From: Hengqi Chen <hengqi.chen@gmail.com>
To: bpf@vger.kernel.org
Cc: ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org,
keescook@chromium.org, luto@amacapital.net, wad@chromium.org,
hengqi.chen@gmail.com
Subject: [PATCH bpf-next 2/6] bpf: Add test_run support for seccomp program type
Date: Tue, 31 Oct 2023 01:24:03 +0000 [thread overview]
Message-ID: <20231031012407.51371-3-hengqi.chen@gmail.com> (raw)
In-Reply-To: <20231031012407.51371-1-hengqi.chen@gmail.com>
Implement test_run for seccomp program type. Default
is to use an empty struct seccomp_data as bpf_context,
but can be overridden by userspace. This will be used
in selftests.
Signed-off-by: Hengqi Chen <hengqi.chen@gmail.com>
---
include/linux/bpf.h | 3 +++
kernel/seccomp.c | 1 +
net/bpf/test_run.c | 27 +++++++++++++++++++++++++++
3 files changed, 31 insertions(+)
diff --git a/include/linux/bpf.h b/include/linux/bpf.h
index b4825d3cdb29..e25338e67ec4 100644
--- a/include/linux/bpf.h
+++ b/include/linux/bpf.h
@@ -2376,6 +2376,9 @@ int bpf_prog_test_run_sk_lookup(struct bpf_prog *prog,
int bpf_prog_test_run_nf(struct bpf_prog *prog,
const union bpf_attr *kattr,
union bpf_attr __user *uattr);
+int bpf_prog_test_run_seccomp(struct bpf_prog *prog,
+ const union bpf_attr *kattr,
+ union bpf_attr __user *uattr);
bool btf_ctx_access(int off, int size, enum bpf_access_type type,
const struct bpf_prog *prog,
struct bpf_insn_access_aux *info);
diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index 5a6ed8630566..1fa2312654a5 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -2517,6 +2517,7 @@ int proc_pid_seccomp_cache(struct seq_file *m, struct pid_namespace *ns,
#if defined(CONFIG_SECCOMP_FILTER) && defined(CONFIG_BPF_SYSCALL)
const struct bpf_prog_ops seccomp_prog_ops = {
+ .test_run = bpf_prog_test_run_seccomp,
};
static bool seccomp_is_valid_access(int off, int size, enum bpf_access_type type,
diff --git a/net/bpf/test_run.c b/net/bpf/test_run.c
index 0841f8d82419..db159b9c56ca 100644
--- a/net/bpf/test_run.c
+++ b/net/bpf/test_run.c
@@ -20,6 +20,7 @@
#include <linux/smp.h>
#include <linux/sock_diag.h>
#include <linux/netfilter.h>
+#include <linux/seccomp.h>
#include <net/netdev_rx_queue.h>
#include <net/xdp.h>
#include <net/netfilter/nf_bpf_link.h>
@@ -1665,6 +1666,32 @@ int bpf_prog_test_run_nf(struct bpf_prog *prog,
return ret;
}
+int bpf_prog_test_run_seccomp(struct bpf_prog *prog,
+ const union bpf_attr *kattr,
+ union bpf_attr __user *uattr)
+{
+ void __user *ctx_in = u64_to_user_ptr(kattr->test.ctx_in);
+ __u32 ctx_size_in = kattr->test.ctx_size_in;
+ struct seccomp_data ctx = {};
+ __u32 retval;
+
+ if (kattr->test.flags || kattr->test.cpu || kattr->test.batch_size)
+ return -EINVAL;
+
+ if (ctx_size_in && ctx_size_in < sizeof(ctx))
+ return -EINVAL;
+
+ if (ctx_size_in && copy_from_user(&ctx, ctx_in, sizeof(ctx)))
+ return -EFAULT;
+
+ retval = bpf_prog_run_pin_on_cpu(prog, &ctx);
+
+ if (copy_to_user(&uattr->test.retval, &retval, sizeof(retval)))
+ return -EFAULT;
+
+ return 0;
+}
+
static const struct btf_kfunc_id_set bpf_prog_test_kfunc_set = {
.owner = THIS_MODULE,
.set = &test_sk_check_kfunc_ids,
--
2.34.1
next prev parent reply other threads:[~2023-10-31 6:18 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-31 1:24 [PATCH bpf-next 0/6] bpf: Add seccomp program type Hengqi Chen
2023-10-31 1:24 ` [PATCH bpf-next 1/6] bpf: Introduce BPF_PROG_TYPE_SECCOMP Hengqi Chen
2023-11-02 17:30 ` Andrii Nakryiko
2023-11-02 19:49 ` Kees Cook
2023-11-02 19:53 ` Alexei Starovoitov
2023-11-03 20:44 ` Kees Cook
2023-11-03 5:46 ` Hengqi Chen
2023-11-03 8:47 ` Hengqi Chen
2023-10-31 1:24 ` Hengqi Chen [this message]
2023-11-02 17:32 ` [PATCH bpf-next 2/6] bpf: Add test_run support for seccomp program type Andrii Nakryiko
2023-10-31 1:24 ` [PATCH bpf-next 3/6] seccomp: Refactor filter copy/create for reuse Hengqi Chen
2023-10-31 1:24 ` [PATCH bpf-next 4/6] seccomp: Support attaching BPF_PROG_TYPE_SECCOMP progs Hengqi Chen
2023-10-31 1:24 ` [PATCH bpf-next 5/6] selftests/bpf: Add seccomp verifier tests Hengqi Chen
2023-10-31 1:24 ` [PATCH bpf-next 6/6] selftests/bpf: Test BPF_PROG_TYPE_SECCOMP Hengqi Chen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231031012407.51371-3-hengqi.chen@gmail.com \
--to=hengqi.chen@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=keescook@chromium.org \
--cc=luto@amacapital.net \
--cc=wad@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.