From patchwork Tue Jul 14 20:12:42 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dmitry Yakunin X-Patchwork-Id: 1329088 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=23.128.96.18; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=yandex-team.ru Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=yandex-team.ru header.i=@yandex-team.ru header.a=rsa-sha256 header.s=default header.b=IeArH+FO; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by ozlabs.org (Postfix) with ESMTP id 4B5sC64mt8z9sSn for ; Wed, 15 Jul 2020 06:13:06 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729017AbgGNUNB (ORCPT ); Tue, 14 Jul 2020 16:13:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51950 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728270AbgGNUNA (ORCPT ); Tue, 14 Jul 2020 16:13:00 -0400 Received: from forwardcorp1p.mail.yandex.net (forwardcorp1p.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b6:217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 022E9C061755; Tue, 14 Jul 2020 13:13:00 -0700 (PDT) Received: from iva8-d077482f1536.qloud-c.yandex.net (iva8-d077482f1536.qloud-c.yandex.net [IPv6:2a02:6b8:c0c:2f26:0:640:d077:482f]) by forwardcorp1p.mail.yandex.net (Yandex) with ESMTP id A506D2E15F3; Tue, 14 Jul 2020 23:12:57 +0300 (MSK) Received: from iva8-88b7aa9dc799.qloud-c.yandex.net (iva8-88b7aa9dc799.qloud-c.yandex.net [2a02:6b8:c0c:77a0:0:640:88b7:aa9d]) by iva8-d077482f1536.qloud-c.yandex.net (mxbackcorp/Yandex) with ESMTP id dyvrGtcYRL-Cusa6gBr; Tue, 14 Jul 2020 23:12:57 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex-team.ru; s=default; t=1594757577; bh=cywGoq2TmkojrQZol7y+3L633j2AT6oJYK8jB49KVOs=; h=In-Reply-To:Message-Id:References:Date:Subject:To:From:Cc; b=IeArH+FO4T3o5BfV+0L3WzKFyYG8mb7HBmtSVrhhZQNQb6qhA5sREmqlZiyo0I0TA WNJxyoQ9d1YEOC+th9IrSCD2hC+10TGNoXE+o5t4dOHUyxT1G590vU3d+vRRpPGH/d 8THVSbm/7xuSRgNKvsT+TvCF2arn7ctJlDR7z2zc= Authentication-Results: iva8-d077482f1536.qloud-c.yandex.net; dkim=pass header.i=@yandex-team.ru Received: from 37.9.72.161-iva.dhcp.yndx.net (37.9.72.161-iva.dhcp.yndx.net [37.9.72.161]) by iva8-88b7aa9dc799.qloud-c.yandex.net (smtpcorp/Yandex) with ESMTPSA id PwhVeBFRq1-CujCWwvW; Tue, 14 Jul 2020 23:12:56 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client certificate not present) From: Dmitry Yakunin To: alexei.starovoitov@gmail.com, daniel@iogearbox.net, netdev@vger.kernel.org, bpf@vger.kernel.org Cc: sdf@google.com Subject: [PATCH bpf-next v2 1/4] bpf: setup socket family and addresses in bpf_prog_test_run_skb Date: Tue, 14 Jul 2020 23:12:42 +0300 Message-Id: <20200714201245.99528-2-zeil@yandex-team.ru> In-Reply-To: <20200714201245.99528-1-zeil@yandex-team.ru> References: <20200714201245.99528-1-zeil@yandex-team.ru> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Now it's impossible to test all branches of cgroup_skb bpf program which accesses skb->family and skb->{local,remote}_ip{4,6} fields because they are zeroed during socket allocation. This commit fills socket family and addresses from related fields in constructed skb. Signed-off-by: Dmitry Yakunin Reported-by: kernel test robot Reported-by: kernel test robot --- net/bpf/test_run.