selftests: bpf: Test sockmap update from BPF
Add a test which copies a socket from a sockmap into another sockmap or sockhash. This excercises bpf_map_update_elem support from BPF context. Compare the socket cookies from source and destination to ensure that the copy succeeded. Also check that the verifier rejects map_update from unsafe contexts. Signed-off-by: Lorenz Bauer <lmb@cloudflare.com> Signed-off-by: Alexei Starovoitov <ast@kernel.org> Acked-by: Yonghong Song <yhs@fb.com> Link: https://lore.kernel.org/bpf/20200821102948.21918-7-lmb@cloudflare.com
This commit is contained in:
parent
0126240f44
commit
bb23c0e1c5
|
@ -4,6 +4,8 @@
|
|||
|
||||
#include "test_progs.h"
|
||||
#include "test_skmsg_load_helpers.skel.h"
|
||||
#include "test_sockmap_update.skel.h"
|
||||
#include "test_sockmap_invalid_update.skel.h"
|
||||
|
||||
#define TCP_REPAIR 19 /* TCP sock is under repair right now */
|
||||
|
||||
|
@ -101,6 +103,76 @@ out:
|
|||
test_skmsg_load_helpers__destroy(skel);
|
||||
}
|
||||
|
||||
static void test_sockmap_update(enum bpf_map_type map_type)
|
||||
{
|
||||
struct bpf_prog_test_run_attr tattr;
|
||||
int err, prog, src, dst, duration = 0;
|
||||
struct test_sockmap_update *skel;
|
||||
__u64 src_cookie, dst_cookie;
|
||||
const __u32 zero = 0;
|
||||
char dummy[14] = {0};
|
||||
__s64 sk;
|
||||
|
||||
sk = connected_socket_v4();
|
||||
if (CHECK(sk == -1, "connected_socket_v4", "cannot connect\n"))
|
||||
return;
|
||||
|
||||
skel = test_sockmap_update__open_and_load();
|
||||
if (CHECK(!skel, "open_and_load", "cannot load skeleton\n")) {
|
||||
close(sk);
|
||||
return;
|
||||
}
|
||||
|
||||
prog = bpf_program__fd(skel->progs.copy_sock_map);
|
||||
src = bpf_map__fd(skel->maps.src);
|
||||
if (map_type == BPF_MAP_TYPE_SOCKMAP)
|
||||
dst = bpf_map__fd(skel->maps.dst_sock_map);
|
||||
else
|
||||
dst = bpf_map__fd(skel->maps.dst_sock_hash);
|
||||
|
||||
err = bpf_map_update_elem(src, &zero, &sk, BPF_NOEXIST);
|
||||
if (CHECK(err, "update_elem(src)", "errno=%u\n", errno))
|
||||
goto out;
|
||||
|
||||
err = bpf_map_lookup_elem(src, &zero, &src_cookie);
|
||||
if (CHECK(err, "lookup_elem(src, cookie)", "errno=%u\n", errno))
|
||||
goto out;
|
||||
|
||||
tattr = (struct bpf_prog_test_run_attr){
|
||||
.prog_fd = prog,
|
||||
.repeat = 1,
|
||||
.data_in = dummy,
|
||||
.data_size_in = sizeof(dummy),
|
||||
};
|
||||
|
||||
err = bpf_prog_test_run_xattr(&tattr);
|
||||
if (CHECK_ATTR(err || !tattr.retval, "bpf_prog_test_run",
|
||||
"errno=%u retval=%u\n", errno, tattr.retval))
|
||||
goto out;
|
||||
|
||||
err = bpf_map_lookup_elem(dst, &zero, &dst_cookie);
|
||||
if (CHECK(err, "lookup_elem(dst, cookie)", "errno=%u\n", errno))
|
||||
goto out;
|
||||
|
||||
CHECK(dst_cookie != src_cookie, "cookie mismatch", "%llu != %llu\n",
|
||||
dst_cookie, src_cookie);
|
||||
|
||||
out:
|
||||
close(sk);
|
||||
test_sockmap_update__destroy(skel);
|
||||
}
|
||||
|
||||
