On Fri, 26 Mar 2021 at 16:05, Lorenz Bauer wrote:
>
> Invoking BPF_OBJ_GET on a pinned bpf_link checks the path access
> permissions based on file_flags, but the returned fd ignores flags.
> This means that any user can acquire a "read-write" fd for a pinned
> link w
ctory
make: *** [Makefile:451:
/home/lorenz/dev/kbuild/vm//no_alu32/bpf_dctcp.skel.h] Error 255
make: *** Deleting file '/home/lorenz/dev/kbuild/vm//no_alu32/bpf_dctcp.skel.h'
--
Lorenz Bauer | Systems Engineer
6th Floor, County Hall/The Riverside Building, SE1 7PB, UK
www.cloudflare.com
_FTRACE and also try 'y' if it
> is not set?
I hit the same problem on newer pahole:
$ pahole --version
v1.20
CONFIG_DYNAMIC_FTRACE=y resolves the issue.
--
Lorenz Bauer | Systems Engineer
6th Floor, County Hall/The Riverside Building, SE1 7PB, UK
www.cloudflare.com
On Fri, 26 Mar 2021 at 20:14, Song Liu wrote:
>
> On Fri, Mar 26, 2021 at 9:07 AM Lorenz Bauer wrote:
> >
> > As for bpf_link, refuse creating a non-O_RDWR fd. Since program fds
> > currently don't allow modifications this is a precaution, not a
> > straigh
As for bpf_link, refuse creating a non-O_RDWR fd. Since program fds
currently don't allow modifications this is a precaution, not a
straight up bug fix.
Signed-off-by: Lorenz Bauer
---
kernel/bpf/inode.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/bpf/inod
ce pinnable bpf_link abstraction")
Signed-off-by: Lorenz Bauer
---
kernel/bpf/inode.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/bpf/inode.c b/kernel/bpf/inode.c
index 1576ff331ee4..dc56237d6960 100644
--- a/kernel/bpf/inode.c
+++ b/kernel/bpf/inode.c
@@ -547,7 +547,
ce, but
the code in question doesn't support that particular flag. EINVAL
seemed more appropriate. Happy to change it if you prefer.
>And check f_flags, not flags:
>
> if (f_flags != O_RDWR)
> ret = -EACCESS;
> else
> ret = bpf_link_new_fd(raw);
I'll res
links, so this
change is unlikely to break users.
Fixes: 70ed506c3bbc ("bpf: Introduce pinnable bpf_link abstraction")
Signed-off-by: Lorenz Bauer
---
kernel/bpf/inode.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/bpf/inode.c b/kernel/bpf/inode.c
index 1
t; After 3d368ab87cf6681f9 ("net: initialize net->net_cookie at netns setup")
> net->net_cookie is directly available.
The patch set is at
https://lore.kernel.org/bpf/20210219154330.93615-1-...@cloudflare.com/
but I decided to abandon it. I can work around my issue by comparing
the n
as it is, unless you see any other benefits.
I think the end result is code that is easier to understand and
therefore maintain. Keep it as it is if you prefer.
> BTW, I will rename it to 'psock_update_sk_prot', please let me know
> if you have any better names.
SGTM.
--
Lorenz
On Tue, 2 Mar 2021 at 18:05, Cong Wang wrote:
>
> On Tue, Mar 2, 2021 at 8:32 AM Lorenz Bauer wrote:
> >
> > On Tue, 2 Mar 2021 at 02:38, Cong Wang wrote:
> > >
> > > From: Cong Wang
> > >
> > > Add a test case to ensure redirection b
Convert the selftests for sk_lookup narrow context access to use
PROG_TEST_RUN instead of creating actual sockets. This ensures that
ctx is populated correctly when using PROG_TEST_RUN.
Assert concrete values since we now control remote_ip and remote_port.
Signed-off-by: Lorenz Bauer
ocket pointer.
We don't support testing programs that select a reuseport socket,
since this would mean running another (unrelated) BPF program
from the sk_lookup test handler.
