- 21 Aug, 2024 2 commits
-
-
Andrii Nakryiko authored
There are potentially useful cases where a specific iterator type might need to be passed into some kfunc. So, in addition to existing bpf_iter_<type>_{new,next,destroy}() kfuncs, allow to pass iterator pointer to any kfunc. We employ "__iter" naming suffix for arguments that are meant to accept iterators. We also enforce that they accept PTR -> STRUCT btf_iter_<type> type chain and point to a valid initialized on-the-stack iterator state. Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Link: https://lore.kernel.org/r/20240808232230.2848712-3-andrii@kernel.orgSigned-off-by: Alexei Starovoitov <ast@kernel.org>
-
Andrii Nakryiko authored
Verifier enforces that all iterator structs are named `bpf_iter_<name>` and that whenever iterator is passed to a kfunc it's passed as a valid PTR -> STRUCT chain (with potentially const modifiers in between). We'll need this check for upcoming changes, so instead of duplicating the logic, extract it into a helper function. Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Acked-by: Eduard Zingerman <eddyz87@gmail.com> Link: https://lore.kernel.org/r/20240808232230.2848712-2-andrii@kernel.orgSigned-off-by: Alexei Starovoitov <ast@kernel.org>
-
- 19 Aug, 2024 6 commits
-
-
Andrii Nakryiko authored
Cupertino Miranda says: ==================== Correct recent GCC incompatible changes. Hi everyone, Apologies for the previous patches which did not include a cover letter. My wish was to send 3 indepepdent patches but after the initial mistake lets keep this as a series although they are all independent from themselves. The changes in this patch series is related to recovering GCC support to build the selftests. A few tests and a makefile change have broken the support for GCC in the last few months. Looking forward to your comments. Best regards, Cupertino ==================== Link: https://lore.kernel.org/r/20240819151129.1366484-1-cupertino.miranda@oracle.comSigned-off-by: Andrii Nakryiko <andrii@kernel.org>
-
Cupertino Miranda authored
GCC errors when compiling tailcall_bpf2bpf_hierarchy2.c and tailcall_bpf2bpf_hierarchy3.c with the following error: progs/tailcall_bpf2bpf_hierarchy2.c: In function 'tailcall_bpf2bpf_hierarchy_2': progs/tailcall_bpf2bpf_hierarchy2.c:66:9: error: input operand constraint contains '+' 66 | asm volatile (""::"r+"(ret)); | ^~~ Changed implementation to make use of __sink macro that abstracts the desired behaviour. The proposed change seems valid for both GCC and CLANG. Signed-off-by: Cupertino Miranda <cupertino.miranda@oracle.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Link: https://lore.kernel.org/bpf/20240819151129.1366484-4-cupertino.miranda@oracle.com
-
Cupertino Miranda authored
verfifier_nocsr.c fails to compile in GCC. The reason behind it was initially explained in commit 27a90b14. "A few BPF selftests perform type punning and they may break strict aliasing rules, which are exploited by both GCC and clang by default while optimizing. This can lead to broken compiled programs." Signed-off-by: Cupertino Miranda <cupertino.miranda@oracle.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Link: https://lore.kernel.org/bpf/20240819151129.1366484-2-cupertino.miranda@oracle.com
-
Andrii Nakryiko authored
Matteo Croce says: ==================== bpf: enable some functions in cgroup programs From: Matteo Croce <teknoraver@meta.com> Enable some BPF kfuncs and the helper bpf_current_task_under_cgroup() for program types BPF_CGROUP_*. These will be used by systemd-networkd: https://github.com/systemd/systemd/pull/32212 v5->v6: Called register_btf_kfunc_id_set() only once Fixed build error with !CONFIG_CGROUPS v4->v5: Same code, but v4 had an old cover letter v3->v4: Reset all the acked-by tags because the code changed a bit. Signed-off-by: Matteo Croce <teknoraver@meta.com> ==================== Link: https://lore.kernel.org/r/20240819162805.78235-1-technoboy85@gmail.comSigned-off-by: Andrii Nakryiko <andrii@kernel.org>
-
Matteo Croce authored
The helper bpf_current_task_under_cgroup() currently is only allowed for tracing programs, allow its usage also in the BPF_CGROUP_* program types. Move the code from kernel/trace/bpf_trace.c to kernel/bpf/helpers.c, so it compiles also without CONFIG_BPF_EVENTS. This will be used in systemd-networkd to monitor the sysctl writes, and filter it's own writes from others: https://github.com/systemd/systemd/pull/32212Signed-off-by: Matteo Croce <teknoraver@meta.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Link: https://lore.kernel.org/bpf/20240819162805.78235-3-technoboy85@gmail.com
-
Matteo Croce authored