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/net/bpf/test_run.c b/net/bpf/test_run.c index bfd4ccd..a58b399 100644 --- a/net/bpf/test_run.c +++ b/net/bpf/test_run.c @@ -432,6 +432,21 @@ int bpf_prog_test_run_skb(struct bpf_prog *prog, const union bpf_attr *kattr, skb->protocol = eth_type_trans(skb, current->nsproxy->net_ns->loopback_dev); skb_reset_network_header(skb); + switch (skb->protocol) { + case htons(ETH_P_IP): + sk->sk_family = AF_INET; + sk->sk_rcv_saddr = ip_hdr(skb)->saddr; + sk->sk_daddr = ip_hdr(skb)->daddr; + break; + case htons(ETH_P_IPV6): + sk->sk_family = AF_INET6; + sk->sk_v6_rcv_saddr = ipv6_hdr(skb)->saddr; + sk->sk_v6_daddr = ipv6_hdr(skb)->daddr; + break; + default: + break; + } + if (is_l2) __skb_push(skb, hh_len); if (is_direct_pkt_access) From patchwork Tue Jul 14 20:12:43 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dmitry Yakunin X-Patchwork-Id: 1329090 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=23.128.96.18; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=yandex-team.ru Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=yandex-team.ru header.i=@yandex-team.ru header.a=rsa-sha256 header.s=default header.b=SIfYX8G3; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by ozlabs.org (Postfix) with ESMTP id 4B5sC70M3Hz9sTC for ; Wed, 15 Jul 2020 06:13:07 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729442AbgGNUNE (ORCPT ); Tue, 14 Jul 2020 16:13:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51954 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728270AbgGNUNC (ORCPT ); Tue, 14 Jul 2020 16:13:02 -0400 X-Greylist: delayed 92844 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Tue, 14 Jul 2020 13:13:01 PDT Received: from forwardcorp1j.mail.yandex.net (forwardcorp1j.mail.yandex.net [IPv6:2a02:6b8:0:1619::183]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 82F8DC061755; Tue, 14 Jul 2020 13:13:01 -0700 (PDT) Received: from iva8-d077482f1536.qloud-c.yandex.net (iva8-d077482f1536.qloud-c.yandex.net [IPv6:2a02:6b8:c0c:2f26:0:640:d077:482f]) by forwardcorp1j.mail.yandex.net (Yandex) with ESMTP id 925D22E14A9; Tue, 14 Jul 2020 23:12:58 +0300 (MSK) Received: from iva8-88b7aa9dc799.qloud-c.yandex.net (iva8-88b7aa9dc799.qloud-c.yandex.net [2a02:6b8:c0c:77a0:0:640:88b7:aa9d]) by iva8-d077482f1536.qloud-c.yandex.net (mxbackcorp/Yandex) with ESMTP id otQgsBOFuo-CvsaCD7r; Tue, 14 Jul 2020 23:12:58 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex-team.ru; s=default; t=1594757578; bh=/X1gyoVSLyvvewERQIpDIhxJ6bTCdcdtv1IWCHjjaxc=; h=In-Reply-To:Message-Id:References:Date:Subject:To:From:Cc; b=SIfYX8G3hnDrE6ks3PRVTJo6hb9tsMT0lPowlgAFC9/7dmcaYxBUbkaGqnB1pH79t 9JBgloiWCAqZKhhCi89DBRkS7MPlgGvySJDkZJPmEZooPQNtB3XJJP1gVV5eSYv+h5 o20ZR1/3o1qC8AMjhb6nXx2SDfRDlxg6dom3m1Tg= Authentication-Results: iva8-d077482f1536.qloud-c.yandex.net; dkim=pass header.i=@yandex-team.ru Received: from 37.9.72.161-iva.dhcp.yndx.net (37.9.72.161-iva.dhcp.yndx.net [37.9.72.161]) by iva8-88b7aa9dc799.qloud-c.yandex.net (smtpcorp/Yandex) with ESMTPSA id PwhVeBFRq1-CvjCD2er; Tue, 14 Jul 2020 23:12:57 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client certificate not present) From: Dmitry Yakunin To: alexei.starovoitov@gmail.com, daniel@iogearbox.net, netdev@vger.kernel.org, bpf@vger.kernel.org