Signed-off-by: Lorenz Bauer
---
include/linux/bpf.h| 10
include/uapi/linux/bpf.h | 5 +
_sk_lookup
- Drop running multiple programs
Lorenz Bauer (5):
bpf: consolidate shared test timing code
bpf: add PROG_TEST_RUN support for sk_lookup programs
selftests: bpf: convert sk_lookup ctx access tests to PROG_TEST_RUN
selftests: bpf: check that PROG_TEST_RUN repeats as requested
Extend a simple prog_run test to check that PROG_TEST_RUN adheres
to the requested repetitions. Convert it to use BPF skeleton.
Signed-off-by: Lorenz Bauer
---
.../selftests/bpf/prog_tests/prog_run_xattr.c | 51 +++
1 file changed, 42 insertions(+), 9 deletions(-)
diff --git a
aborting with
EINTR we return the successful result to user space.
Signed-off-by: Lorenz Bauer
---
net/bpf/test_run.c | 141 +
1 file changed, 78 insertions(+), 63 deletions(-)
diff --git a/net/bpf/test_run.c b/net/bpf/test_run.c
index 58bcb8c849d5
have dedicated ctx access tests so skipping here
doesn't reduce coverage.
Signed-off-by: Lorenz Bauer
---
tools/testing/selftests/bpf/test_verifier.c | 4 ++--
tools/testing/selftests/bpf/verifier/ctx_sk_lookup.c | 1 +
2 files changed, 3 insertions(+), 2 deletions(-)
diff -
oto(sk, psock, prot);
> > > - return 0;
> > > + psock->saved_update_proto = sk->sk_prot->update_proto;
> > > + return sk->sk_prot->update_proto(sk, false);
> >
> > I think reads / writes from sk_prot need READ_ONCE / WRITE_ONCE. We've
> > not been diligent about this so far, but I think it makes sense to be
> > careful in new code.
>
> Hmm, there are many places not using READ_ONCE/WRITE_ONCE,
> for a quick example:
I know! I'll defer to John and Jakub.
--
Lorenz Bauer | Systems Engineer
6th Floor, County Hall/The Riverside Building, SE1 7PB, UK
www.cloudflare.com
> -
> - if (IS_ERR(prot))
> - return PTR_ERR(prot);
> -
> - sk_psock_update_proto(sk, psock, prot);
> - return 0;
> + psock->saved_update_proto = sk->sk_prot->update_proto;
> + return sk->sk_prot->update_proto(sk, false);
I think reads / writes from sk_prot need READ_ONCE / WRITE_ONCE. We've
not been diligent about this so far, but I think it makes sense to be
careful in new code.
--
Lorenz Bauer | Systems Engineer
6th Floor, County Hall/The Riverside Building, SE1 7PB, UK
www.cloudflare.com
)? Seems like we don't
hook sk_prot->disconnect anywhere.
--
Lorenz Bauer | Systems Engineer
6th Floor, County Hall/The Riverside Building, SE1 7PB, UK
www.cloudflare.com
d;
> }
> +EXPORT_SYMBOL(udp_read_sock);
Should this be in the previous commit?
--
Lorenz Bauer | Systems Engineer
6th Floor, County Hall/The Riverside Building, SE1 7PB, UK
www.cloudflare.com
amespace of the network
> namespace?
>
> Christian
Hi Christian,
I've decided to drop the patch set for now, but that was my intention, yes. Is
there a downside I'm not aware of?
Lorenz
--
Lorenz Bauer | Systems Engineer
6th Floor, County Hall/The Riverside Building, SE1 7PB, UK
www.cloudflare.com
On Mon, 1 Mar 2021 at 18:48, Cong Wang wrote:
>
> From: Cong Wang
>
> This should fix the following warning:
>
> include/linux/skbuff.h:932: warning: Function parameter or member
> '_sk_redir' not described in 'sk_buff'
Thanks!
Acked-by: Lorenz Bauer
gt; include/linux/skbuff.h:932: warning: Function parameter or member '_sk_redir'
> not described in 'sk_buff'
Per-file breakdown
Source:
https://patchwork.kernel.org/project/netdevbpf/patch/20210223184934.6054-5-xiyou.wangc...@gmail.com/
Maybe something to follow up on, I'
Extend a simple prog_run test to check that PROG_TEST_RUN adheres
to the requested repetitions. Convert it to use BPF skeleton.