These kfuncs are enabled even in BPF_PROG_TYPE_TRACING, so they should be safe also in BPF_CGROUP_* programs. Since all BPF_CGROUP_* programs share the same hook, call register_btf_kfunc_id_set() only once. In enum btf_kfunc_hook, rename BTF_KFUNC_HOOK_CGROUP_SKB to a more generic BTF_KFUNC_HOOK_CGROUP, since it's used for all the cgroup related program types. Signed-off-by: Matteo Croce <teknoraver@meta.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Link: https://lore.kernel.org/bpf/20240819162805.78235-2-technoboy85@gmail.com
-
- 15 Aug, 2024 15 commits
-
-
Jiangshan Yi authored
Currently, compiling the bpf programs will result the compilation errors with the cf-protection option as follows in arm64 and loongarch64 machine when using gcc 12.3.1 and clang 17.0.6. This commit fixes the compilation errors by limited the cf-protection option only used in x86 platform. [root@localhost linux]# make M=samples/bpf ...... CLANG-bpf samples/bpf/xdp2skb_meta_kern.o error: option 'cf-protection=return' cannot be specified on this target error: option 'cf-protection=branch' cannot be specified on this target 2 errors generated. CLANG-bpf samples/bpf/syscall_tp_kern.o error: option 'cf-protection=return' cannot be specified on this target error: option 'cf-protection=branch' cannot be specified on this target 2 errors generated. ...... Fixes: 34f6e38f ("samples/bpf: fix warning with ignored-attributes") Reported-by: Jiangshan Yi <yijiangshan@kylinos.cn> Signed-off-by: Jiangshan Yi <yijiangshan@kylinos.cn> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Tested-by: Qiang Wang <wangqiang1@kylinos.cn> Link: https://lore.kernel.org/bpf/20240815135524.140675-1-13667453960@163.com
-
Sam James authored
In `elf_close`, we get this with GCC 15 -O3 (at least): ``` In function ‘elf_close’, inlined from ‘elf_close’ at elf.c:53:6, inlined from ‘elf_find_func_offset_from_file’ at elf.c:384:2: elf.c:57:9: warning: ‘elf_fd.elf’ may be used uninitialized [-Wmaybe-uninitialized] 57 | elf_end(elf_fd->elf); | ^~~~~~~~~~~~~~~~~~~~ elf.c: In function ‘elf_find_func_offset_from_file’: elf.c:377:23: note: ‘elf_fd.elf’ was declared here 377 | struct elf_fd elf_fd; | ^~~~~~ In function ‘elf_close’, inlined from ‘elf_close’ at elf.c:53:6, inlined from ‘elf_find_func_offset_from_file’ at elf.c:384:2: elf.c:58:9: warning: ‘elf_fd.fd’ may be used uninitialized [-Wmaybe-uninitialized] 58 | close(elf_fd->fd); | ^~~~~~~~~~~~~~~~~ elf.c: In function ‘elf_find_func_offset_from_file’: elf.c:377:23: note: ‘elf_fd.fd’ was declared here 377 | struct elf_fd elf_fd; | ^~~~~~ ``` In reality, our use is fine, it's just that GCC doesn't model errno here (see linked GCC bug). Suppress -Wmaybe-uninitialized accordingly by initializing elf_fd.fd to -1 and elf_fd.elf to NULL. I've done this in two other functions as well given it could easily occur there too (same access/use pattern). Signed-off-by: Sam James <sam@gentoo.org> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Link: https://gcc.gnu.org/PR114952 Link: https://lore.kernel.org/bpf/14ec488a1cac02794c2fa2b83ae0cef1bce2cb36.1723578546.git.sam@gentoo.org
-
Jeongjun Park authored
__btf_name_valid() can be completely replaced with btf_name_valid_identifier, and since most of the time you already call btf_name_valid_identifier instead of __btf_name_valid , it would be appropriate to rename the __btf_name_valid function to btf_name_valid_identifier and remove __btf_name_valid. Signed-off-by: Jeongjun Park <aha310510@gmail.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Reviewed-by: Alan Maguire <alan.maguire@oracle.com> Link: https://lore.kernel.org/bpf/20240807143110.181497-1-aha310510@gmail.com
-
Martin KaFai Lau authored
Kui-Feng Lee says: ==================== Capture packets in the background for flaky test cases related to network features. We have some flaky test cases that are difficult to debug without knowing what the traffic looks like. Capturing packets, the CI log and packet files may help developers to fix these flaky test cases. This patch set monitors a few test cases. Recently, they have been showing flaky behavior. lo In IPv4 127.0.0.1:40265 > 127.0.0.1:55907: TCP, length 68, SYN lo In IPv4 127.0.0.1:55907 > 127.0.0.1:40265: TCP, length 60, SYN, ACK lo In IPv4 127.0.0.1:40265 > 127.0.0.1:55907: TCP, length 60, ACK lo In IPv4 127.0.0.1:55907 > 127.0.0.1:40265: TCP, length 52, ACK lo In IPv4 127.0.0.1:40265 > 127.0.0.1:55907: TCP, length 52, FIN, ACK lo In IPv4 127.0.0.1:55907 > 127.0.0.1:40265: TCP, length 52, RST, ACK Packet file: packets-2173-86-select_reuseport:sockhash_IPv4_TCP_LOOPBACK_test_detach_bpf-test.log #280/87 select_reuseport/sockhash IPv4/TCP LOOPBACK test_detach_bpf:OK The above block is the log of a test case. It shows every packet of a connection. The captured packets are