Cc: sdf@google.com Subject: [PATCH bpf-next v2 2/4] bpf: allow to specify ifindex for skb in bpf_prog_test_run_skb Date: Tue, 14 Jul 2020 23:12:43 +0300 Message-Id: <20200714201245.99528-3-zeil@yandex-team.ru> In-Reply-To: <20200714201245.99528-1-zeil@yandex-team.ru> References: <20200714201245.99528-1-zeil@yandex-team.ru> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Now skb->dev is unconditionally set to the loopback device in current net namespace. But if we want to test bpf program which contains code branch based on ifindex condition (eg filters out localhost packets) it is useful to allow specifying of ifindex from userspace. This patch adds such option through ctx_in (__sk_buff) parameter. Signed-off-by: Dmitry Yakunin --- net/bpf/test_run.c | 22 ++++++++++++++++++++-- tools/testing/selftests/bpf/prog_tests/skb_ctx.c | 5 +++++ 2 files changed, 25 insertions(+), 2 deletions(-) diff --git a/net/bpf/test_run.c b/net/bpf/test_run.c index a58b399..1e10a7e 100644 --- a/net/bpf/test_run.c +++ b/net/bpf/test_run.c @@ -310,6 +310,12 @@ static int convert___skb_to_skb(struct sk_buff *skb, struct __sk_buff *__skb) /* priority is allowed */ if (!range_is_zero(__skb, offsetofend(struct __sk_buff, priority), + offsetof(struct __sk_buff, ifindex))) + return -EINVAL; + + /* ifindex is allowed */ + + if (!range_is_zero(__skb, offsetofend(struct __sk_buff, ifindex), offsetof(struct __sk_buff, cb))) return -EINVAL; @@ -364,6 +370,7 @@ static void convert_skb_to___skb(struct sk_buff *skb, struct __sk_buff *__skb) __skb->mark = skb->mark; __skb->priority = skb->priority; + __skb->ifindex = skb->dev->ifindex; __skb->tstamp = skb->tstamp; memcpy(__skb->cb, &cb->data, QDISC_CB_PRIV_LEN); __skb->wire_len = cb->pkt_len; @@ -374,6 +381,8 @@ int bpf_prog_test_run_skb(struct bpf_prog *prog, const union bpf_attr *kattr, union bpf_attr __user *uattr) { bool is_l2 = false, is_direct_pkt_access = false; + struct net *net = current->nsproxy->net_ns; + struct net_device *dev = net->loopback_dev; u32 size = kattr->test.data_size_in; u32 repeat = kattr->test.repeat; struct __sk_buff *ctx = NULL; @@ -415,7 +424,7 @@ int bpf_prog_test_run_skb(struct bpf_prog *prog, const union bpf_attr *kattr, kfree(ctx); return -ENOMEM; } - sock_net_set(sk, current->nsproxy->net_ns); + sock_net_set(sk, net); sock_init_data(NULL, sk); skb = build_skb(data, 0); @@ -429,7 +438,14 @@ int bpf_prog_test_run_skb(struct bpf_prog *prog, const union bpf_attr *kattr, skb_reserve(skb, NET_SKB_PAD + NET_IP_ALIGN); __skb_put(skb, size); - skb->protocol = eth_type_trans(skb, current->nsproxy->net_ns->loopback_dev); + if (ctx && ctx->ifindex > 1) { + dev = dev_get_by_index(net, ctx->ifindex); + if (!dev) { + ret = -ENODEV; + goto out; + } + } + skb->protocol = eth_type_trans(skb, dev); skb_reset_network_header(skb); switch (skb->protocol) { @@ -479,6 +495,8 @@ int bpf_prog_test_run_skb(struct bpf_prog *prog, const union bpf_attr *kattr, ret = bpf_ctx_finish(kattr, uattr, ctx, sizeof(struct __sk_buff)); out: + if (dev && dev != net->loopback_dev) + dev_put(dev); kfree_skb(skb); bpf_sk_storage_free(sk); kfree(sk); diff --git a/tools/testing/selftests/bpf/prog_tests/skb_ctx.c b/tools/testing/selftests/bpf/prog_tests/skb_ctx.c