclUKQ8u6ERjeMoXoXm13iZf/O7HcZNuK2tWX4AbXBvZx5FSA0BFjHP8rCd0L 2uKKvW10ArHmuONNpoGCYmfio= X-Google-Smtp-Source: AGHT+IE7+mASQWmwirWTE6yXAEFJCe7/EnyVUryg635Q/JMBNIpF0Ze9+QR3WVcNWK828oKdagiV0KtiyA== X-Received: from jrife.c.googlers.com ([fda3:e722:ac3:cc00:2b:ff92:c0a8:9f]) (user=jrife job=sendgmr) by 2002:a05:6638:379a:b0:488:d489:3940 with SMTP id 8926c6da1cb9f-48958c05a44mr197721173.3.1715367796897; Fri, 10 May 2024 12:03:16 -0700 (PDT) Date: Fri, 10 May 2024 14:02:34 -0500 In-Reply-To: <20240510190246.3247730-1-jrife@google.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240510190246.3247730-1-jrife@google.com> X-Mailer: git-send-email 2.45.0.118.g7fe29c98d7-goog Message-ID: <20240510190246.3247730-18-jrife@google.com> Subject: [PATCH v1 bpf-next 17/17] selftests/bpf: Expand ATTACH_REJECT tests From: Jordan Rife To: bpf@vger.kernel.org Cc: Jordan Rife , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Mykola Lysenko , Shuah Khan , Geliang Tang , Daan De Meyer , Shung-Hsi Yu , linux-kselftest@vger.kernel.org X-Patchwork-Delegate: bpf@iogearbox.net This expands coverage for ATTACH_REJECT tests to include connect_unix, sendmsg_unix, recvmsg*, getsockname*, and getpeername*. Signed-off-by: Jordan Rife --- .../selftests/bpf/prog_tests/sock_addr.c | 187 ++++++++++++++++++ 1 file changed, 187 insertions(+) diff --git a/tools/testing/selftests/bpf/prog_tests/sock_addr.c b/tools/testing/selftests/bpf/prog_tests/sock_addr.c index a0a40bdcfe45c..b880c564a2047 100644 --- a/tools/testing/selftests/bpf/prog_tests/sock_addr.c +++ b/tools/testing/selftests/bpf/prog_tests/sock_addr.c @@ -454,6 +454,7 @@ BPF_SKEL_FUNCS(connect6_prog, connect_v6_prog); BPF_SKEL_FUNCS_RAW(connect6_prog, connect_v6_prog); BPF_SKEL_FUNCS(connect6_prog, connect_v6_deny_prog); BPF_SKEL_FUNCS(connect_unix_prog, connect_unix_prog); +BPF_SKEL_FUNCS_RAW(connect_unix_prog, connect_unix_prog); BPF_SKEL_FUNCS(connect_unix_prog, connect_unix_deny_prog); BPF_SKEL_FUNCS(sendmsg4_prog, sendmsg_v4_prog); BPF_SKEL_FUNCS_RAW(sendmsg4_prog, sendmsg_v4_prog); @@ -465,16 +466,26 @@ BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_preserve_dst_prog); BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_v4mapped_prog); BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_wildcard_prog); BPF_SKEL_FUNCS(sendmsg_unix_prog, sendmsg_unix_prog); +BPF_SKEL_FUNCS_RAW(sendmsg_unix_prog, sendmsg_unix_prog); BPF_SKEL_FUNCS(sendmsg_unix_prog, sendmsg_unix_deny_prog); BPF_SKEL_FUNCS(recvmsg4_prog, recvmsg4_prog); +BPF_SKEL_FUNCS_RAW(recvmsg4_prog, recvmsg4_prog); BPF_SKEL_FUNCS(recvmsg6_prog, recvmsg6_prog); +BPF_SKEL_FUNCS_RAW(recvmsg6_prog, recvmsg6_prog); BPF_SKEL_FUNCS(recvmsg_unix_prog, recvmsg_unix_prog); +BPF_SKEL_FUNCS_RAW(recvmsg_unix_prog, recvmsg_unix_prog); BPF_SKEL_FUNCS(getsockname_unix_prog, getsockname_unix_prog); +BPF_SKEL_FUNCS_RAW(getsockname_unix_prog, getsockname_unix_prog); BPF_SKEL_FUNCS(getsockname4_prog, getsockname_v4_prog); +BPF_SKEL_FUNCS_RAW(getsockname4_prog, getsockname_v4_prog); BPF_SKEL_FUNCS(getsockname6_prog, getsockname_v6_prog); +BPF_SKEL_FUNCS_RAW(getsockname6_prog, getsockname_v6_prog); BPF_SKEL_FUNCS(getpeername_unix_prog, getpeername_unix_prog); +BPF_SKEL_FUNCS_RAW(getpeername_unix_prog, getpeername_unix_prog); BPF_SKEL_FUNCS(getpeername4_prog, getpeername_v4_prog); +BPF_SKEL_FUNCS_RAW(getpeername4_prog, getpeername_v4_prog); BPF_SKEL_FUNCS(getpeername6_prog, getpeername_v6_prog); +BPF_SKEL_FUNCS_RAW(getpeername6_prog, getpeername_v6_prog); static struct sock_addr_test tests[] = { /* bind - system calls */ @@ -1026,6 +1037,22 @@ static struct sock_addr_test tests[] = { NULL, SYSCALL_EPERM, }, + { + SOCK_ADDR_TEST_CONNECT, + "connect_unix: attach prog with wrong attach type", + connect_unix_prog_load_raw, + connect_unix_prog_destroy_raw, + BPF_CGROUP_INET4_CONNECT, + &user_ops, + AF_UNIX, + SOCK_STREAM, + SERVUN_ADDRESS, + 0, + SERVUN_REWRITE_ADDRESS, + 0, + NULL, + ATTACH_REJECT, + }, /* connect - kernel calls */ { @@ -1398,6 +1425,22 @@ static struct sock_addr_test tests[] = { NULL, SYSCALL_EPERM, }, + { + SOCK_ADDR_TEST_SENDMSG, + "sendmsg_unix: attach prog with wrong attach type", + sendmsg_unix_prog_load_raw, + sendmsg_unix_prog_destroy_raw, + BPF_CGROUP_UDP4_SENDMSG, + &user_ops, + AF_UNIX, + SOCK_DGRAM, + SERVUN_ADDRESS, + 0, + SERVUN_REWRITE_ADDRESS, + 0, + NULL, + ATTACH_REJECT, + }, /* sendmsg - kernel calls (sock_sendmsg) */ { @@ -1644,6 +1687,22 @@ static struct sock_addr_test tests[] = { SERV4_IP, SUCCESS, }, + { + SOCK_ADDR_TEST_RECVMSG, + "recvmsg4: attach prog with wrong attach type", + recvmsg4_prog_load_raw, + recvmsg4_prog_destroy_raw, + BPF_CGROUP_UDP6_RECVMSG, + &user_ops, + AF_INET, + SOCK_DGRAM, + SERV4_REWRITE_IP, + SERV4_REWRITE_PORT, + SERV4_REWRITE_IP, + SERV4_REWRITE_PORT, + SERV4_IP, + ATTACH_REJECT, + }, { SOCK_ADDR_TEST_RECVMSG, "recvmsg6: recvfrom (dgram)", @@ -1660,6 +1719,22 @@ static struct sock_addr_test tests[] = { SERV6_IP, SUCCESS, }, + { + SOCK_ADDR_TEST_RECVMSG, + "recvmsg6: attach prog with wrong attach type", + recvmsg6_prog_load_raw, + recvmsg6_prog_destroy_raw, + BPF_CGROUP_UDP4_RECVMSG, + &user_ops, + AF_INET6, + SOCK_DGRAM, + SERV6_REWRITE_IP, + SERV6_REWRITE_PORT, + SERV6_REWRITE_IP, + SERV6_REWRITE_PORT, + SERV6_IP, + ATTACH_REJECT, + }, { SOCK_ADDR_TEST_RECVMSG, "recvmsg_unix: recvfrom (dgram)", @@ -1692,6 +1767,22 @@ static struct sock_addr_test tests[] = { SERVUN_ADDRESS, SUCCESS, }, + { + SOCK_ADDR_TEST_RECVMSG, + "recvmsg_unix: attach prog with wrong attach type", + recvmsg_unix_prog_load_raw, + recvmsg_unix_prog_destroy_raw, + BPF_CGROUP_UDP4_RECVMSG, + &user_ops, + AF_INET6, + SOCK_STREAM, + SERVUN_REWRITE_ADDRESS, + 0, + SERVUN_REWRITE_ADDRESS, + 