| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Sleepable BPF programs can now use copy_from_user() to access user memory.
Signed-off-by: Alexei Starovoitov <[email protected]>
Signed-off-by: Daniel Borkmann <[email protected]>
Acked-by: Andrii Nakryiko <[email protected]>
Acked-by: KP Singh <[email protected]>
Link: https://lore.kernel.org/bpf/[email protected]
|
|
Introduce sleepable BPF programs that can request such property for themselves
via BPF_F_SLEEPABLE flag at program load time. In such case they will be able
to use helpers like bpf_copy_from_user() that might sleep. At present only
fentry/fexit/fmod_ret and lsm programs can request to be sleepable and only
when they are attached to kernel functions that are known to allow sleeping.
The non-sleepable programs are relying on implicit rcu_read_lock() and
migrate_disable() to protect life time of programs, maps that they use and
per-cpu kernel structures used to pass info between bpf programs and the
kernel. The sleepable programs cannot be enclosed into rcu_read_lock().
migrate_disable() maps to preempt_disable() in non-RT kernels, so the progs
should not be enclosed in migrate_disable() as well. Therefore
rcu_read_lock_trace is used to protect the life time of sleepable progs.
There are many networking and tracing program types. In many cases the
'struct bpf_prog *' pointer itself is rcu protected within some other kernel
data structure and the kernel code is using rcu_dereference() to load that
program pointer and call BPF_PROG_RUN() on it. All these cases are not touched.
Instead sleepable bpf programs are allowed with bpf trampoline only. The
program pointers are hard-coded into generated assembly of bpf trampoline and
synchronize_rcu_tasks_trace() is used to protect the life time of the program.
The same trampoline can hold both sleepable and non-sleepable progs.
When rcu_read_lock_trace is held it means that some sleepable bpf program is
running from bpf trampoline. Those programs can use bpf arrays and preallocated
hash/lru maps. These map types are waiting on programs to complete via
synchronize_rcu_tasks_trace();
Updates to trampoline now has to do synchronize_rcu_tasks_trace() and
synchronize_rcu_tasks() to wait for sleepable progs to finish and for
trampoline assembly to finish.
This is the first step of introducing sleepable progs. Eventually dynamically
allocated hash maps can be allowed and networking program types can become
sleepable too.
Signed-off-by: Alexei Starovoitov <[email protected]>
Signed-off-by: Daniel Borkmann <[email protected]>
Reviewed-by: Josef Bacik <[email protected]>
Acked-by: Andrii Nakryiko <[email protected]>
Acked-by: KP Singh <[email protected]>
Link: https://lore.kernel.org/bpf/[email protected]
|
|
Avoid bad command arguments.
Based on tools/power/cpupower/bench/cpufreq-bench_plot.sh
Signed-off-by: Fabian Frederick <[email protected]>
Signed-off-by: Pablo Neira Ayuso <[email protected]>
|
|
Fix some shellcheck SC2181 warnings:
"Check exit code directly with e.g. 'if mycmd;', not indirectly with
$?." as suggested by Stefano Brivio.
Signed-off-by: Fabian Frederick <[email protected]>
Signed-off-by: Pablo Neira Ayuso <[email protected]>
|
|
'who' variable was not used in make_file()
Problem found using Shellcheck
Signed-off-by: Fabian Frederick <[email protected]>
Signed-off-by: Pablo Neira Ayuso <[email protected]>
|
|
exit script with comments when parameters are wrong during address
addition. No need for a message when trying to change MTU with lower
values: output is self-explanatory.
Use short testing sequence to avoid shellcheck warnings
(suggested by Stefano Brivio).
Signed-off-by: Fabian Frederick <[email protected]>
Signed-off-by: Pablo Neira Ayuso <[email protected]>
|
|
nft_flowtable.sh is made for bash not sh.
Also give values which not return "RTNETLINK answers: Invalid argument"
Signed-off-by: Fabian Frederick <[email protected]>
Signed-off-by: Pablo Neira Ayuso <[email protected]>
|
|
This patch tests the inner map size can be different
for reuseport_sockarray but has to be the same for
arraymap. A new subtest "diff_size" is added for this.
The existing test is moved to a subtest "lookup_update".
Signed-off-by: Martin KaFai Lau <[email protected]>
Signed-off-by: Daniel Borkmann <[email protected]>
Link: https://lore.kernel.org/bpf/[email protected]
|
|
bpf_link_info.iter is used by link_query to return bpf_iter_link_info
to user space. Fields may be different, e.g., map_fd vs. map_id, so
we cannot reuse the exact structure. But make them similar, e.g.,
struct bpf_link_info {
/* common fields */
union {
struct { ... } raw_tracepoint;
struct { ... } tracing;
...
struct {
/* common fields for iter */
union {
struct {
__u32 map_id;
} map;
/* other structs for other targets */
};
};
};
};
so the structure is extensible the same way as bpf_iter_link_info.