stored in the file called packets-2173-86-select_reuseport:sockhash_IPv4_TCP_LOOPBACK_test_detach_bpf-test.log. We have a set of high-level helpers and a test_progs option to simplify the process of enabling the traffic monitor. netns_new() and netns_free() are helpers used to create and delete namespaces while also enabling the traffic monitor for the namespace based on the patterns provided by the "-m" option of test_progs. The value of the "-m" option is a list of patterns used to enable the traffic monitor for a group of tests or a file containing patterns. CI can utilize this option to enable monitoring. traffic_monitor_start() and traffic_monitor_stop() are low-level functions to start monitoring explicitly. You can have more controls, however high-level helpers are preferred. The following block is an example that monitors the network traffic of a test case in a network namespace. struct netns_obj *netns; ... netns = netns_new("test", true); if (!ASSERT_TRUE(netns, "netns_new")) goto err; ... test ... netns_free(netns); netns_new() will create a network namespace named "test" and bring up "lo" in the namespace. By passing "true" as the 2nd argument, it will set the network namespace of the current process to "test".netns_free() will destroy the namespace, and the process will leave the "test" namespace if the struct netns_obj returned by netns_new() is created with "true" as the 2nd argument. If the name of the test matches the patterns given by the "-m" option, the traffic monitor will be enabled for the "test" namespace as well. The packet files are located in the directory "/tmp/tmon_pcap/". The directory is intended to be compressed as a file so that developers can download it from the CI. This feature is enabled only if libpcap is available when building selftests. --- Changes from v7: - Remove ":" with "__" from the file names of traffic logs. ':' would cause an error of the upload-artifact action of github. - Move remove_netns() to avoid a forward declaration. Changes from v6: - Remove unnecessary memcpy for addresses. - Make packet messages similar to what tcpdump prints. - Check return value of inet_ntop(). - Remove duplicated errno in messages. - Print arphdr_type for not handled packets. - Set dev "lo" in make_netns(). - Avoid stacking netns by moving traffic_monitor_start() to earlier position. - Remove the word "packet" from packet messages. - Replace pipe with eventfd (wake_fd) to synchronize background threads. Changes from v5: - Remove "-m" completely if traffic monitor is not enabled. Changes from v4: - Use pkg-config to detect libpcap, and enable traffic monitor if there is libpcap. - Move traffic monitor functions back to network_helper.c, and pass extra parameters to traffic_monitor_start(). - Use flockfile() & funlockfile() to avoid log interleaving. - Show "In", "Out", "M" ... for captured packets. - Print a warning message if the user pass a "-m" when libpcap is not available. - Bring up dev lo in netns_new(). Changes from v3: - Rebase to the latest tip of bpf-next/for-next - Change verb back to C string. Changes from v2: - Include pcap header files conditionally. - Move the implementation of traffic monitor to test_progs.c. - Include test name and namespace as a part of names of packet files. - Parse and print ICMP(v4|v6) packets. - Add netns_new() and netns_free() to create and delete network namespaces. - Make tc_redirect, sockmap_listen and select_reuseport test in a network namespace. - Add the "-m" option to test_progs to enable traffic monitor for the tests matching the pattern. CI may use this option to enable monitoring for a given set of tests. Changes from v1: - Move to calling libpcap directly to capture packets in a background thread. - Print parsed packet information for TCP and UDP packets. v1: https://lore.kernel.org/all/20240713055552.2482367-5-thinker.li@gmail.com/ v2: https://lore.kernel.org/all/20240723182439.1434795-1-thinker.li@gmail.com/ v3: https://lore.kernel.org/all/20240730002745.1484204-1-thinker.li@gmail.com/ v4: https://lore.kernel.org/all/20240731193140.758210-1-thinker.li@gmail.com/ v5: https://lore.kernel.org/all/20240806221243.1806879-1-thinker.li@gmail.com/ v6: https://lore.kernel.org/all/20240807183149.764711-1-thinker.li@gmail.com/ v7: https://lore.kernel.org/all/20240810023534.2458227-2-thinker.li@gmail.com/ ==================== Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
-
Kui-Feng Lee authored
Enable traffic monitoring for the subtests of select_reuseport. Acked-by: Stanislav Fomichev <sdf@fomichev.me> Signed-off-by: Kui-Feng Lee <thinker.li@gmail.com> Link: https://lore.kernel.org/r/20240815053254.470944-7-thinker.li@gmail.comSigned-off-by: Martin KaFai Lau <martin.lau@kernel.org>