index 7021b92..25de86a 100644 --- a/tools/testing/selftests/bpf/prog_tests/skb_ctx.c +++ b/tools/testing/selftests/bpf/prog_tests/skb_ctx.c @@ -11,6 +11,7 @@ void test_skb_ctx(void) .cb[3] = 4, .cb[4] = 5, .priority = 6, + .ifindex = 1, .tstamp = 7, .wire_len = 100, .gso_segs = 8, @@ -92,6 +93,10 @@ void test_skb_ctx(void) "ctx_out_priority", "skb->priority == %d, expected %d\n", skb.priority, 7); + CHECK_ATTR(skb.ifindex != 1, + "ctx_out_ifindex", + "skb->ifindex == %d, expected %d\n", + skb.ifindex, 1); CHECK_ATTR(skb.tstamp != 8, "ctx_out_tstamp", "skb->tstamp == %lld, expected %d\n", From patchwork Tue Jul 14 20:12:44 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dmitry Yakunin X-Patchwork-Id: 1329092 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=23.128.96.18; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=yandex-team.ru Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=yandex-team.ru header.i=@yandex-team.ru header.a=rsa-sha256 header.s=default header.b=d0WmTOkJ; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by ozlabs.org (Postfix) with ESMTP id 4B5sC76Z9Rz9sRK for ; Wed, 15 Jul 2020 06:13:07 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729797AbgGNUNF (ORCPT ); Tue, 14 Jul 2020 16:13:05 -0400 Received: from forwardcorp1j.mail.yandex.net ([5.45.199.163]:39924 "EHLO forwardcorp1j.mail.yandex.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728305AbgGNUNB (ORCPT ); Tue, 14 Jul 2020 16:13:01 -0400 Received: from iva8-d077482f1536.qloud-c.yandex.net (iva8-d077482f1536.qloud-c.yandex.net [IPv6:2a02:6b8:c0c:2f26:0:640:d077:482f]) by forwardcorp1j.mail.yandex.net (Yandex) with ESMTP id 668382E14BF; Tue, 14 Jul 2020 23:12:59 +0300 (MSK) Received: from iva8-88b7aa9dc799.qloud-c.yandex.net (iva8-88b7aa9dc799.qloud-c.yandex.net [2a02:6b8:c0c:77a0:0:640:88b7:aa9d]) by iva8-d077482f1536.qloud-c.yandex.net (mxbackcorp/Yandex) with ESMTP id 12dkw1C51r-Cwsastxr; Tue, 14 Jul 2020 23:12:59 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex-team.ru; s=default; t=1594757579; bh=DCSCVlRUB8ntvm+gosbrZ8v3aXjTCpPGrVkd1oFdbbM=; h=In-Reply-To:Message-Id:References:Date:Subject:To:From:Cc; b=d0WmTOkJi8KdMZcdJP8gbqkyIRlYYUzPZgdRHt/70b1dpC0kR05BRxAdSc7KOuoCH Tb3GJRZ1TJMruBzNnj9bOuxRwsx7G9vUx/+7zBMbXLrQXh3b71W5ZFNbM4tedQx0qx kWMoPD0MOk92bosUbn0vFLmOLVII/fYYFwO8QJ2c= Authentication-Results: iva8-d077482f1536.qloud-c.yandex.net; dkim=pass header.i=@yandex-team.ru Received: from 37.9.72.161-iva.dhcp.yndx.net (37.9.72.161-iva.dhcp.yndx.net [37.9.72.161]) by iva8-88b7aa9dc799.qloud-c.yandex.net (smtpcorp/Yandex) with ESMTPSA id PwhVeBFRq1-CwjCAc2u; Tue, 14 Jul 2020 23:12:58 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client certificate not present) From: Dmitry Yakunin To: alexei.starovoitov@gmail.com, daniel@iogearbox.net, netdev@vger.kernel.org, bpf@vger.kernel.org Cc: sdf@google.com Subject: [PATCH bpf-next v2 3/4] bpf: export some cgroup storages allocation helpers for reusing Date: Tue, 14 Jul 2020 23:12:44 +0300 Message-Id: <20200714201245.99528-4-zeil@yandex-team.ru> In-Reply-To: <20200714201245.99528-1-zeil@yandex-team.ru> References: <20200714201245.99528-1-zeil@yandex-team.ru> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org This patch exports