Fixes: 6b0a249a301e ("bpf: Implement link_query for bpf iterators")
Signed-off-by: Yonghong Song <[email protected]>
Signed-off-by: Daniel Borkmann <[email protected]>
Acked-by: Andrii Nakryiko <[email protected]>
Link: https://lore.kernel.org/bpf/[email protected]
|
|
The system for "Auto-detecting system features" located under
tools/build/ are (currently) used by perf, libbpf and bpftool. It can
contain stalled feature detection files, which are not cleaned up by
libbpf and bpftool on make clean (side-note: perf tool is correct).
Fix this by making the users invoke the make clean target.
Some details about the changes. The libbpf Makefile already had a
clean-config target (which seems to be copy-pasted from perf), but this
target was not "connected" (a make dependency) to clean target. Choose
not to rename target as someone might be using it. Did change the output
from "CLEAN config" to "CLEAN feature-detect", to make it more clear
what happens.
This is related to the complaint and troubleshooting in the following
link: https://lore.kernel.org/lkml/20200818122007.2d1cfe2d@carbon/
Signed-off-by: Jesper Dangaard Brouer <[email protected]>
Signed-off-by: Daniel Borkmann <[email protected]>
Acked-by: Jiri Olsa <[email protected]>
Link: https://lore.kernel.org/lkml/20200818122007.2d1cfe2d@carbon/
Link: https://lore.kernel.org/bpf/159851841661.1072907.13770213104521805592.stgit@firesoul
|
|
When stdout output from the selftests tool 'test_maps' gets redirected
into e.g file or pipe, then the output lines increase a lot (from 21
to 33949 lines). This is caused by the printf that happens before the
fork() call, and there are user-space buffered printf data that seems
to be duplicated into the forked process.
To fix this fflush() stdout before the fork loop in __run_parallel().
Fixes: 1a97cf1fe503 ("selftests/bpf: speedup test_maps")
Signed-off-by: Jesper Dangaard Brouer <[email protected]>
Signed-off-by: Daniel Borkmann <[email protected]>
Link: https://lore.kernel.org/bpf/159842985651.1050885.2154399297503372406.stgit@firesoul
|
|
Add tests for the new 'nosymfollow' mount option. We test to make sure
that symlink traversal fails with ELOOP when 'nosymfollow' is set, but
that readlink(2) and realpath(3) still work as expected. We also verify
that statfs(2) correctly returns ST_NOSYMFOLLOW when we are mounted with
the 'nosymfollow' option.
Signed-off-by: Ross Zwisler <[email protected]>
Signed-off-by: Al Viro <[email protected]>
|
|
check_result() uses "comm" to check expected results of selftests output
in dmesg. Everything works fine if timestamps in dmesg are unique. If
not, like in this example
[ 86.844422] test_klp_callbacks_demo: pre_unpatch_callback: test_klp_callbacks_mod -> [MODULE_STATE_LIVE] Normal state
[ 86.844422] livepatch: 'test_klp_callbacks_demo': starting unpatching transition
, "comm" fails with "comm: file 2 is not in sorted order". Suppress the
order checking with --nocheck-order option.
Fixes: 2f3f651f3756 ("selftests/livepatch: Use "comm" instead of "diff" for dmesg")
Signed-off-by: Miroslav Benes <[email protected]>
Acked-by: Joe Lawrence <[email protected]>
Signed-off-by: Jiri Kosina <[email protected]>
|
|
Fix compilation warnings due to __u64 defined differently as `unsigned long`
or `unsigned long long` on different architectures (e.g., ppc64le differs from
x86-64). Also cast one argument to size_t to fix printf warning of similar
nature.
Fixes: eacaaed784e2 ("libbpf: Implement enum value-based CO-RE relocations")
Fixes: 50e09460d9f8 ("libbpf: Skip well-known ELF sections when iterating ELF")
Reported-by: Naresh Kamboju <[email protected]>
Signed-off-by: Andrii Nakryiko <[email protected]>
Signed-off-by: Alexei Starovoitov <[email protected]>
Link: https://lore.kernel.org/bpf/[email protected]
|
|
Added some test_verifier bounds check test cases for
xor operations.
$ ./test_verifier
...