Signed-off-by: Lorenz Bauer
---
.../selftests/bpf/prog_tests/prog_run_xattr.c | 51 +++
1 file changed, 42 insertions(+), 9 deletions(-)
diff --git a
have dedicated ctx access tests so skipping here
doesn't reduce coverage.
Signed-off-by: Lorenz Bauer
---
tools/testing/selftests/bpf/test_verifier.c | 4 ++--
tools/testing/selftests/bpf/verifier/ctx_sk_lookup.c | 1 +
2 files changed, 3 insertions(+), 2 deletions(-)
diff -
Convert the selftests for sk_lookup narrow context access to use
PROG_TEST_RUN instead of creating actual sockets. This ensures that
ctx is populated correctly when using PROG_TEST_RUN.
Assert concrete values since we now control remote_ip and remote_port.
Signed-off-by: Lorenz Bauer
ocket pointer.
We don't support testing programs that select a reuseport socket,
since this would mean running another (unrelated) BPF program
from the sk_lookup test handler.
Signed-off-by: Lorenz Bauer
---
include/linux/bpf.h| 10
include/uapi/linux/bpf.h | 5 +
the v1 I've dropped support for testing multiple
programs at once.
Changes since v2:
- Fix test_verifier failure (Alexei)
Changes since v1:
- Add sparse annotations to the t_* functions
- Add appropriate type casts in bpf_prog_test_run_sk_lookup
- Drop running multiple programs
Lorenz Baue
aborting with
EINTR we return the successful result to user space.
Signed-off-by: Lorenz Bauer
---
net/bpf/test_run.c | 141 +
1 file changed, 78 insertions(+), 63 deletions(-)
diff --git a/net/bpf/test_run.c b/net/bpf/test_run.c
index 58bcb8c849d5
Extend a simple prog_run test to check that PROG_TEST_RUN adheres
to the requested repetitions. Convert it to use BPF skeleton.
Signed-off-by: Lorenz Bauer
---
.../selftests/bpf/prog_tests/prog_run_xattr.c | 51 +++
1 file changed, 42 insertions(+), 9 deletions(-)
diff --git a
Convert the selftests for sk_lookup narrow context access to use
PROG_TEST_RUN instead of creating actual sockets. This ensures that
ctx is populated correctly when using PROG_TEST_RUN.
Assert concrete values since we now control remote_ip and remote_port.
Signed-off-by: Lorenz Bauer
ocket pointer.
We don't support testing programs that select a reuseport socket,
since this would mean running another (unrelated) BPF program
from the sk_lookup test handler.
Signed-off-by: Lorenz Bauer
---
include/linux/bpf.h| 10
include/uapi/linux/bpf.h | 5 +
the v1 I've dropped support for testing multiple
programs at once.
Changes since v1:
- Add sparse annotations to the t_* functions
- Add appropriate type casts in bpf_prog_test_run_sk_lookup
- Drop running multiple programs
Lorenz Bauer (5):
bpf: consolidate shared test timing code
bpf: add
aborting with
EINTR we return the successful result to user space.
Signed-off-by: Lorenz Bauer
---
net/bpf/test_run.c | 141 +
1 file changed, 78 insertions(+), 63 deletions(-)
diff --git a/net/bpf/test_run.c b/net/bpf/test_run.c
index 58bcb8c849d5
. Doesn't seem like a big deal (and highly unlikely anyways).
Ok, thanks! I'm not super familiar with C platform differences, so I wanted
to be on the safe side. I'll take this up depending on the outcome of the
conversation with Alexey, maybe I don't need to add this after al
ams.
I'm happy to drop the multiple programs bit, like I mentioned I did it
for completeness sake.
I care about being able to test or benchmark a single sk_lookup program.