-
Kui-Feng Lee authored
Enable traffic monitor for each subtest of sockmap_listen. Acked-by: Stanislav Fomichev <sdf@fomichev.me> Signed-off-by: Kui-Feng Lee <thinker.li@gmail.com> Link: https://lore.kernel.org/r/20240815053254.470944-6-thinker.li@gmail.comSigned-off-by: Martin KaFai Lau <martin.lau@kernel.org>
-
Kui-Feng Lee authored
Enable traffic monitoring for the test case tc_redirect. Acked-by: Stanislav Fomichev <sdf@fomichev.me> Signed-off-by: Kui-Feng Lee <thinker.li@gmail.com> Link: https://lore.kernel.org/r/20240815053254.470944-5-thinker.li@gmail.comSigned-off-by: Martin KaFai Lau <martin.lau@kernel.org>
-
Kui-Feng Lee authored
netns_new()/netns_free() create/delete network namespaces. They support the option '-m' of test_progs to start/stop traffic monitor for the network namespace being created for matched tests. Acked-by: Stanislav Fomichev <sdf@fomichev.me> Signed-off-by: Kui-Feng Lee <thinker.li@gmail.com> Link: https://lore.kernel.org/r/20240815053254.470944-4-thinker.li@gmail.comSigned-off-by: Martin KaFai Lau <martin.lau@kernel.org>
-
Kui-Feng Lee authored
Add option '-m' to test_progs to accept names and patterns of test cases. This option will be used later to enable traffic monitor that capture network packets generated by test cases. Acked-by: Stanislav Fomichev <sdf@fomichev.me> Signed-off-by: Kui-Feng Lee <thinker.li@gmail.com> Link: https://lore.kernel.org/r/20240815053254.470944-3-thinker.li@gmail.comSigned-off-by: Martin KaFai Lau <martin.lau@kernel.org>
-
Kui-Feng Lee authored
Add functions that capture packets and print log in the background. They are supposed to be used for debugging flaky network test cases. A monitored test case should call traffic_monitor_start() to start a thread to capture packets in the background for a given namespace and call traffic_monitor_stop() to stop capturing. (Or, option '-m' implemented by the later patches.) lo In IPv4 127.0.0.1:40265 > 127.0.0.1:55907: TCP, length 68, SYN lo In IPv4 127.0.0.1:55907 > 127.0.0.1:40265: TCP, length 60, SYN, ACK lo In IPv4 127.0.0.1:40265 > 127.0.0.1:55907: TCP, length 60, ACK lo In IPv4 127.0.0.1:55907 > 127.0.0.1:40265: TCP, length 52, ACK lo In IPv4 127.0.0.1:40265 > 127.0.0.1:55907: TCP, length 52, FIN, ACK lo In IPv4 127.0.0.1:55907 > 127.0.0.1:40265: TCP, length 52, RST, ACK Packet file: packets-2173-86-select_reuseport:sockhash_IPv4_TCP_LOOPBACK_test_detach_bpf-test.log #280/87 select_reuseport/sockhash IPv4/TCP LOOPBACK test_detach_bpf:OK The above is the output of an example. It shows the packets of a connection and the name of the file that contains captured packets in the directory /tmp/tmon_pcap. The file can be loaded by tcpdump or wireshark. This feature only works if libpcap is available. (Could be found by pkg-config) Acked-by: Stanislav Fomichev <sdf@fomichev.me> Signed-off-by: Kui-Feng Lee <thinker.li@gmail.com> Link: https://lore.kernel.org/r/20240815053254.470944-2-thinker.li@gmail.comSigned-off-by: Martin KaFai Lau <martin.lau@kernel.org>
-
Martin KaFai Lau authored
Alexis Lothoré (eBPF Foundation) says: ==================== Hello, this series brings a new set of test converted to the test_progs framework. Since the tests are quite small, I chose to group three tests conversion in the same series, but feel free to let me know if I should keep one series per test. The series focuses on cgroup testing and converts the following tests: - get_cgroup_id_user - cgroup_storage - test_skb_cgroup_id_user Changes in v4: - Fix test after netns addition by making sure loopack interface is up - Link to v3: https://lore.kernel.org/r/20240812-convert_cgroup_tests-v3-0-47ac6ce4e88b@bootlin.com Changes in v3: - Fixed multiple leaks on cgroup file descriptors and sockets - Used dedicated network namespaces for tests involving network - Link to v2: https://lore.kernel.org/r/20240806-convert_cgroup_tests-v2-0-180c57e5b710@bootlin.com Changes in v2: - Use global variables instead of maps when possible - Collect review tags from Alan - Link to v1: https://lore.kernel.org/r/20240731-convert_cgroup_tests-v1-0-14cbc51b6947@bootlin.com ==================== Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
-
Alexis Lothoré (eBPF Foundation) authored