#78/u bounds check for reg = 0, reg xor 1 OK
#78/p bounds check for reg = 0, reg xor 1 OK
#79/u bounds check for reg32 = 0, reg32 xor 1 OK
#79/p bounds check for reg32 = 0, reg32 xor 1 OK
#80/u bounds check for reg = 2, reg xor 3 OK
#80/p bounds check for reg = 2, reg xor 3 OK
#81/u bounds check for reg = any, reg xor 3 OK
#81/p bounds check for reg = any, reg xor 3 OK
#82/u bounds check for reg32 = any, reg32 xor 3 OK
#82/p bounds check for reg32 = any, reg32 xor 3 OK
#83/u bounds check for reg > 0, reg xor 3 OK
#83/p bounds check for reg > 0, reg xor 3 OK
#84/u bounds check for reg32 > 0, reg32 xor 3 OK
#84/p bounds check for reg32 > 0, reg32 xor 3 OK
...
Signed-off-by: Yonghong Song <[email protected]>
Signed-off-by: Alexei Starovoitov <[email protected]>
Cc: John Fastabend <[email protected]>
Link: https://lore.kernel.org/bpf/[email protected]
|
|
nexthops
Test that an IPv6 route can not use a nexthop group with mixed IPv4 and
IPv6 nexthops, but can use it after replacing the IPv4 nexthops with
IPv6 nexthops.
Output without previous patch:
# ./fib_nexthops.sh -t ipv6_fcnal_runtime
IPv6 functional runtime
-----------------------
TEST: Route add [ OK ]
TEST: Route delete [ OK ]
TEST: Ping with nexthop [ OK ]
TEST: Ping - multipath [ OK ]
TEST: Ping - blackhole [ OK ]
TEST: Ping - blackhole replaced with gateway [ OK ]
TEST: Ping - gateway replaced by blackhole [ OK ]
TEST: Ping - group with blackhole [ OK ]
TEST: Ping - group blackhole replaced with gateways [ OK ]
TEST: IPv6 route with device only nexthop [ OK ]
TEST: IPv6 multipath route with nexthop mix - dev only + gw [ OK ]
TEST: IPv6 route can not have a v4 gateway [ OK ]
TEST: Nexthop replace - v6 route, v4 nexthop [ OK ]
TEST: Nexthop replace of group entry - v6 route, v4 nexthop [ OK ]
TEST: IPv6 route can not have a group with v4 and v6 gateways [ OK ]
TEST: IPv6 route can not have a group with v4 and v6 gateways [ OK ]
TEST: IPv6 route using a group after removing v4 gateways [ OK ]
TEST: IPv6 route can not have a group with v4 and v6 gateways [ OK ]
TEST: IPv6 route can not have a group with v4 and v6 gateways [ OK ]
TEST: IPv6 route using a group after replacing v4 gateways [FAIL]
TEST: Nexthop with default route and rpfilter [ OK ]
TEST: Nexthop with multipath default route and rpfilter [ OK ]
Tests passed: 21
Tests failed: 1
Output with previous patch:
# ./fib_nexthops.sh -t ipv6_fcnal_runtime
IPv6 functional runtime
-----------------------
TEST: Route add [ OK ]
TEST: Route delete [ OK ]
TEST: Ping with nexthop [ OK ]
TEST: Ping - multipath [ OK ]
TEST: Ping - blackhole [ OK ]
TEST: Ping - blackhole replaced with gateway [ OK ]
TEST: Ping - gateway replaced by blackhole [ OK ]
TEST: Ping - group with blackhole [ OK ]
TEST: Ping - group blackhole replaced with gateways [ OK ]
TEST: IPv6 route with device only nexthop [ OK ]
TEST: IPv6 multipath route with nexthop mix - dev only + gw [ OK ]
TEST: IPv6 route can not have a v4 gateway [ OK ]
TEST: Nexthop replace - v6 route, v4 nexthop [ OK ]
TEST: Nexthop replace of group entry - v6 route, v4 nexthop [ OK ]
TEST: IPv6 route can not have a group with v4 and v6 gateways [ OK ]
TEST: IPv6 route can not have a group with v4 and v6 gateways [ OK ]
TEST: IPv6 route using a group after removing v4 gateways [ OK ]
TEST: IPv6 route can not have a group with v4 and v6 gateways [ OK ]
TEST: IPv6 route can not have a group with v4 and v6 gateways [ OK ]
TEST: IPv6 route using a group after replacing v4 gateways [ OK ]
TEST: Nexthop with default route and rpfilter [ OK ]
TEST: Nexthop with multipath default route and rpfilter [ OK ]
Tests passed: 22
Tests failed: 0
Signed-off-by: Ido Schimmel <[email protected]>
Reviewed-by: David Ahern <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Test that an IPv6 route can not use a nexthop group with mixed IPv4 and
IPv6 nexthops, but can use it after deleting the IPv4 nexthops.