Lorenz
--
Lorenz Bauer | Systems Engineer
6th Floor, County Hall/The Riverside Building, SE1 7PB, UK
www.cloudflare.com
Make sure that SO_NETNS_COOKIE returns a non-zero value, and
that sockets from different namespaces have a distinct cookie
value.
Signed-off-by: Lorenz Bauer
---
tools/testing/selftests/net/.gitignore| 1 +
tools/testing/selftests/net/Makefile | 2 +-
tools/testing/selftests
;s netns cookie simplification
Lorenz Bauer (4):
net: add SO_NETNS_COOKIE socket option
nsfs: add an ioctl to discover the network namespace cookie
tools/testing: add test for NS_GET_COOKIE
tools/testing: add a selftest for SO_NETNS_COOKIE
arch/alpha/include/uapi/asm/socket.h | 2 +
arch/mi
Check that NS_GET_COOKIE returns a non-zero value, and that distinct
network namespaces have different cookies.
Signed-off-by: Lorenz Bauer
---
tools/testing/selftests/nsfs/.gitignore | 1 +
tools/testing/selftests/nsfs/Makefile | 2 +-
tools/testing/selftests/nsfs/config | 1 +
tools
Network namespaces have a globally unique non-zero identifier aka a
cookie, in line with socket cookies. Add an ioctl to retrieve the
cookie from user space without going via BPF.
Signed-off-by: Lorenz Bauer
---
fs/nsfs.c | 7 +++
include/uapi/linux/nsfs.h | 2 ++
2 files
abled, SO_NETNS_COOKIE returns the cookie of init_net.
Signed-off-by: Lorenz Bauer
---
arch/alpha/include/uapi/asm/socket.h | 2 ++
arch/mips/include/uapi/asm/socket.h | 2 ++
arch/parisc/include/uapi/asm/socket.h | 2 ++
arch/sparc/include/uapi/asm/socket.h | 2 ++
include/uapi/asm-generic/soc
sock_net(sk)->net_cookie;
I looked at sock_net and didn't understand how it avoids a compile error
so I didn't use it, thanks for pointing this out.
--
Lorenz Bauer | Systems Engineer
6th Floor, County Hall/The Riverside Building, SE1 7PB, UK
www.cloudflare.com
Make sure that SO_NETNS_COOKIE returns a non-zero value, and
that sockets from different namespaces have a distinct cookie
value.
Signed-off-by: Lorenz Bauer
---
tools/testing/selftests/net/.gitignore| 1 +
tools/testing/selftests/net/Makefile | 2 +-
tools/testing/selftests
Check that NS_GET_COOKIE returns a non-zero value, and that distinct
network namespaces have different cookies.
Signed-off-by: Lorenz Bauer
---
tools/testing/selftests/nsfs/.gitignore | 1 +
tools/testing/selftests/nsfs/Makefile | 2 +-
tools/testing/selftests/nsfs/config | 1 +
tools
es in v2:
- Rebase on top of Eric Dumazet's netns cookie simplification
Lorenz Bauer (4):
net: add SO_NETNS_COOKIE socket option
nsfs: add an ioctl to discover the network namespace cookie
tools/testing: add test for NS_GET_COOKIE
tools/testing: add a selftest for SO_NETNS_COOKIE
Network namespaces have a globally unique non-zero identifier aka a
cookie, in line with socket cookies. Add an ioctl to retrieve the
cookie from user space without going via BPF.
Signed-off-by: Lorenz Bauer
---
fs/nsfs.c | 8
include/uapi/linux/nsfs.h | 2 ++
2 files
abled, SO_NETNS_COOKIE returns the cookie of init_net.
Signed-off-by: Lorenz Bauer
---
arch/alpha/include/uapi/asm/socket.h | 2 ++
arch/mips/include/uapi/asm/socket.h | 2 ++
arch/parisc/include/uapi/asm/socket.h | 2 ++
arch/sparc/include/uapi/asm/socket.h | 2 ++
include/uapi/asm-generic/soc
Make the tests for multi program sk_lookup semantics use bpf_prog_run_array.
This simplifies the test a bit and adds coverage to the new libbpf function.