static void test_sockmap_invalid_update(void)
|
||||
{
|
||||
struct test_sockmap_invalid_update *skel;
|
||||
int duration = 0;
|
||||
|
||||
skel = test_sockmap_invalid_update__open_and_load();
|
||||
CHECK(skel, "open_and_load", "verifier accepted map_update\n");
|
||||
if (skel)
|
||||
test_sockmap_invalid_update__destroy(skel);
|
||||
}
|
||||
|
||||
void test_sockmap_basic(void)
|
||||
{
|
||||
if (test__start_subtest("sockmap create_update_free"))
|
||||
|
@ -111,4 +183,10 @@ void test_sockmap_basic(void)
|
|||
test_skmsg_helpers(BPF_MAP_TYPE_SOCKMAP);
|
||||
if (test__start_subtest("sockhash sk_msg load helpers"))
|
||||
test_skmsg_helpers(BPF_MAP_TYPE_SOCKHASH);
|
||||
if (test__start_subtest("sockmap update"))
|
||||
test_sockmap_update(BPF_MAP_TYPE_SOCKMAP);
|
||||
if (test__start_subtest("sockhash update"))
|
||||
test_sockmap_update(BPF_MAP_TYPE_SOCKHASH);
|
||||
if (test__start_subtest("sockmap update in unsafe context"))
|
||||
test_sockmap_invalid_update();
|
||||
}
|
||||
|
|
|
@ -0,0 +1,23 @@
|
|||
// SPDX-License-Identifier: GPL-2.0
|
||||
// Copyright (c) 2020 Cloudflare
|
||||
#include "vmlinux.h"
|
||||
#include <bpf/bpf_helpers.h>
|
||||
|
||||
struct {
|
||||
__uint(type, BPF_MAP_TYPE_SOCKMAP);
|
||||
__uint(max_entries, 1);
|
||||
__type(key, __u32);
|
||||
__type(value, __u64);
|
||||
} map SEC(".maps");
|
||||
|
||||
SEC("sockops")
|
||||
int bpf_sockmap(struct bpf_sock_ops *skops)
|
||||
{
|
||||
__u32 key = 0;
|
||||
|
||||
if (skops->sk)
|
||||
bpf_map_update_elem(&map, &key, skops->sk, 0);
|
||||
return 0;
|
||||
}
|
||||
|
||||
char _license[] SEC("license") = "GPL";
|
|
@ -0,0 +1,48 @@
|
|||
// SPDX-License-Identifier: GPL-2.0
|
||||
// Copyright (c) 2020 Cloudflare
|
||||
#include "vmlinux.h"
|
||||
#include <bpf/bpf_helpers.h>
|
||||
|
||||
struct {
|
||||
__uint(type, BPF_MAP_TYPE_SOCKMAP);
|
||||
__uint(max_entries, 1);
|
||||
__type(key, __u32);
|
||||
__type(value, __u64);
|
||||
} src SEC(".maps");
|
||||
|
||||
struct {
|
||||
__uint(type, BPF_MAP_TYPE_SOCKMAP);
|
||||
__uint(max_entries, 1);
|
||||
__type(key, __u32);
|
||||
__type(value, __u64);
|
||||
} dst_sock_map SEC(".maps");
|
||||
|
||||
struct {
|
||||
__uint(type, BPF_MAP_TYPE_SOCKHASH);
|
||||
__uint(max_entries, 1);
|
||||
__type(key, __u32);
|
||||
__type(value, __u64);
|
||||
} dst_sock_hash SEC(".maps");
|
||||
|
||||
SEC("classifier/copy_sock_map")
|
||||
int copy_sock_map(void *ctx)
|
||||
{
|
||||
struct bpf_sock *sk;
|
||||
bool failed = false;
|
||||
__u32 key = 0;
|
||||
|
||||
sk = bpf_map_lookup_elem(&src, &key);
|
||||
if (!sk)
|
||||
return SK_DROP;
|
||||
|
||||
if (bpf_map_update_elem(&dst_sock_map, &key, sk, 0))
|
||||
failed = true;
|
||||
|
||||
if (bpf_map_update_elem(&dst_sock_hash, &key, sk, 0))
|
||||
failed = true;
|
||||
|
||||
bpf_sk_release(sk);
|
||||
return failed ? SK_DROP : SK_PASS;
|
||||
}
|
||||
|
||||
char _license[] SEC("license") = "GPL";
|
Loading…
Reference in New Issue