Output without previous patch:
# ./fib_nexthops.sh -t ipv6_fcnal_runtime
IPv6 functional runtime
-----------------------
TEST: Route add [ OK ]
TEST: Route delete [ OK ]
TEST: Ping with nexthop [ OK ]
TEST: Ping - multipath [ OK ]
TEST: Ping - blackhole [ OK ]
TEST: Ping - blackhole replaced with gateway [ OK ]
TEST: Ping - gateway replaced by blackhole [ OK ]
TEST: Ping - group with blackhole [ OK ]
TEST: Ping - group blackhole replaced with gateways [ OK ]
TEST: IPv6 route with device only nexthop [ OK ]
TEST: IPv6 multipath route with nexthop mix - dev only + gw [ OK ]
TEST: IPv6 route can not have a v4 gateway [ OK ]
TEST: Nexthop replace - v6 route, v4 nexthop [ OK ]
TEST: Nexthop replace of group entry - v6 route, v4 nexthop [ OK ]
TEST: IPv6 route can not have a group with v4 and v6 gateways [ OK ]
TEST: IPv6 route can not have a group with v4 and v6 gateways [ OK ]
TEST: IPv6 route using a group after deleting v4 gateways [FAIL]
TEST: Nexthop with default route and rpfilter [ OK ]
TEST: Nexthop with multipath default route and rpfilter [ OK ]
Tests passed: 18
Tests failed: 1
Output with previous patch:
bash-5.0# ./fib_nexthops.sh -t ipv6_fcnal_runtime
IPv6 functional runtime
-----------------------
TEST: Route add [ OK ]
TEST: Route delete [ OK ]
TEST: Ping with nexthop [ OK ]
TEST: Ping - multipath [ OK ]
TEST: Ping - blackhole [ OK ]
TEST: Ping - blackhole replaced with gateway [ OK ]
TEST: Ping - gateway replaced by blackhole [ OK ]
TEST: Ping - group with blackhole [ OK ]
TEST: Ping - group blackhole replaced with gateways [ OK ]
TEST: IPv6 route with device only nexthop [ OK ]
TEST: IPv6 multipath route with nexthop mix - dev only + gw [ OK ]
TEST: IPv6 route can not have a v4 gateway [ OK ]
TEST: Nexthop replace - v6 route, v4 nexthop [ OK ]
TEST: Nexthop replace of group entry - v6 route, v4 nexthop [ OK ]
TEST: IPv6 route can not have a group with v4 and v6 gateways [ OK ]
TEST: IPv6 route can not have a group with v4 and v6 gateways [ OK ]
TEST: IPv6 route using a group after deleting v4 gateways [ OK ]
TEST: Nexthop with default route and rpfilter [ OK ]
TEST: Nexthop with multipath default route and rpfilter [ OK ]
Tests passed: 19
Tests failed: 0
Signed-off-by: Ido Schimmel <[email protected]>
Reviewed-by: David Ahern <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
There are code paths where EINVAL is returned directly without setting
errno. In that case, errno could be 0, which would mask the
failure. For example, if a careless programmer set log_level to 10000
out of laziness, they would have to spend a long time trying to figure
out why.
Fixes: 4f33ddb4e3e2 ("libbpf: Propagate EPERM to caller on program load")
Signed-off-by: Alex Gartrell <[email protected]>
Signed-off-by: Alexei Starovoitov <[email protected]>
Link: https://lore.kernel.org/bpf/[email protected]
|
|
This adds further tests to ensure access permissions and restrictions
are applied properly for some map types such as sock-map.
It also adds another negative tests to assert static functions cannot be
replaced. In the 'unreliable' mode it still fails with error 'tracing progs
cannot use bpf_spin_lock yet' with the change in the verifier
Signed-off-by: Udip Pant <[email protected]>
Signed-off-by: Alexei Starovoitov <[email protected]>
Link: https://lore.kernel.org/bpf/[email protected]
|
|
This adds test to enforce same check for the return code for the extended prog
as it is enforced for the target program. It asserts failure for a
return code, which is permitted without the patch in this series, while
it is restricted after the application of this patch.
Signed-off-by: Udip Pant <[email protected]>
Signed-off-by: Alexei Starovoitov <[email protected]>
Link: https://lore.kernel.org/bpf/[email protected]
|
|
This adds a selftest that tests the behavior when a freplace target program
attempts to make a write access on a packet. The expectation is that the read or write
access is granted based on the program type of the linked program and
not itself (which is of type, for e.g., BPF_PROG_TYPE_EXT).