test_skb_cgroup_id_user allows testing skb cgroup id retrieval at different levels, but is not integrated in test_progs, so it is not run automatically in CI. The test overlaps a bit with cgroup_skb_sk_lookup_kern, which is integrated in test_progs and test extensively skb cgroup helpers, but there is still one major difference between the two tests which justifies the conversion: cgroup_skb_sk_lookup_kern deals with a BPF_PROG_TYPE_CGROUP_SKB (attached on a cgroup), while test_skb_cgroup_id_user deals with a BPF_PROG_TYPE_SCHED_CLS (attached on a qdisc) Convert test_skb_cgroup_id_user into test_progs framework in order to run it automatically in CI. The main differences with the original test are the following: - rename the test to make it shorter and more straightforward regarding tested feature - the wrapping shell script has been dropped since every setup step is now handled in the main C test file - the test has been renamed for a shorter name and reflecting the tested API - add dedicated assert log per level to ease test failure debugging - use global variables instead of maps to access bpf prog data Signed-off-by: Alexis Lothoré (eBPF Foundation) <alexis.lothore@bootlin.com> Link: https://lore.kernel.org/r/20240813-convert_cgroup_tests-v4-4-a33c03458cf6@bootlin.comSigned-off-by: Martin KaFai Lau <martin.lau@kernel.org>
-
Alexis Lothoré (eBPF Foundation) authored
test_skb_cgroup_id_kern.c is currently involved in a manual test. In its current form, it can not be used with the auto-generated skeleton APIs, because the section name is not valid to allow libbpf to deduce the program type. Update section name to allow skeleton APIs usage. Also rename the program name to make it shorter and more straighforward regarding the API it is testing. While doing so, make sure that test_skb_cgroup_id.sh passes to get a working reference before converting it to test_progs - update the obj name - fix loading issue (verifier rejecting the program when loaded through tc, because of map not found), by preloading the whole obj with bpftool Reviewed-by: Alan Maguire <alan.maguire@oracle.com> Signed-off-by: Alexis Lothoré (eBPF Foundation) <alexis.lothore@bootlin.com> Link: https://lore.kernel.org/r/20240813-convert_cgroup_tests-v4-3-a33c03458cf6@bootlin.comSigned-off-by: Martin KaFai Lau <martin.lau@kernel.org>
-
Alexis Lothoré (eBPF Foundation) authored
test_cgroup_storage is currently a standalone program which is not run when executing test_progs. Convert it to the test_progs framework so it can be automatically executed in CI. The conversion led to the following changes: - converted the raw bpf program in the userspace test file into a dedicated test program in progs/ dir - reduced the scope of cgroup_storage test: the content from this test overlaps with some other tests already present in test_progs, most notably netcnt and cgroup_storage_multi*. Those tests already check extensively local storage, per-cpu local storage, cgroups interaction, etc. So the new test only keep the part testing that the program return code (based on map content) properly leads to packet being passed or dropped. Reviewed-by: Alan Maguire <alan.maguire@oracle.com> Signed-off-by: Alexis Lothoré (eBPF Foundation) <alexis.lothore@bootlin.com> Link: https://lore.kernel.org/r/20240813-convert_cgroup_tests-v4-2-a33c03458cf6@bootlin.comSigned-off-by: Martin KaFai Lau <martin.lau@kernel.org>
-
Alexis Lothoré (eBPF Foundation) authored
get_current_cgroup_id_user allows testing for bpf_get_current_cgroup_id() bpf API but is not integrated into test_progs, and so is not tested automatically in CI. Convert it to the test_progs framework to allow running it automatically. The most notable differences with the old test are the following: - the new test relies on autoattach instead of manually hooking/enabling the targeted tracepoint through perf_event, which reduces quite a lot the test code size - it also accesses bpf prog data through global variables instead of maps - sleep duration passed to nanosleep syscall has been reduced to its minimum to not impact overall CI duration (we only care about the syscall being properly triggered, not about the passed duration) Signed-off-by: Alexis Lothoré (eBPF Foundation) <alexis.lothore@bootlin.com> Link: https://lore.kernel.org/r/20240813-convert_cgroup_tests-v4-1-a33c03458cf6@bootlin.comSigned-off-by: Martin KaFai Lau <martin.lau@kernel.org>
-
- 12 Aug, 2024 1 commit
-
-
Alan Maguire authored
License should be // SPDX-License-Identifier: (LGPL-2.1 OR BSD-2-Clause) ...as with other libbpf files. Fixes: 19e00c89 ("libbpf: Split BTF relocation") Reported-by: Neill Kapron <nkapron@google.com> Signed-off-by: Alan Maguire <alan.maguire@oracle.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Acked-by: Yonghong Song <yonghong.song@linux.dev> Link: https://lore.kernel.org/bpf/20240810093504.2111134-1-alan.maguire@oracle.com
-
- 07 Aug, 2024 4 commits
-
-
Alexei Starovoitov authored