Signed-off-by: Lorenz Bauer
---
.../selftests/bpf/prog_tests/sk_lookup.c | 100 --
1 file changed, 65 insertions(+), 35
Extend a simple prog_run test to check that PROG_TEST_RUN adheres
to the requested repetitions. Convert it to use BPF skeleton.
Signed-off-by: Lorenz Bauer
---
.../selftests/bpf/prog_tests/prog_run_xattr.c | 51 +++
1 file changed, 42 insertions(+), 9 deletions(-)
diff --git a
Convert the selftests for sk_lookup narrow context access to use
PROG_TEST_RUN instead of creating actual sockets. This ensures that
ctx is populated correctly when using PROG_TEST_RUN.
Assert concrete values since we now control remote_ip and remote_port.
Signed-off-by: Lorenz Bauer
Add a wrapper bpf_prog_test_run_array that allows testing
multiple programs for supported program types.
Signed-off-by: Lorenz Bauer
---
tools/lib/bpf/bpf.c | 16 +++-
tools/lib/bpf/bpf.h | 3 +++
tools/lib/bpf/libbpf.map | 1 +
3 files changed, 19 insertions(+), 1
f the socket pointer.
We don't support testing programs that select a reuseport socket,
since this would mean running another (unrelated) BPF program
from the sk_lookup test handler.
Signed-off-by: Lorenz Bauer
---
include/linux/bpf.h| 10
include/uapi/linux/bpf.h |
Add a helper to iterate bpf_prog_arrays, which are a hybrid between
and array and a linked list. Hide this behind a for each macro.
Signed-off-by: Lorenz Bauer
---
include/linux/bpf.h| 11 +--
include/linux/filter.h | 4 +---
2 files changed, 6 insertions(+), 9 deletions(-)
diff
to current behaviour. Program types that allow multiple
programs have to provide a new test_run_array callback.
Signed-off-by: Lorenz Bauer
---
include/linux/bpf-netns.h | 2 +
include/linux/bpf.h| 3 ++
include/uapi/linux/bpf.h | 6 ++-
kernel/bpf/net_namespace.c
e better
to take int *prog_fds, but I think then the function would have to
convert the array to account for platforms where
sizeof(int) != sizeof(__u32)
Please let me know what your preference is.
Lorenz Bauer (8):
bpf: consolidate shared test timing code
bpf: add for_each_bpf_pro
aborting with
EINTR we return the successful result to user space.
Signed-off-by: Lorenz Bauer
---
net/bpf/test_run.c | 137 +
1 file changed, 76 insertions(+), 61 deletions(-)
diff --git a/net/bpf/test_run.c b/net/bpf/test_run.c
index 58bcb8c849d5
playing with skb cb, which is harder to make
> > correct.
> >
> > Cc: John Fastabend
> > Cc: Daniel Borkmann
> > Cc: Jakub Sitnicki
> > Reviewed-by: Lorenz Bauer
> > Signed-off-by: Cong Wang
> > ---
>
> I'm not seeing the advantage of
epend on CONFIG_BPF_SYSCALL.
> And leave CONFIG_NET_SOCK_MSG untouched, as it is used by
> non-sockmap cases.
For the series:
Reviewed-by: Lorenz Bauer
Jakub, John: can you please take another look at the assembly in patch 3?
--
Lorenz Bauer | Systems Engineer
6th Floor, County Hall/Th
general use later.
Reviewed-by: Lorenz Bauer
--
Lorenz Bauer | Systems Engineer
6th Floor, County Hall/The Riverside Building, SE1 7PB, UK
www.cloudflare.com
correct.
Reviewed-by: Lorenz Bauer
--
Lorenz Bauer | Systems Engineer
6th Floor, County Hall/The Riverside Building, SE1 7PB, UK
www.cloudflare.com
d.
Looks nice, can you use sk_psock_strp_enabled() more? There are a
couple places in sock_map.c which test psock->saved_data_ready
directly.
--
Lorenz Bauer | Systems Engineer
6th Floor, County Hall/The Riverside Building, SE1 7PB, UK
www.cloudflare.com
d of ->data_end. This is similar to skb_shinfo(skb) computation
> in bpf_convert_shinfo_access().