This test fails without the associated patch on the verifier.
Signed-off-by: Udip Pant <[email protected]>
Signed-off-by: Alexei Starovoitov <[email protected]>
Link: https://lore.kernel.org/bpf/[email protected]
|
|
This tests commit:
8ab49526b53d ("x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task")
Unpatched kernels will OOPS.
Signed-off-by: Andy Lutomirski <[email protected]>
Signed-off-by: Ingo Molnar <[email protected]>
Cc: [email protected]
Link: https://lore.kernel.org/r/c618ae86d1f757e01b1a8e79869f553cb88acf9a.1598461151.git.luto@kernel.org
|
|
The ptrace() test forgot to reap its child. Reap it.
Signed-off-by: Andy Lutomirski <[email protected]>
Signed-off-by: Ingo Molnar <[email protected]>
Link: https://lore.kernel.org/r/e7700a503f30e79ab35a63103938a19893dbeff2.1598461151.git.luto@kernel.org
|
|
There is a spelling mistake in a check error message. Fix it.
Signed-off-by: Colin Ian King <[email protected]>
Signed-off-by: Alexei Starovoitov <[email protected]>
Link: https://lore.kernel.org/bpf/[email protected]
|
|
Alexei reported compile breakage on newer systems with
following error:
In file included from /usr/include/fcntl.h:290:0,
4814 from ./test_progs.h:29,
4815 from
.../bpf-next/tools/testing/selftests/bpf/prog_tests/d_path.c:3:
4816In function ‘open’,
4817 inlined from ‘trigger_fstat_events’ at
.../bpf-next/tools/testing/selftests/bpf/prog_tests/d_path.c:50:10,
4818 inlined from ‘test_d_path’ at
.../bpf-next/tools/testing/selftests/bpf/prog_tests/d_path.c:119:6:
4819/usr/include/x86_64-linux-gnu/bits/fcntl2.h:50:4: error: call to
‘__open_missing_mode’ declared with attribute error: open with O_CREAT
or O_TMPFILE in second argument needs 3 arguments
4820 __open_missing_mode ();
4821 ^~~~~~~~~~~~~~~~~~~~~~
We're missing permission bits as 3rd argument
for open call with O_CREAT flag specified.
Fixes: e4d1af4b16f8 ("selftests/bpf: Add test for d_path helper")
Reported-by: Alexei Starovoitov <[email protected]>
Signed-off-by: Jiri Olsa <[email protected]>
Signed-off-by: Alexei Starovoitov <[email protected]>
Link: https://lore.kernel.org/bpf/[email protected]
|
|
Adding test to for sets resolve_btfids. We're checking that
testing set gets properly resolved and sorted.
Signed-off-by: Jiri Olsa <[email protected]>
Signed-off-by: Alexei Starovoitov <[email protected]>
Acked-by: Andrii Nakryiko <[email protected]>
Link: https://lore.kernel.org/bpf/[email protected]
|
|
Adding test for d_path helper which is pretty much
copied from Wenbo Zhang's test for bpf_get_fd_path,
which never made it in.
The test is doing fstat/close on several fd types,
and verifies we got the d_path helper working on
kernel probes for vfs_getattr/filp_close functions.
Original-patch-by: Wenbo Zhang <[email protected]>
Signed-off-by: Jiri Olsa <[email protected]>
Signed-off-by: Alexei Starovoitov <[email protected]>
Acked-by: Andrii Nakryiko <[email protected]>
Link: https://lore.kernel.org/bpf/[email protected]
|
|
Adding verifier test for attaching tracing program and
calling d_path helper from within and testing that it's
allowed for dentry_open function and denied for 'd_path'
function with appropriate error.
Signed-off-by: Jiri Olsa <[email protected]>
Signed-off-by: Alexei Starovoitov <[email protected]>
Acked-by: Andrii Nakryiko <[email protected]>
Link: https://lore.kernel.org/bpf/[email protected]
|
|
Adding d_path helper function that returns full path for
given 'struct path' object, which needs to be the kernel
BTF 'path' object. The path is returned in buffer provided
'buf' of size 'sz' and is zero terminated.
bpf_d_path(&file->f_path, buf, size);
The helper calls directly d_path function, so there's only
limited set of function it can be called from. Adding just
very modest set for the start.
Updating also bpf.h tools uapi header and adding 'path' to
bpf_helpers_doc.py script.
Signed-off-by: Jiri Olsa <[email protected]>
Signed-off-by: Alexei Starovoitov <[email protected]>
Acked-by: Andrii Nakryiko <[email protected]>
Acked-by: KP Singh <[email protected]>
Link: https://lore.kernel.org/bpf/[email protected]
|
|
Adding support to define sorted set of BTF ID values.