Song Liu says: ==================== Add bpf_get_dentry_xattr Add a kfunc to read xattr from dentry. Also add selftest for the new kfunc. Changes v3 => v4: 1. Fix selftest build. V3: https://lore.kernel.org/bpf/20240806203340.3503805-1-song@kernel.org/T/#u Changes v2 => v3: 1. Move the kfuncs to fs/bpf_fs_kfuncs.c. 2. Fix selftests build error on s390. (Alexei) v2: https://lore.kernel.org/bpf/20240730230805.42205-1-song@kernel.org/T/#u Changes v1 => v2: 1. Remove 3 kfuncs that are ready yet. v1: https://lore.kernel.org/linux-fsdevel/20240725234706.655613-1-song@kernel.org/T/#u ==================== Link: https://lore.kernel.org/r/20240806230904.71194-1-song@kernel.orgSigned-off-by: Alexei Starovoitov <ast@kernel.org>
-
Song Liu authored
Add test for bpf_get_dentry_xattr on hook security_inode_getxattr. Verify that the kfunc can read the xattr. Also test failing getxattr from user space by returning non-zero from the LSM bpf program. Acked-by: Christian Brauner <brauner@kernel.org> Signed-off-by: Song Liu <song@kernel.org> Link: https://lore.kernel.org/r/20240806230904.71194-4-song@kernel.orgSigned-off-by: Alexei Starovoitov <ast@kernel.org>
-
Song Liu authored
This kfunc can be used in LSM hooks with dentry, such as: security_inode_listxattr security_inode_permission and many more. Acked-by: Christian Brauner <brauner@kernel.org> Signed-off-by: Song Liu <song@kernel.org> Link: https://lore.kernel.org/r/20240806230904.71194-3-song@kernel.orgSigned-off-by: Alexei Starovoitov <ast@kernel.org>
-
Song Liu authored
We are putting all fs kfuncs in fs/bpf_fs_kfuncs.c. Move existing bpf_get_file_xattr to it. Signed-off-by: Song Liu <song@kernel.org> Link: https://lore.kernel.org/r/20240806230904.71194-2-song@kernel.orgSigned-off-by: Alexei Starovoitov <ast@kernel.org>
-
- 06 Aug, 2024 4 commits
-
-
Alexei Starovoitov authored
Matt Bobrowski says: ==================== bpf: introduce new VFS based BPF kfuncs G'day! A respin based off v3, which can be found here [0]. Original motivations for introducing this suite of BPF kfuncs can be found here [1]. The primary difference in this version of the patch series is that the suite of VFS related BPF kfuncs added can be used from both sleepable and non-sleepable BPF LSM program types. IOW, the KF_SLEEPABLE annotation has been removed from all of them. Changes sinve v3: * KF_SLEEPABLE annotation has been dropped from all newly introduced VFS related BPF kfuncs. This includes bpf_get_task_exe_file(), bpf_put_file(), and bpf_path_d_path(). Both negative and positive selftests backing these new BPF kfuncs have also been updated accordingly. * buf__sz conditional in bpf_path_d_path() has been updated from buf__sz <= 0, to !buf__sz. * Syntax issues as reported so here [2] have been corrected. [0] https://lore.kernel.org/bpf/20240726085604.2369469-1-mattbobrowski@google.com/ [1] https://lore.kernel.org/bpf/cover.1708377880.git.mattbobrowski@google.com/#t [2] https://netdev.bots.linux.dev/static/nipa/874023/13742510/checkpatch/stdout ==================== Link: https://lore.kernel.org/r/20240731110833.1834742-1-mattbobrowski@google.comSigned-off-by: Alexei Starovoitov <ast@kernel.org>
-
Matt Bobrowski authored
Add a bunch of positive selftests which extensively cover the various contexts and parameters in which the new VFS based BPF kfuncs may be used from. Again, the following VFS based BPF kfuncs are thoroughly tested within this new selftest: * struct file *bpf_get_task_exe_file(struct task_struct *); * void bpf_put_file(struct file *); * int bpf_path_d_path(struct path *, char *, size_t); Acked-by: Christian Brauner <brauner@kernel.org> Acked-by: Song Liu <song@kernel.org> Signed-off-by: Matt Bobrowski <mattbobrowski@google.com> Link: https://lore.kernel.org/r/20240731110833.1834742-4-mattbobrowski@google.comSigned-off-by: Alexei Starovoitov <ast@kernel.org>
-
Matt Bobrowski authored
Add a bunch of negative selftests responsible for asserting that the BPF verifier successfully rejects a BPF program load when the underlying BPF program misuses one of the newly introduced VFS based BPF kfuncs. The following VFS based BPF kfuncs are extensively tested within this new selftest: * struct file *bpf_get_task_exe_file(struct task_struct *); * void bpf_put_file(struct file *); * int bpf_path_d_path(struct path *, char *, size_t); Acked-by: Christian Brauner <brauner@kernel.org> Acked-by: Song Liu <song@kernel.org> Signed-off-by: Matt Bobrowski <mattbobrowski@google.com> Link: https://lore.kernel.org/r/20240731110833.1834742-3-mattbobrowski@google.comSigned-off-by: Alexei Starovoitov <ast@kernel.org>
-
Matt Bobrowski authored
