On 10/09, Jakub Sitnicki wrote:
> Make sure a new flow dissector program can be attached to replace the old
> one with a single syscall. Also check that attaching the same program twice
> is prohibited.
Overall the series looks good, left a bunch of nits/questions below.
> Signed-off-by: Jakub Sitnicki <ja...@cloudflare.com>
> ---
> .../bpf/prog_tests/flow_dissector_reattach.c | 93 +++++++++++++++++++
> 1 file changed, 93 insertions(+)
> create mode 100644
> tools/testing/selftests/bpf/prog_tests/flow_dissector_reattach.c
>
> diff --git a/tools/testing/selftests/bpf/prog_tests/flow_dissector_reattach.c
> b/tools/testing/selftests/bpf/prog_tests/flow_dissector_reattach.c
> new file mode 100644
> index 000000000000..0f0006c93956
> --- /dev/null
> +++ b/tools/testing/selftests/bpf/prog_tests/flow_dissector_reattach.c
> @@ -0,0 +1,93 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * Test that the flow_dissector program can be updated with a single
> + * syscall by attaching a new program that replaces the existing one.
> + *
> + * Corner case - the same program cannot be attached twice.
> + */
> +#include <errno.h>
> +#include <fcntl.h>
> +#include <stdbool.h>
> +#include <unistd.h>
> +
> +#include <linux/bpf.h>
> +#include <bpf/bpf.h>
> +
> +#include "test_progs.h"
> +
[..]
> +/* Not used here. For CHECK macro sake only. */
> +static int duration;
nit: you can use CHECK_FAIL macro instead which doesn't require this.
if (CHECK_FAIL(expr)) {
printf("something bad has happened\n");
return/goto;
}
It may be more verbose than doing CHECK() with its embedded error
message, so I leave it up to you to decide on whether you want to switch
to CHECK_FAIL or stick to CHECK.
> +static bool is_attached(void)
> +{
> + bool attached = true;
> + int err, net_fd = -1;
nit: maybe don't need to initialize net_fd to -1 here as well.
> + __u32 cnt;
> +
> + net_fd = open("/proc/self/ns/net", O_RDONLY);
> + if (net_fd < 0)
> + goto out;
> +
> + err = bpf_prog_query(net_fd, BPF_FLOW_DISSECTOR, 0, NULL, NULL, &cnt);
> + if (CHECK(err, "bpf_prog_query", "ret %d errno %d\n", err, errno))
> + goto out;
> +
> + attached = (cnt > 0);
> +out:
> + close(net_fd);
> + return attached;
> +}
> +
> +static int load_prog(void)
> +{
> + struct bpf_insn prog[] = {
> + BPF_MOV64_IMM(BPF_REG_0, BPF_OK),
> + BPF_EXIT_INSN(),
> + };
> + int fd;
> +
> + fd = bpf_load_program(BPF_PROG_TYPE_FLOW_DISSECTOR, prog,
> + ARRAY_SIZE(prog), "GPL", 0, NULL, 0);
> + CHECK(fd < 0, "bpf_load_program", "ret %d errno %d\n", fd, errno);
> +
> + return fd;
> +}
> +
> +void test_flow_dissector_reattach(void)
> +{
> + int prog_fd[2] = { -1, -1 };
> + int err;
> +
> + if (is_attached())
> + return;
Should we call test__skip() here to indicate that the test has been
skipped?
Also, do we need to run this test against non-root namespace as well?
> + prog_fd[0] = load_prog();
> + if (prog_fd[0] < 0)
> + return;
> +
> + prog_fd[1] = load_prog();
> + if (prog_fd[1] < 0)
> + goto out_close;
> +
> + err = bpf_prog_attach(prog_fd[0], 0, BPF_FLOW_DISSECTOR, 0);
> + if (CHECK(err, "bpf_prog_attach-0", "ret %d errno %d\n", err, errno))
> + goto out_close;
> +
> + /* Expect success when attaching a different program */
> + err = bpf_prog_attach(prog_fd[1], 0, BPF_FLOW_DISSECTOR, 0);
> + if (CHECK(err, "bpf_prog_attach-1", "ret %d errno %d\n", err, errno))
> + goto out_detach;
> +
> + /* Expect failure when attaching the same program twice */
> + err = bpf_prog_attach(prog_fd[1], 0, BPF_FLOW_DISSECTOR, 0);
> + CHECK(!err || errno != EINVAL, "bpf_prog_attach-2",
> + "ret %d errno %d\n", err, errno);
> +
> +out_detach:
> + err = bpf_prog_detach(0, BPF_FLOW_DISSECTOR);
> + CHECK(err, "bpf_prog_detach", "ret %d errno %d\n", err, errno);
> +
> +out_close:
> + close(prog_fd[1]);
> + close(prog_fd[0]);
> +}
> --
> 2.20.1
>