Following defines sorted set of BTF ID values:
BTF_SET_START(btf_allowlist_d_path)
BTF_ID(func, vfs_truncate)
BTF_ID(func, vfs_fallocate)
BTF_ID(func, dentry_open)
BTF_ID(func, vfs_getattr)
BTF_ID(func, filp_close)
BTF_SET_END(btf_allowlist_d_path)
It defines following 'struct btf_id_set' variable to access
values and count:
struct btf_id_set btf_allowlist_d_path;
Adding 'allowed' callback to struct bpf_func_proto, to allow
verifier the check on allowed callers.
Adding btf_id_set_contains function, which will be used by
allowed callbacks to verify the caller's BTF ID value is
within allowed set.
Also removing extra '\' in __BTF_ID_LIST macro.
Added BTF_SET_START_GLOBAL macro for global sets.
Signed-off-by: Jiri Olsa <[email protected]>
Signed-off-by: Alexei Starovoitov <[email protected]>
Acked-by: Andrii Nakryiko <[email protected]>
Link: https://lore.kernel.org/bpf/[email protected]
|
|
The set symbol does not have the unique number suffix,
so we need to give it a special parsing function.
This was omitted in the first batch, because there was
no set support yet, so it slipped in the testing.
Signed-off-by: Jiri Olsa <[email protected]>
Signed-off-by: Alexei Starovoitov <[email protected]>
Acked-by: Andrii Nakryiko <[email protected]>
Link: https://lore.kernel.org/bpf/[email protected]
|
|
To make sure we don't crash on malformed symbols.
Signed-off-by: Jiri Olsa <[email protected]>
Signed-off-by: Alexei Starovoitov <[email protected]>
Acked-by: Andrii Nakryiko <[email protected]>
Link: https://lore.kernel.org/bpf/[email protected]
|
|
inode_local_storage:
* Hook to the file_open and inode_unlink LSM hooks.
* Create and unlink a temporary file.
* Store some information in the inode's bpf_local_storage during
file_open.
* Verify that this information exists when the file is unlinked.
sk_local_storage:
* Hook to the socket_post_create and socket_bind LSM hooks.
* Open and bind a socket and set the sk_storage in the
socket_post_create hook using the start_server helper.
* Verify if the information is set in the socket_bind hook.
Signed-off-by: KP Singh <[email protected]>
Signed-off-by: Alexei Starovoitov <[email protected]>
Acked-by: Andrii Nakryiko <[email protected]>
Link: https://lore.kernel.org/bpf/[email protected]
|
|
Adds support for both bpf_{sk, inode}_storage_{get, delete} to be used
in LSM programs. These helpers are not used for tracing programs
(currently) as their usage is tied to the life-cycle of the object and
should only be used where the owning object won't be freed (when the
owning object is passed as an argument to the LSM hook). Thus, they
are safer to use in LSM hooks than tracing. Usage of local storage in
tracing programs will probably follow a per function based whitelist
approach.
Since the UAPI helper signature for bpf_sk_storage expect a bpf_sock,
it, leads to a compilation warning for LSM programs, it's also updated
to accept a void * pointer instead.
Signed-off-by: KP Singh <[email protected]>
Signed-off-by: Alexei Starovoitov <[email protected]>
Acked-by: Martin KaFai Lau <[email protected]>
Link: https://lore.kernel.org/bpf/[email protected]
|
|
Similar to bpf_local_storage for sockets, add local storage for inodes.
The life-cycle of storage is managed with the life-cycle of the inode.
i.e. the storage is destroyed along with the owning inode.
The BPF LSM allocates an __rcu pointer to the bpf_local_storage in the
security blob which are now stackable and can co-exist with other LSMs.
Signed-off-by: KP Singh <[email protected]>
Signed-off-by: Alexei Starovoitov <[email protected]>
Link: https://lore.kernel.org/bpf/[email protected]
|
|
Refactor the functionality in bpf_sk_storage.c so that concept of
storage linked to kernel objects can be extended to other objects like
inode, task_struct etc.
Each new local storage will still be a separate map and provide its own
set of helpers. This allows for future object specific extensions and
still share a lot of the underlying implementation.