Add a new variant of bpf_d_path() named bpf_path_d_path() which takes the form of a BPF kfunc and enforces KF_TRUSTED_ARGS semantics onto its arguments. This new d_path() based BPF kfunc variant is intended to address the legacy bpf_d_path() BPF helper's susceptability to memory corruption issues [0, 1, 2] by ensuring to only operate on supplied arguments which are deemed trusted by the BPF verifier. Typically, this means that only pointers to a struct path which have been referenced counted may be supplied. In addition to the new bpf_path_d_path() BPF kfunc, we also add a KF_ACQUIRE based BPF kfunc bpf_get_task_exe_file() and KF_RELEASE counterpart BPF kfunc bpf_put_file(). This is so that the new bpf_path_d_path() BPF kfunc can be used more flexibily from within the context of a BPF LSM program. It's rather common to ascertain the backing executable file for the calling process by performing the following walk current->mm->exe_file while instrumenting a given operation from the context of the BPF LSM program. However, walking current->mm->exe_file directly is never deemed to be OK, and doing so from both inside and outside of BPF LSM program context should be considered as a bug. Using bpf_get_task_exe_file() and in turn bpf_put_file() will allow BPF LSM programs to reliably get and put references to current->mm->exe_file. As of now, all the newly introduced BPF kfuncs within this patch are limited to BPF LSM program types. These can be either sleepable or non-sleepable variants of BPF LSM program types. [0] https://lore.kernel.org/bpf/CAG48ez0ppjcT=QxU-jtCUfb5xQb3mLr=5FcwddF_VKfEBPs_Dg@mail.gmail.com/ [1] https://lore.kernel.org/bpf/20230606181714.532998-1-jolsa@kernel.org/ [2] https://lore.kernel.org/bpf/20220219113744.1852259-1-memxor@gmail.com/Acked-by: Christian Brauner <brauner@kernel.org> Signed-off-by: Matt Bobrowski <mattbobrowski@google.com> Acked-by: Song Liu <song@kernel.org> Link: https://lore.kernel.org/r/20240731110833.1834742-2-mattbobrowski@google.comSigned-off-by: Alexei Starovoitov <ast@kernel.org>
-
- 02 Aug, 2024 1 commit
-
-
Yonghong Song authored
Jakub reported bpf selftest "btf_dump" failure after forwarding to v6.11-rc1 with netdev. Error: #33 btf_dump Error: #33/15 btf_dump/btf_dump: var_data btf_dump_data:FAIL:find type id unexpected find type id: actual -2 < expected 0 The reason for the failure is due to commit 94ede2a3 ("profiling: remove stale percpu flip buffer variables") where percpu static variable "cpu_profile_flip" is removed. Let us replace "cpu_profile_flip" with a variable in bpf subsystem so whenever that variable gets deleted or renamed, we can detect the failure immediately. In this case, I picked a static percpu variable "bpf_cgrp_storage_busy" which is defined in kernel/bpf/bpf_cgrp_storage.c. Reported-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: Yonghong Song <yonghong.song@linux.dev> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Link: https://lore.kernel.org/bpf/20240802185434.1749056-1-yonghong.song@linux.dev
-
- 31 Jul, 2024 5 commits
-
-
Martin KaFai Lau authored
Alexis Lothoré (eBPF Foundation) says: ==================== Hello, this small series aims to integrate test_dev_cgroup in test_progs so it could be run automatically in CI. The new version brings a few differences with the current one: - test now uses directly syscalls instead of wrapping commandline tools into system() calls - test_progs manipulates /dev/null (eg: redirecting test logs into it), so disabling access to it in the bpf program confuses the tests. To fix this, the first commit modifies the bpf program to allow access to char devices 1:3 (/dev/null), and disable access to char devices 1:5 (/dev/zero) - once test is converted, add a small subtest to also check for device type interpretation (char or block) - paths used in mknod tests are now in /dev instead of /tmp: due to the CI runner organisation and mountpoints manipulations, trying to create nodes in /tmp leads to errors unrelated to the test (ie, mknod calls refused by kernel, not the bpf program). I don't understand exactly the root cause at the deepest point (all I see in CI is an -ENXIO error on mknod when trying to create the node in tmp, and I can not make sense out of it neither replicate it locally), so I would gladly take inputs from anyone more educated than me about this. The new test_progs part has been tested in a local qemu environment as well as in upstream CI: ./test_progs -a cgroup_dev 47/1 cgroup_dev/allow-mknod:OK 47/2 cgroup_dev/allow-read:OK 47/3 cgroup_dev/allow-write:OK 47/4 cgroup_dev/deny-mknod:OK 47/5 cgroup_dev/deny-read:OK 47/6 cgroup_dev/deny-write:OK 47/7 cgroup_dev/deny-mknod-wrong-type:OK 47 cgroup_dev:OK Summary: 1/7 PASSED, 0 SKIPPED, 0 FAILED --- Changes in v4: - Fix mixup between ret and errno by testing both - Properly apply ack tag from Stanislas - Link to v3: https://lore.kernel.org/r/20240730-convert_dev_cgroup-v3-0-93e573b74357@bootlin.com Changes in v3: - delete mknod file only if it has been created - use bpf_program__attach_cgroup() instead of bpf_prog_attach - reorganize subtests order - collect review/ack tags from Alan and Stanislas - Link to v2: https://lore.kernel.org/r/20240729-convert_dev_cgroup-v2-0-4c1fc0520545@bootlin.com Changes in v2: - directly pass expected ret code to subtests instead of boolean pass/not pass - fix faulty fd check in subtest expected to fail on open - fix wrong subtest name - pass test buffer and corresponding size to read/write subtests - use correct series prefix - Link to v1: https://lore.kernel.org/r/20240725-convert_dev_cgroup-v1-0-2c8cbd487c44@bootlin.com ==================== Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