>
> Suggested-by: Jakub Sitnicki
> Cc: John Fastabend
> Cc: Daniel Borkmann
> Cc: Lorenz Bauer
> Signed-off-by: Cong Wang
...
> @@ -9520,6 +9510,29 @@ static u32 sock_
On Wed, 10 Feb 2021 at 14:41, Eric Dumazet wrote:
>
> From: Eric Dumazet
>
> It is simpler to make net->net_cookie a plain u64
> written once in setup_net() instead of looping
> and using atomic64 helpers.
>
> Lorenz Bauer wants to add SO_NETNS_COOKIE socket option
&
Make sure that SO_NETNS_COOKIE returns a non-zero value, and
that sockets from different namespaces have a distinct cookie
value.
Signed-off-by: Lorenz Bauer
---
tools/testing/selftests/net/.gitignore| 1 +
tools/testing/selftests/net/Makefile | 2 +-
tools/testing/selftests
Cc: linux-ker...@vger.kernel.org
Cc: linux-kselft...@vger.kernel.org
Cc: linux-m...@vger.kernel.org
Cc: linux-par...@vger.kernel.org
Cc: netdev@vger.kernel.org
Cc: sparcli...@vger.kernel.org
Lorenz Bauer (4):
net: add SO_NETNS_COOKIE socket option
nsfs: add an ioctl to discover the network namespa
Check that NS_GET_COOKIE returns a non-zero value, and that distinct
network namespaces have different cookies.
Signed-off-by: Lorenz Bauer
---
tools/testing/selftests/nsfs/.gitignore | 1 +
tools/testing/selftests/nsfs/Makefile | 2 +-
tools/testing/selftests/nsfs/netns.c| 57
Network namespaces have a globally unique non-zero identifier aka a
cookie, in line with socket cookies. Add an ioctl to retrieve the
cookie from user space without going via BPF.
Cc: linux-...@vger.kernel.org
Signed-off-by: Lorenz Bauer
---
fs/nsfs.c | 9 +
include
abled, SO_NETNS_COOKIE returns the cookie of init_net.
The BPF helpers change slightly: instead of returning 0 when network
namespaces are disabled we return the init_net cookie as for the
socket option.
Cc: linux-...@vger.kernel.org
Signed-off-by: Lorenz Bauer
---
arch/alpha/include/uapi/asm/socket.h
ll be fine.
So sockmap would not be hidden behind a CONFIG anymore? That
would be great.
--
Lorenz Bauer | Systems Engineer
6th Floor, County Hall/The Riverside Building, SE1 7PB, UK
www.cloudflare.com
On Wed, 3 Feb 2021 at 04:17, Cong Wang wrote:
>
> From: Cong Wang
>
> Cc: John Fastabend
> Cc: Daniel Borkmann
> Cc: Jakub Sitnicki
> Cc: Lorenz Bauer
> Signed-off-by: Cong Wang
> ---
> include/net/udp.h | 2 ++
> net/ipv4/af_inet.c
p_area_alloc although
that might conflict with Fixes tag.
Lorenz
--
Lorenz Bauer | Systems Engineer
6th Floor, County Hall/The Riverside Building, SE1 7PB, UK
www.cloudflare.com
gs to
BPF_PROG_ATTACH")
Reported-by: Jiri Benc
Signed-off-by: Lorenz Bauer
---
tools/bpf/bpftool/prog.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/bpf/bpftool/prog.c b/tools/bpf/bpftool/prog.c
index d942c1e3372c..acdb2c245f0a 100644
--- a/tools/bpf/bpftool/prog.c
+++ b
needed for
> + * implemeting PMTU handing:
> + *
> + * * **BPF_MTU_CHK_RET_FRAG_NEEDED**
> + * * **BPF_MTU_CHK_RET_GSO_TOOBIG**
> + *
--
Lorenz Bauer | Systems Engineer
6th Floor, County Hall/The Riverside Building, SE1 7PB, UK
www.cloudflare.com
I used
what is easier to type out.