This includes the changes suggested by Martin in:
https://lore.kernel.org/bpf/[email protected]/
adding new map operations to support bpf_local_storage maps:
* storages for different kernel objects to optionally have different
memory charging strategy (map_local_storage_charge,
map_local_storage_uncharge)
* Functionality to extract the storage pointer from a pointer to the
owning object (map_owner_storage_ptr)
Co-developed-by: Martin KaFai Lau <[email protected]>
Signed-off-by: Martin KaFai Lau <[email protected]>
Signed-off-by: KP Singh <[email protected]>
Signed-off-by: Alexei Starovoitov <[email protected]>
Link: https://lore.kernel.org/bpf/[email protected]
|
|
A purely mechanical change to split the renaming from the actual
generalization.
Flags/consts:
SK_STORAGE_CREATE_FLAG_MASK BPF_LOCAL_STORAGE_CREATE_FLAG_MASK
BPF_SK_STORAGE_CACHE_SIZE BPF_LOCAL_STORAGE_CACHE_SIZE
MAX_VALUE_SIZE BPF_LOCAL_STORAGE_MAX_VALUE_SIZE
Structs:
bucket bpf_local_storage_map_bucket
bpf_sk_storage_map bpf_local_storage_map
bpf_sk_storage_data bpf_local_storage_data
bpf_sk_storage_elem bpf_local_storage_elem
bpf_sk_storage bpf_local_storage
The "sk" member in bpf_local_storage is also updated to "owner"
in preparation for changing the type to void * in a subsequent patch.
Functions:
selem_linked_to_sk selem_linked_to_storage
selem_alloc bpf_selem_alloc
__selem_unlink_sk bpf_selem_unlink_storage_nolock
__selem_link_sk bpf_selem_link_storage_nolock
selem_unlink_sk __bpf_selem_unlink_storage
sk_storage_update bpf_local_storage_update
__sk_storage_lookup bpf_local_storage_lookup
bpf_sk_storage_map_free bpf_local_storage_map_free
bpf_sk_storage_map_alloc bpf_local_storage_map_alloc
bpf_sk_storage_map_alloc_check bpf_local_storage_map_alloc_check
bpf_sk_storage_map_check_btf bpf_local_storage_map_check_btf
Signed-off-by: KP Singh <[email protected]>
Signed-off-by: Alexei Starovoitov <[email protected]>
Acked-by: Martin KaFai Lau <[email protected]>
Link: https://lore.kernel.org/bpf/[email protected]
|
|
Currently test_sk_assign failed verifier with llvm11/llvm12.
During debugging, I found the default verifier output is
truncated like below
Verifier analysis:
Skipped 2200 bytes, use 'verb' option for the full verbose log.
[...]
off=23,r=34,imm=0) R5=inv0 R6=ctx(id=0,off=0,imm=0) R7=pkt(id=0,off=0,r=34,imm=0) R10=fp0
80: (0f) r7 += r2
last_idx 80 first_idx 21
regs=4 stack=0 before 78: (16) if w3 == 0x11 goto pc+1
when I am using "./test_progs -vv -t assign".
The reason is tc verbose mode is not enabled.
This patched enabled tc verbose mode and the output looks like below
Verifier analysis:
0: (bf) r6 = r1
1: (b4) w0 = 2
2: (61) r1 = *(u32 *)(r6 +80)
3: (61) r7 = *(u32 *)(r6 +76)
4: (bf) r2 = r7
5: (07) r2 += 14
6: (2d) if r2 > r1 goto pc+61
R0_w=inv2 R1_w=pkt_end(id=0,off=0,imm=0) R2_w=pkt(id=0,off=14,r=14,imm=0)
...
Signed-off-by: Yonghong Song <[email protected]>
Signed-off-by: Alexei Starovoitov <[email protected]>
Link: https://lore.kernel.org/bpf/[email protected]
|
|
Commit 643e7233aa94 ("selftests/bpf: Test_progs option for getting number of
tests") introduced ability to getting number of tests, which is targeted
towards scripting. As demonstrate in the commit the number can be use as a
shell variable for further scripting.
The test_progs program support "flavor", which is detected by the binary
have a "-flavor" in the executable name. One example is test_progs-no_alu32,
which load bpf-progs compiled with disabled alu32, located in dir 'no_alu32/'.
The problem is that invoking a "flavor" binary prints to stdout e.g.:
"Switching to flavor 'no_alu32' subdirectory..."
Thus, intermixing with the number of tests, making it unusable for scripting.
Fix the issue by only printing "flavor" info when verbose -v option is used.
Fixes: 643e7233aa94 ("selftests/bpf: Test_progs option for getting number of tests")
Signed-off-by: Jesper Dangaard Brouer <[email protected]>
Signed-off-by: Alexei Starovoitov <[email protected]>
Link: https://lore.kernel.org/bpf/159827024012.923543.7104106594870150597.stgit@firesoul
|
|
This commit adds a "--gdb" parameter to kvm.sh, which causes
"CONFIG_DEBUG_INFO=y" to be added to the Kconfig options, "nokaslr"
to be added to the boot parameters, and "-s -S" to be added to the qemu
arguments. Furthermore, the scripting prints messages telling the user
how to start up gdb for the run in question.
