From: Martin Lau <kafai@fb.com>
To: Andrey Ignatov <rdna@fb.com>
Cc: "bpf@vger.kernel.org" <bpf@vger.kernel.org>,
"ast@kernel.org" <ast@kernel.org>,
"daniel@iogearbox.net" <daniel@iogearbox.net>,
Kernel Team <Kernel-team@fb.com>
Subject: Re: [PATCH bpf-next 5/5] selftests/bpf: Cover BPF_F_REPLACE in test_cgroup_attach
Date: Thu, 12 Dec 2019 18:26:20 +0000 [thread overview]
Message-ID: <20191212182616.le7deuzfis2r2sah@kafai-mbp> (raw)
In-Reply-To: <829ef294f0395649f459334b48d4d9a6103a4fc1.1576031228.git.rdna@fb.com>
On Tue, Dec 10, 2019 at 06:33:31PM -0800, Andrey Ignatov wrote:
> Test replacement of a cgroup-bpf program attached with BPF_F_ALLOW_MULTI
> and possible failure modes: invalid combination of flags, invalid
> replace_bpf_fd, replacing a non-attachd to specified cgroup program.
>
> Example of program replacing:
>
> # gdb -q ./test_cgroup_attach
> Reading symbols from /data/users/rdna/bin/test_cgroup_attach...done.
> ...
> Breakpoint 1, test_multiprog () at test_cgroup_attach.c:442
> 442 test_cgroup_attach.c: No such file or directory.
> (gdb)
> [2]+ Stopped gdb -q ./test_cgroup_attach
> # bpftool c s /mnt/cgroup2/cgroup-test-work-dir/cg1
> ID AttachType AttachFlags Name
> 35 egress multi
> 36 egress multi
> # fg gdb -q ./test_cgroup_attach
> c
> Continuing.
> Detaching after fork from child process 361.
>
> Breakpoint 2, test_multiprog () at test_cgroup_attach.c:453
> 453 in test_cgroup_attach.c
> (gdb)
> [2]+ Stopped gdb -q ./test_cgroup_attach
> # bpftool c s /mnt/cgroup2/cgroup-test-work-dir/cg1
> ID AttachType AttachFlags Name
> 41 egress multi
> 36 egress multi
>
> Signed-off-by: Andrey Ignatov <rdna@fb.com>
> ---
> .../selftests/bpf/test_cgroup_attach.c | 61 +++++++++++++++++--
> 1 file changed, 56 insertions(+), 5 deletions(-)
>
> diff --git a/tools/testing/selftests/bpf/test_cgroup_attach.c b/tools/testing/selftests/bpf/test_cgroup_attach.c
> index 7671909ee1cb..b9148d752207 100644
> --- a/tools/testing/selftests/bpf/test_cgroup_attach.c
> +++ b/tools/testing/selftests/bpf/test_cgroup_attach.c
> @@ -250,7 +250,7 @@ static int prog_load_cnt(int verdict, int val)
> BPF_LD_MAP_FD(BPF_REG_1, map_fd),
> BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
> BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 2),
> - BPF_MOV64_IMM(BPF_REG_1, val), /* r1 = 1 */
> + BPF_MOV64_IMM(BPF_REG_1, val), /* r1 = val */
> BPF_RAW_INSN(BPF_STX | BPF_XADD | BPF_DW, BPF_REG_0, BPF_REG_1, 0, 0), /* xadd r0 += r1 */
>
> BPF_LD_MAP_FD(BPF_REG_1, cgroup_storage_fd),
> @@ -290,11 +290,12 @@ static int test_multiprog(void)
> {
> __u32 prog_ids[4], prog_cnt = 0, attach_flags, saved_prog_id;
> int cg1 = 0, cg2 = 0, cg3 = 0, cg4 = 0, cg5 = 0, key = 0;
> - int drop_prog, allow_prog[6] = {}, rc = 0;
> + int drop_prog, allow_prog[7] = {}, rc = 0;
> + struct bpf_prog_attach_attr attach_attr;
> unsigned long long value;
> int i = 0;
>
> - for (i = 0; i < 6; i++) {
> + for (i = 0; i < ARRAY_SIZE(allow_prog); i++) {
> allow_prog[i] = prog_load_cnt(1, 1 << i);
> if (!allow_prog[i])
> goto err;
> @@ -400,6 +401,56 @@ static int test_multiprog(void)
> assert(bpf_map_lookup_elem(map_fd, &key, &value) == 0);
> assert(value == 1 + 2 + 8 + 16);
>
> + /* invalid input */
> +
> + memset(&attach_attr, 0, sizeof(attach_attr));
> + attach_attr.target_fd = cg1;
> + attach_attr.prog_fd = allow_prog[6];
> + attach_attr.replace_prog_fd = allow_prog[0];
> + attach_attr.type = BPF_CGROUP_INET_EGRESS;
> + attach_attr.flags = BPF_F_ALLOW_OVERRIDE | BPF_F_REPLACE;
> +
> + if (!bpf_prog_attach_xattr(&attach_attr)) {
> + log_err("Unexpected success with OVERRIDE | REPLACE");
> + goto err;
> + }
> + assert(errno == EINVAL);
> +
> + attach_attr.flags = BPF_F_REPLACE;
> + if (!bpf_prog_attach_xattr(&attach_attr)) {
> + log_err("Unexpected success with REPLACE alone");
> + goto err;
> + }
> + assert(errno == EINVAL);
> + attach_attr.flags = BPF_F_ALLOW_MULTI | BPF_F_REPLACE;
> +
> + attach_attr.replace_prog_fd = -1;
> + if (!bpf_prog_attach_xattr(&attach_attr)) {
The whole set LGTM. I expect this attach bit will change based on
the discussion in patch 4.
> + log_err("Unexpected success with bad replace fd");
> + goto err;
> + }
next prev parent reply other threads:[~2019-12-12 18:26 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-11 2:33 [PATCH bpf-next 0/5] bpf: Support replacing cgroup-bpf program in MULTI mode Andrey Ignatov
2019-12-11 2:33 ` [PATCH bpf-next 1/5] bpf: Simplify __cgroup_bpf_attach Andrey Ignatov
2019-12-12 17:57 ` Martin Lau
2019-12-11 2:33 ` [PATCH bpf-next 2/5] bpf: Remove unused new_flags in hierarchy_allows_attach() Andrey Ignatov
2019-12-12 17:57 ` [Potential Spoof] " Martin Lau
2019-12-11 2:33 ` [PATCH bpf-next 3/5] bpf: Support replacing cgroup-bpf program in MULTI mode Andrey Ignatov
2019-12-12 18:18 ` [Potential Spoof] " Martin Lau
2019-12-12 18:46 ` Andrey Ignatov
2019-12-11 2:33 ` [PATCH bpf-next 4/5] libbpf: Introduce bpf_prog_attach_xattr Andrey Ignatov
2019-12-12 8:08 ` Andrii Nakryiko
2019-12-11 2:33 ` [PATCH bpf-next 5/5] selftests/bpf: Cover BPF_F_REPLACE in test_cgroup_attach Andrey Ignatov
2019-12-12 18:26 ` Martin Lau [this message]
2019-12-12 18:51 ` Andrey Ignatov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191212182616.le7deuzfis2r2sah@kafai-mbp \
--to=kafai@fb.com \
--cc=Kernel-team@fb.com \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=rdna@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).