bpf_cgroup_storages_alloc and bpf_cgroup_storages_free helpers to the header file and reuses them in bpf_test_run. v2: - fix build without CONFIG_CGROUP_BPF (kernel test robot ) Signed-off-by: Dmitry Yakunin --- include/linux/bpf-cgroup.h | 36 ++++++++++++++++++++++++++++++++++++ kernel/bpf/cgroup.c | 25 ------------------------- net/bpf/test_run.c | 16 ++++------------ 3 files changed, 40 insertions(+), 37 deletions(-) diff --git a/include/linux/bpf-cgroup.h b/include/linux/bpf-cgroup.h index 2c6f266..5c10fe6 100644 --- a/include/linux/bpf-cgroup.h +++ b/include/linux/bpf-cgroup.h @@ -175,6 +175,33 @@ int bpf_percpu_cgroup_storage_copy(struct bpf_map *map, void *key, void *value); int bpf_percpu_cgroup_storage_update(struct bpf_map *map, void *key, void *value, u64 flags); +static inline void bpf_cgroup_storages_free(struct bpf_cgroup_storage + *storage[MAX_BPF_CGROUP_STORAGE_TYPE]) +{ + enum bpf_cgroup_storage_type stype; + + for_each_cgroup_storage_type(stype) + bpf_cgroup_storage_free(storage[stype]); +} + +static inline int bpf_cgroup_storages_alloc(struct bpf_cgroup_storage + *storage[MAX_BPF_CGROUP_STORAGE_TYPE], + struct bpf_prog *prog) +{ + enum bpf_cgroup_storage_type stype; + + for_each_cgroup_storage_type(stype) { + storage[stype] = bpf_cgroup_storage_alloc(prog, stype); + if (IS_ERR(storage[stype])) { + storage[stype] = NULL; + bpf_cgroup_storages_free(storage); + return -ENOMEM; + } + } + + return 0; +} + /* Wrappers for __cgroup_bpf_run_filter_skb() guarded by cgroup_bpf_enabled. */ #define BPF_CGROUP_RUN_PROG_INET_INGRESS(sk, skb) \ ({ \ @@ -398,6 +425,15 @@ static inline int bpf_percpu_cgroup_storage_update(struct bpf_map *map, return 0; } +static inline void bpf_cgroup_storages_free( + struct bpf_cgroup_storage *storage[MAX_BPF_CGROUP_STORAGE_TYPE]) {} + +static inline int bpf_cgroup_storages_alloc( + struct bpf_cgroup_storage *storage[MAX_BPF_CGROUP_STORAGE_TYPE], + struct bpf_prog *prog) { + return 0; +} + #define cgroup_bpf_enabled (0) #define BPF_CGROUP_RUN_SA_PROG_LOCK(sk, uaddr, type, t_ctx) ({ 0; }) #define BPF_CGROUP_PRE_CONNECT_ENABLED(sk) (0) diff --git a/kernel/bpf/cgroup.c b/kernel/bpf/cgroup.c index ac53102..e4c2792 100644 --- a/kernel/bpf/cgroup.c +++ b/kernel/bpf/cgroup.c @@ -28,31 +28,6 @@ void cgroup_bpf_offline(struct cgroup *cgrp) percpu_ref_kill(&cgrp->bpf.refcnt); } -static void bpf_cgroup_storages_free(struct bpf_cgroup_storage *storages[]) -{ - enum bpf_cgroup_storage_type stype; - - for_each_cgroup_storage_type(stype) - bpf_cgroup_storage_free(storages[stype]); -} - -static int bpf_cgroup_storages_alloc(struct bpf_cgroup_storage *storages[], - struct bpf_prog *prog) -{ - enum bpf_cgroup_storage_type stype; - - for_each_cgroup_storage_type(stype) { - storages[stype] = bpf_cgroup_storage_alloc(prog, stype); - if (IS_ERR(storages[stype])) { - storages[stype] = NULL; - bpf_cgroup_storages_free(storages); - return -ENOMEM; - } - } - - return 0; -} - static void bpf_cgroup_storages_assign(struct bpf_cgroup_storage *dst[], struct bpf_cgroup_storage *src[]) { diff --git a/net/bpf/test_run.c b/net/bpf/test_run.c index 1e10a7e..5c4835c 100644 --- a/net/bpf/test_run.c +++ b/net/bpf/test_run.c @@ -19,20 +19,13 @@ static int bpf_test_run(struct