Because of the interactive nature of gdb sessions, only one "--configs"
scenario is permitted when "--gdb" is specified. For most torture types,
this means that a "--configs" argument is required, and that argument
must specify the single scenario of interest.
The usual cautions about breakpoints and timing apply, for example,
staring at your gdb prompt for too long will likely get you many
complaints, including RCU CPU stall warnings. Omar Sandoval further
suggests using gdb's "hbreak" command instead of the "break" command on
systems supporting hardware breakpoints, and further using the "commands"
option because the resulting non-interactive breakpoints are less likely
to get you RCU CPU stall warnings.
Signed-off-by: Paul E. McKenney <[email protected]>
|
|
This commit adds a --help argument (along with its synonym -h) to display
the help text. While in the area, this commit also updates the help text.
Signed-off-by: Paul E. McKenney <[email protected]>
|
|
Currently, the CONFIG_PROVE_RCU_LIST=y case is untested. This commit
therefore adds CONFIG_PROVE_RCU_LIST=y to rcutorture's TREE05 scenario.
Cc: Madhuparna Bhowmik <[email protected]>
Cc: Joel Fernandes (Google) <[email protected]>
Signed-off-by: Paul E. McKenney <[email protected]>
|
|
The rcu-test-image.txt documentation covers a very uncommon case where
a real userspace environment is required. However, someone reading this
document might reasonably conclude that this is in fact a prerequisite.
In addition, the initrd.txt file mentions dracut, which is no longer used.
This commit therefore provides the needed updates.
Signed-off-by: Paul E. McKenney <[email protected]>
|
|
Rationale:
Reduces attack surface on kernel devs opening the links for MITM
as HTTPS traffic is much harder to manipulate.
Deterministic algorithm:
For each file:
If not .svg:
For each line:
If doesn't contain `\bxmlns\b`:
For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`:
If both the HTTP and HTTPS versions
return 200 OK and serve the same content:
Replace HTTP with HTTPS.
Signed-off-by: Alexander A. Klimov <[email protected]>
Signed-off-by: Paul E. McKenney <[email protected]>
|
|
Signed-off-by: Paul Gortmaker <[email protected]>
Signed-off-by: Paul E. McKenney <[email protected]>
|
|
This commit further avoids conflation of rcuperf with the kernel's perf
feature by renaming kernel/rcu/rcuperf.c to kernel/rcu/rcuscale.c, and
also by similarly renaming the functions and variables inside this file.
This has the side effect of changing the names of the kernel boot
parameters, so kernel-parameters.txt and ver_functions.sh are also
updated. The rcutorture --torture type was also updated from rcuperf
to rcuscale.
[ paulmck: Fix bugs located by Stephen Rothwell. ]
Reported-by: Ingo Molnar <[email protected]>
Signed-off-by: Paul E. McKenney <[email protected]>
|
|
This commit updates the rcutorture scripting to include the new scftorture
torture-test module.
Signed-off-by: Paul E. McKenney <[email protected]>
|
|
Currently, parse-torture.sh looks at the fifth field of torture-test
console output for the version number. This works fine for rcutorture,
but not for scftorture, which lacks the pointer field. This commit
therefore adjusts matching lines so that the parse-console.sh awk script
always sees the version number as the first field in the lines passed
to it.
Signed-off-by: Paul E. McKenney <[email protected]>
|
|
Currently, the test takes about 626 seconds to complete because of an
inefficient use of the device's TCAM. Reduce the runtime to 202 seconds
by inserting all the flower filters with the same preference and mask,
but with a different key.
In particular, this reduces the deletion of the qdisc (which triggers
the deletion of all the filters) from 66 seconds to 0.2 seconds. This
prevents various netlink requests from user space applications (e.g.,
systemd-networkd) from timing-out because RTNL is not held for too long
anymore.
Signed-off-by: Ido Schimmel <[email protected]>
Reviewed-by: Jiri Pirko <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Currently, mausezahn delay parameter in mirror_test() is specified with
'ms' units.
mausezahn versions before 0.6.5 interpret 'ms' as seconds and therefore
the tests that use mirror_test() take a very long time to complete.
Resolve this by specifying 'msec' units.
Signed-off-by: Danielle Ratson <[email protected]>
Reviewed-by: Petr Machata <[email protected]>
Signed-off-by: Ido Schimmel <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|