-
Alexis Lothoré (eBPF Foundation) authored
Current cgroup_dev test mostly tests that device operation is accepted or refused base on passed major/minor (and so, any operation performed during test involves only char device) Add a small subtest ensuring that the device type passed to bpf program allows it to take decisions as well. Reviewed-by: Alan Maguire <alan.maguire@oracle.com> Acked-by: Stanislav Fomichev <sdf@fomichev.me> Signed-off-by: Alexis Lothoré (eBPF Foundation) <alexis.lothore@bootlin.com> Link: https://lore.kernel.org/r/20240731-convert_dev_cgroup-v4-3-849425d90de6@bootlin.comSigned-off-by: Martin KaFai Lau <martin.lau@kernel.org>
-
Alexis Lothoré (eBPF Foundation) authored
test_dev_cgroup is defined as a standalone test program, and so is not executed in CI. Convert it to test_progs framework so it is tested automatically in CI, and remove the old test. In order to be able to run it in test_progs, /dev/null must remain usable, so change the new test to test operations on devices 1:3 as valid, and operations on devices 1:5 (/dev/zero) as invalid. Reviewed-by: Alan Maguire <alan.maguire@oracle.com> Acked-by: Stanislav Fomichev <sdf@fomichev.me> Signed-off-by: Alexis Lothoré (eBPF Foundation) <alexis.lothore@bootlin.com> Link: https://lore.kernel.org/r/20240731-convert_dev_cgroup-v4-2-849425d90de6@bootlin.comSigned-off-by: Martin KaFai Lau <martin.lau@kernel.org>
-
Alexis Lothoré (eBPF Foundation) authored
test_dev_cgroup currently loads a small bpf program allowing any access on urandom and zero devices, disabling access to any other device. It makes migrating this test to test_progs impossible, since this one manipulates extensively /dev/null. Allow /dev/null manipulation in dev_cgroup program to make its usage in test_progs framework possible. Update test_dev_cgroup.c as well to match this change while it has not been removed. Reviewed-by: Alan Maguire <alan.maguire@oracle.com> Acked-by: Stanislav Fomichev <sdf@fomichev.me> Signed-off-by: Alexis Lothoré (eBPF Foundation) <alexis.lothore@bootlin.com> Link: https://lore.kernel.org/r/20240731-convert_dev_cgroup-v4-1-849425d90de6@bootlin.comSigned-off-by: Martin KaFai Lau <martin.lau@kernel.org>
-
Andrii Nakryiko authored
When building selftests with RELEASE=1 using GCC compiler, it complaints about uninitialized err. Fix the problem. Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Link: https://lore.kernel.org/r/20240730231805.1933923-1-andrii@kernel.orgSigned-off-by: Martin KaFai Lau <martin.lau@kernel.org>
-
- 30 Jul, 2024 2 commits
-
-
Stanislav Fomichev authored
We recently found out that extending xsk_umem_reg might be a bit complicated due to not enforcing padding to be zero [0]. Add a couple of things to make it less error-prone: 1. Remove xdp_umem_reg_v2 since its sizeof is the same as xdp_umem_reg 2. Add BUILD_BUG_ON that checks that the size of xdp_umem_reg_v1 is less than xdp_umem_reg; presumably, when we get to v2, there is gonna be a similar line to enforce that sizeof(v2) > sizeof(v1) 3. Add BUILD_BUG_ON to make sure the last field plus its size matches the overall struct size. The intent is to demonstrate that we don't have any lingering padding. 0: https://lore.kernel.org/bpf/ZqI29QE+5JnkdPmE@boxer/T/#me03113f7c2458fd08f3c4114a7a9472ac3646c98Reported-by: Julian Schindel <mail@arctic-alpaca.de> Cc: Magnus Karlsson <magnus.karlsson@gmail.com> Reviewed-by: Maciej Fijalkowski <maciej.fijalkowski@intel.com> Signed-off-by: Stanislav Fomichev <sdf@fomichev.me> Link: https://lore.kernel.org/r/20240726222048.1397869-1-sdf@fomichev.meSigned-off-by: Martin KaFai Lau <martin.lau@kernel.org>
-
Menglong Dong authored
After the commit 66665ad2 ("tracing/kprobe: bpf: Compare instruction pointer with original one"), "bpf_kprobe_override" is not used anywhere anymore, and we can remove it now. Fixes: 66665ad2 ("tracing/kprobe: bpf: Compare instruction pointer with original one") Signed-off-by: Menglong Dong <dongml2@chinatelecom.cn> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Link: https://lore.kernel.org/bpf/20240730053733.885785-1-dongml2@chinatelecom.cn
-