bpf_prog *prog, void *ctx, u32 repeat, u32 *retval, u32 *time, bool xdp) { struct bpf_cgroup_storage *storage[MAX_BPF_CGROUP_STORAGE_TYPE] = { NULL }; - enum bpf_cgroup_storage_type stype; u64 time_start, time_spent = 0; int ret = 0; u32 i; - for_each_cgroup_storage_type(stype) { - storage[stype] = bpf_cgroup_storage_alloc(prog, stype); - if (IS_ERR(storage[stype])) { - storage[stype] = NULL; - for_each_cgroup_storage_type(stype) - bpf_cgroup_storage_free(storage[stype]); - return -ENOMEM; - } - } + ret = bpf_cgroup_storages_alloc(storage, prog); + if (ret) + return ret; if (!repeat) repeat = 1; @@ -72,8 +65,7 @@ static int bpf_test_run(struct bpf_prog *prog, void *ctx, u32 repeat, do_div(time_spent, repeat); *time = time_spent > U32_MAX ? U32_MAX : (u32)time_spent; - for_each_cgroup_storage_type(stype) - bpf_cgroup_storage_free(storage[stype]); + bpf_cgroup_storages_free(storage); return ret; } From patchwork Tue Jul 14 20:12:45 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dmitry Yakunin X-Patchwork-Id: 1329089 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: incoming-bpf@patchwork.ozlabs.org Delivered-To: patchwork-incoming-bpf@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=23.128.96.18; helo=vger.kernel.org; envelope-from=bpf-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=yandex-team.ru Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=yandex-team.ru header.i=@yandex-team.ru header.a=rsa-sha256 header.s=default header.b=WGZI39P9; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by ozlabs.org (Postfix) with ESMTP id 4B5sC64lTbz9sRf for ; Wed, 15 Jul 2020 06:13:06 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729371AbgGNUND (ORCPT ); Tue, 14 Jul 2020 16:13:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51960 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729092AbgGNUNC (ORCPT ); Tue, 14 Jul 2020 16:13:02 -0400 Received: from forwardcorp1p.mail.yandex.net (forwardcorp1p.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b6:217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F049CC061794; Tue, 14 Jul 2020 13:13:01 -0700 (PDT) Received: from iva8-d077482f1536.qloud-c.yandex.net (iva8-d077482f1536.qloud-c.yandex.net [IPv6:2a02:6b8:c0c:2f26:0:640:d077:482f]) by forwardcorp1p.mail.yandex.net (Yandex) with ESMTP id 886292E11DD; Tue, 14 Jul 2020 23:13:00 +0300 (MSK) Received: from iva8-88b7aa9dc799.qloud-c.yandex.net (iva8-88b7aa9dc799.qloud-c.yandex.net [2a02:6b8:c0c:77a0:0:640:88b7:aa9d]) by iva8-d077482f1536.qloud-c.yandex.net (mxbackcorp/Yandex) with ESMTP id cFKYEUW4na-Cxs0Uej8; Tue, 14 Jul 2020 23:13:00 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex-team.ru; s=default; t=1594757580; bh=ued7izyOQoiHrOno/il6Km3f4v4Tapg481qGbU9U7Dk=; h=In-Reply-To:Message-Id:References:Date:Subject:To:From:Cc; b=WGZI39P9V2o2Sj58mPdETV2EKfJ2tfo6jsjkwaWAuMYOqnrMg/lIfke3YLYG3W9oR QWRyOUwi6fmePr9YV/UPjd/ebb3VvNfnPz6gJYfXhTJJ83Yo0zgsqglzNTnGvSlfuB kJnc7LMPJG3G51PKmcOUoxuZ0GxNCfjqpbTO/0lM= Authentication-Results: iva8-d077482f1536.qloud-c.yandex.net; dkim=pass header.i=@yandex-team.ru Received: from 37.9.72.161-iva.dhcp.yndx.net (37.9.72.161-iva.dhcp.yndx.net [37.9.72.161]) by iva8-88b7aa9dc799.qloud-c.yandex.net (smtpcorp/Yandex) with ESMTPSA