0, + SERVUN_ADDRESS, + ATTACH_REJECT, + }, /* getsockname - system calls */ { @@ -1726,6 +1817,22 @@ static struct sock_addr_test tests[] = { NULL, SUCCESS, }, + { + SOCK_ADDR_TEST_GETSOCKNAME, + "getsockname4: attach prog with wrong attach type", + getsockname_v4_prog_load_raw, + getsockname_v4_prog_destroy_raw, + BPF_CGROUP_INET6_GETSOCKNAME, + &user_ops, + AF_INET, + SOCK_DGRAM, + SERV4_REWRITE_IP, + SERV4_REWRITE_PORT, + SERV4_IP, + SERV4_PORT, + NULL, + ATTACH_REJECT, + }, { SOCK_ADDR_TEST_GETSOCKNAME, "getsockname6: getsockname (stream)", @@ -1758,6 +1865,22 @@ static struct sock_addr_test tests[] = { NULL, SUCCESS, }, + { + SOCK_ADDR_TEST_GETSOCKNAME, + "getsockname6: attach prog with wrong attach type", + getsockname_v6_prog_load_raw, + getsockname_v6_prog_destroy_raw, + BPF_CGROUP_INET4_GETSOCKNAME, + &user_ops, + AF_INET6, + SOCK_DGRAM, + SERV6_REWRITE_IP, + SERV6_REWRITE_PORT, + SERV6_IP, + SERV6_PORT, + NULL, + ATTACH_REJECT, + }, { SOCK_ADDR_TEST_GETSOCKNAME, "getsockname_unix: getsockname", @@ -1774,6 +1897,22 @@ static struct sock_addr_test tests[] = { NULL, SUCCESS, }, + { + SOCK_ADDR_TEST_GETSOCKNAME, + "getsockname_unix: attach prog with wrong attach type", + getsockname_unix_prog_load_raw, + getsockname_unix_prog_destroy_raw, + BPF_CGROUP_INET4_GETSOCKNAME, + &user_ops, + AF_UNIX, + SOCK_STREAM, + SERVUN_ADDRESS, + 0, + SERVUN_REWRITE_ADDRESS, + 0, + NULL, + ATTACH_REJECT, + }, /* getsockname - kernel calls */ { @@ -1890,6 +2029,22 @@ static struct sock_addr_test tests[] = { NULL, SUCCESS, }, + { + SOCK_ADDR_TEST_GETPEERNAME, + "getpeername4: attach prog with wrong attach type", + getpeername_v4_prog_load_raw, + getpeername_v4_prog_destroy_raw, + BPF_CGROUP_INET6_GETSOCKNAME, + &user_ops, + AF_UNIX, + SOCK_DGRAM, + SERV4_REWRITE_IP, + SERV4_REWRITE_PORT, + SERV4_IP, + SERV4_PORT, + NULL, + ATTACH_REJECT, + }, { SOCK_ADDR_TEST_GETPEERNAME, "getpeername6: getpeername (stream)", @@ -1922,6 +2077,22 @@ static struct sock_addr_test tests[] = { NULL, SUCCESS, }, + { + SOCK_ADDR_TEST_GETPEERNAME, + "getpeername6: attach prog with wrong attach type", + getpeername_v6_prog_load_raw, + getpeername_v6_prog_destroy_raw, + BPF_CGROUP_INET4_GETSOCKNAME, + &user_ops, + AF_INET6, + SOCK_DGRAM, + SERV6_REWRITE_IP, + SERV6_REWRITE_PORT, + SERV6_IP, + SERV6_PORT, + NULL, + ATTACH_REJECT, + }, { SOCK_ADDR_TEST_GETPEERNAME, "getpeername_unix: getpeername", @@ -1938,6 +2109,22 @@ static struct sock_addr_test tests[] = { NULL, SUCCESS, }, + { + SOCK_ADDR_TEST_GETPEERNAME, + "getpeername_unix: attach prog with wrong attach type", + getpeername_unix_prog_load_raw, + getpeername_unix_prog_destroy_raw, + BPF_CGROUP_INET4_GETSOCKNAME, + &user_ops, + AF_UNIX, + SOCK_STREAM, + SERVUN_ADDRESS, + 0, + SERVUN_REWRITE_ADDRESS, + 0, + NULL, + ATTACH_REJECT, + }, /* getpeername - kernel calls */ {