Fixes: 0365351524d7 ("net: Allow iterating sockmap and sockhash")
Reported-by: kernel test robot
Signed-off-by: Lorenz Bauer
---
net/core/sock_map.c | 8
1 file changed, 8 insertions(+)
diff --git a/net/core/sock_map.c b/net/core/sock_map
tps://godbolt.org/z/77P6P9
Seems like red hat GCC has some special sauce that fixes this behaviour?
--
Lorenz Bauer | Systems Engineer
6th Floor, County Hall/The Riverside Building, SE1 7PB, UK
www.cloudflare.com
ught the key arg should be used as read-only in the map's helper.
> or there is map type's helper that modifies the key?
I don't know, that's what I meant by more difficult. If map keys are
always read-only like you say this would be straight forward to do
(famous last w
l warning.c
jkbs@toad ~/tmp $
Maybe this is https://gcc.gnu.org/bugzilla/show_bug.cgi?id=18501 ? The
problem is still there on gcc 10. Compiling test_progs with clang does
issue a warning FWIW, but it seems like other things break when doing
that.
--
Lorenz Bauer | Systems Eng
Since we can now call map_update_elem(sockmap) from bpf_iter context
it's possible to copy a sockmap or sockhash in the kernel. Add a
selftest which exercises this.
Signed-off-by: Lorenz Bauer
---
.../selftests/bpf/prog_tests/sockmap_basic.c | 14 +-
.../selftests/bpf/
thanks to the ground work from Martin,
whose series [1] this patch is based on. I updated the tests to do some
copying, and also included two cleanups.
1: https://lore.kernel.org/bpf/20200925000337.3853598-1-ka...@fb.com/
Lorenz Bauer (4):
bpf: sockmap: enable map_update_elem from bpf_iter
We compare socket cookies to ensure that insertion into a sockmap worked.
Pull this out into a helper function for use in other tests.
Signed-off-by: Lorenz Bauer
---
.../selftests/bpf/prog_tests/sockmap_basic.c | 50 +--
1 file changed, 36 insertions(+), 14 deletions(-)
diff
sk_fullsock. Doing this allows calling
map_update_elem on sockmap from bpf_iter context, which uses
BTF pointers.
Signed-off-by: Lorenz Bauer
Acked-by: Martin KaFai Lau
---
kernel/bpf/verifier.c | 2 +-
net/core/sock_map.c | 3 +++
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/kernel
The shared header to define SOCKMAP_MAX_ENTRIES is a bit overkill.
Dynamically allocate the sock_fd array based on bpf_map__max_entries
instead.
Suggested-by: Yonghong Song
Signed-off-by: Lorenz Bauer
Acked-by: Yonghong Song
---
.../selftests/bpf/prog_tests/sockmap_basic.c | 36
rnatively, allow specialising map_ops per context.
--
Lorenz Bauer | Systems Engineer
6th Floor, County Hall/The Riverside Building, SE1 7PB, UK
www.cloudflare.com
We compare socket cookies to ensure that insertion into a sockmap worked.
Pull this out into a helper function for use in other tests.
Signed-off-by: Lorenz Bauer
---
.../selftests/bpf/prog_tests/sockmap_basic.c | 50 +--
1 file changed, 36 insertions(+), 14 deletions(-)
diff
Since we can now call map_update_elem(sockmap) from bpf_iter context
it's possible to copy a sockmap or sockhash in the kernel. Add a
selftest which exercises this.
Signed-off-by: Lorenz Bauer
---
.../selftests/bpf/prog_tests/sockmap_basic.c | 14 +-
.../selftests/bpf/
sk_fullsock. Doing this allows calling
map_update_elem on sockmap from bpf_iter context, which uses
BTF pointers.
Signed-off-by: Lorenz Bauer
---
kernel/bpf/verifier.c | 2 +-
net/core/sock_map.c | 3 +++
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf
The shared header to define SOCKMAP_MAX_ENTRIES is a bit overkill.
Dynamically allocate the sock_fd array based on bpf_map__max_entries
instead.