id PwhVeBFRq1-CxjCQftL; Tue, 14 Jul 2020 23:12:59 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client certificate not present) From: Dmitry Yakunin To: alexei.starovoitov@gmail.com, daniel@iogearbox.net, netdev@vger.kernel.org, bpf@vger.kernel.org Cc: sdf@google.com Subject: [PATCH bpf-next v2 4/4] bpf: try to use existing cgroup storage in bpf_prog_test_run_skb Date: Tue, 14 Jul 2020 23:12:45 +0300 Message-Id: <20200714201245.99528-5-zeil@yandex-team.ru> In-Reply-To: <20200714201245.99528-1-zeil@yandex-team.ru> References: <20200714201245.99528-1-zeil@yandex-team.ru> MIME-Version: 1.0 Sender: bpf-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org Now we cannot check results in cgroup storage after running BPF_PROG_TEST_RUN command because it allocates dummy cgroup storage during test. This patch implements simple logic for searching already allocated cgroup storage through iterating effective programs of current cgroup and finding the first match. If match is not found fallback to temporary storage is happened. v2: - fix build without CONFIG_CGROUP_BPF (kernel test robot ) Signed-off-by: Dmitry Yakunin --- net/bpf/test_run.c | 64 +++++++++++++++++- .../selftests/bpf/prog_tests/cgroup_skb_prog_run.c | 78 ++++++++++++++++++++++ 2 files changed, 139 insertions(+), 3 deletions(-) create mode 100644 tools/testing/selftests/bpf/prog_tests/cgroup_skb_prog_run.c diff --git a/net/bpf/test_run.c b/net/bpf/test_run.c index 5c4835c..737b8c4 100644 --- a/net/bpf/test_run.c +++ b/net/bpf/test_run.c @@ -15,15 +15,67 @@ #define CREATE_TRACE_POINTS #include +#ifdef CONFIG_CGROUP_BPF + +static struct bpf_prog_array_item *bpf_prog_find_active(struct bpf_prog *prog, + struct bpf_prog_array *effective) +{ + struct bpf_prog_array_item *item; + struct bpf_prog_array *array; + struct bpf_prog *p; + + array = rcu_dereference(effective); + if (!array) + return NULL; + + item = &array->items[0]; + while ((p = READ_ONCE(item->prog))) { + if (p == prog) + return item; + item++; + } + + return NULL; +} + +static struct bpf_cgroup_storage **bpf_prog_find_active_storage(struct bpf_prog *prog) +{ + struct bpf_prog_array_item *item; + struct cgroup *cgrp; + + if (prog->type != BPF_PROG_TYPE_CGROUP_SKB) + return NULL; + + cgrp = task_dfl_cgroup(current); + + item = bpf_prog_find_active(prog, + cgrp->bpf.effective[BPF_CGROUP_INET_INGRESS]); + if (!item) + item = bpf_prog_find_active(prog, + cgrp->bpf.effective[BPF_CGROUP_INET_EGRESS]); + + return item ? item->cgroup_storage : NULL; +} + +#else + +static struct bpf_cgroup_storage **bpf_prog_find_active_storage(struct bpf_prog *prog) +{ + return NULL; +} + +#endif + static int bpf_test_run(struct bpf_prog *prog, void *ctx, u32 repeat, u32 *retval, u32 *time, bool xdp) { - struct bpf_cgroup_storage *storage[MAX_BPF_CGROUP_STORAGE_TYPE] = { NULL }; + struct bpf_cgroup_storage *dummy_storage[MAX_BPF_CGROUP_STORAGE_TYPE] = { NULL }; + struct bpf_cgroup_storage **storage = dummy_storage; u64 time_start, time_spent = 0; int ret = 0; u32 i; - ret = bpf_cgroup_storages_alloc(storage, prog); + ret = bpf_cgroup_storages_alloc(dummy_storage, prog); if (ret) return ret; @@ -31,6 +83,9 @@ static int bpf_test_run(struct bpf_prog *prog, void *ctx, u32 repeat, repeat = 1; rcu_read_lock(); + storage = bpf_prog_find_active_storage(prog); + if (!storage) + storage = dummy_storage; migrate_disable(); time_start = ktime_get_ns(); for (i = 0; i < repeat; i++) { @@ -54,6 +109,9 @@ static int bpf_test_run(struct bpf_prog *prog, void *ctx, u32 repeat, cond_resched(); rcu_read_lock(); + storage = bpf_prog_find_active_storage(prog); + if (!storage) + storage = dummy_storage; migrate_disable(); time_start = ktime_get_ns(); } @@ -65,7 +123,7 @@ static int bpf_test_run(struct bpf_prog *prog, void *ctx, u32 repeat, do_div(time_spent, repeat); *time = time_spent > U32_MAX ? U32_MAX : (u32)time_spent; - bpf_cgroup_storages_free(storage); + bpf_cgroup_storages_free(dummy_storage); return ret; } diff --git a/tools/testing/selftests/bpf/prog_tests/cgroup_skb_prog_run.c b/tools/testing/selftests/bpf/prog_tests/cgroup_skb_prog_run.c new file mode 100644 index 0000000..12ca881 --- /dev/null +++ b/tools/testing/selftests/bpf/prog_tests/cgroup_skb_prog_run.c @@ -0,0 +1,78 @@ +// SPDX-License-Identifier: GPL-2.0 + +#include + +#include "cgroup_helpers.h" +#include "network_helpers.h" + +static char bpf_log_buf[BPF_LOG_BUF_SIZE]; + +void test_cgroup_skb_prog_run(void) +{ + struct bpf_insn prog[] = { + BPF_LD_MAP_FD(BPF_REG_1, 0), /* map fd */ + BPF_MOV64_IMM(BPF_REG_2, 0), /* flags, not used */ + BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_get_local_storage), + BPF_MOV64_IMM(BPF_REG_1, 1), + BPF_RAW_INSN(BPF_STX | BPF_XADD | BPF_W, BPF_REG_0, BPF_REG_1, 0, 0), + + BPF_MOV64_IMM(BPF_REG_0, 1), /* r0 = 1 */ + BPF_EXIT_INSN(), + }; + size_t insns_cnt = sizeof(prog) / sizeof(struct bpf_insn); + int storage_fd = -1, prog_fd = -1, cg_fd = -1; + struct bpf_cgroup_storage_key key; + __u32 duration, retval, size; + char buf[128]; + __u64 value; + int err; + + storage_fd = bpf_create_map(BPF_MAP_TYPE_CGROUP_STORAGE, + sizeof(struct bpf_cgroup_storage_key), + 8, 0, 0); + if (CHECK(storage_fd < 0, "create_map", "%s\n", strerror(errno))) + goto out; + + prog[0].imm = storage_fd; + + prog_fd = bpf_load_program(BPF_PROG_TYPE_CGROUP_SKB, + prog, insns_cnt, "GPL", 0, + bpf_log_buf, BPF_LOG_BUF_SIZE); + if (CHECK(prog_fd < 0, "prog_load", + "verifier output:\n%s\n-------\n", bpf_log_buf)) + goto out; + + if (CHECK_FAIL(setup_cgroup_environment())) + goto out; + + cg_fd = create_and_get_cgroup("/cg"); + if (CHECK_FAIL(cg_fd < 0)) + goto out; + + if (CHECK_FAIL(join_cgroup("/cg"))) + goto out; + + if (CHECK(bpf_prog_attach(prog_fd, cg_fd, BPF_CGROUP_INET_EGRESS, 0), + "prog_attach", "%s\n", strerror(errno))) + goto out; + + err = bpf_prog_test_run(prog_fd, NUM_ITER, &pkt_v4, sizeof(pkt_v4), + buf, &size, &retval, &duration); + CHECK(err || retval != 1, "prog_test_run", + "err %d errno %d retval %d\n", err, errno, retval); + + /* check that cgroup storage results are available after test run */ + + err = bpf_map_get_next_key(storage_fd, NULL, &key); + CHECK(err, "map_get_next_key", "%s\n", strerror(errno)); + + err = bpf_map_lookup_elem(storage_fd, &key, &value); + CHECK(err || value != NUM_ITER, + "map_lookup_elem", + "err %d errno %d cnt %lld(%d)\n", err, errno, value, NUM_ITER); +out: + close(storage_fd); + close(prog_fd); + close(cg_fd); + cleanup_cgroup_environment(); +}