Suggested-by: Yonghong Song
Signed-off-by: Lorenz Bauer
Acked-by: Yonghong Song
---
.../selftests/bpf/prog_tests/sockmap_basic.c | 36
.3853598-1-ka...@fb.com/
Lorenz Bauer (4):
bpf: sockmap: enable map_update_elem from bpf_iter
selftests: bpf: Add helper to compare socket cookies
selftests: bpf: remove shared header from sockmap iter test
selftest: bpf: Test copying a sockmap and sockhash
kernel/bpf/
uitable().
> sk_type is not in sock_common.
Oh my, thanks!
--
Lorenz Bauer | Systems Engineer
6th Floor, County Hall/The Riverside Building, SE1 7PB, UK
www.cloudflare.com
On Fri, 25 Sep 2020 at 14:18, Martin KaFai Lau wrote:
>
> On Fri, Sep 25, 2020 at 09:26:36AM +0100, Lorenz Bauer wrote:
> > On Fri, 25 Sep 2020 at 01:04, Martin KaFai Lau wrote:
> > >
> > > There is a constant need to add more fields into the bpf_tcp_sock
> >
We compare socket cookies to ensure that insertion into a sockmap worked.
Pull this out into a helper function for use in other tests.
Signed-off-by: Lorenz Bauer
---
.../selftests/bpf/prog_tests/sockmap_basic.c | 50 +--
1 file changed, 36 insertions(+), 14 deletions(-)
diff
Since we can now call map_update_elem(sockmap) from bpf_iter context
it's possible to copy a sockmap or sockhash in the kernel. Add a
selftest which exercises this.
Signed-off-by: Lorenz Bauer
---
.../selftests/bpf/prog_tests/sockmap_basic.c | 14 +-
.../selftests/bpf/
The shared header to define SOCKMAP_MAX_ENTRIES is a bit overkill.
Dynamically allocate the sock_fd array based on bpf_map__max_entries
instead.
Suggested-by: Yonghong Song
Signed-off-by: Lorenz Bauer
Acked-by: Yonghong Song
---
.../selftests/bpf/prog_tests/sockmap_basic.c | 36
included two cleanups.
I'm sending this out now rather than when Martin's series has landed
because I hope this can get in before the merge window (potentially)
closes this weekend.
1: https://lore.kernel.org/bpf/20200925000337.3853598-1-ka...@fb.com/
Lorenz Bauer (4):
bpf: sockm
uses BTF pointers.
Signed-off-by: Lorenz Bauer
---
kernel/bpf/verifier.c | 2 +-
net/core/sock_map.c | 3 +++
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index d4ba29fb17a6..5bd0239da8b6 100644
--- a/kernel/bpf/verifier.c
+++ b
ref_tracking verifier test for bpf_skc casting
> bpf: selftest: Move sock_fields test into test_progs
> bpf: selftest: Adapt sock_fields test to use skel and global variables
> bpf: selftest: Use network_helpers in the sock_fields test
> bpf: selftest: Use bpf_skc_to_tcp_sock() i
w type that we
> can ensure is non-null for branch analysis and also passing into
> helpers.
Yeah, I was going back and forth with Martin on this as well. I think
we need better descriptions for possibly-NULL-at-runtime for the
purpose of helper call invariants, and possibly-NULL-at-verificat
On Fri, 25 Sep 2020 at 01:04, Martin KaFai Lau wrote:
>
> The patch tests for:
> 1. bpf_sk_release() can be called on a tcp_sock btf_id ptr.
>
> 2. Ensure the tcp_sock btf_id pointer cannot be used
>after bpf_sk_release().
>
> Signed-off-by: Martin KaFai Lau
0,7 +,37 @@ const struct bpf_func_proto
> bpf_skc_to_udp6_sock_proto = {
> .func = bpf_skc_to_udp6_sock,
> .gpl_only = false,
> .ret_type = RET_PTR_TO_BTF_ID_OR_NULL,
> - .arg1_type = ARG_PTR_TO_BTF_ID,
&g
1 - 100 of 311 matches
Mail list logo
