diff options
| author | Song Liu <songliubraving@fb.com> | 2018-10-19 12:57:58 -0400 |
|---|---|---|
| committer | Alexei Starovoitov <ast@kernel.org> | 2018-10-19 16:49:34 -0400 |
| commit | 2cb494a36c98279c5c6ce8e99cf9776f15449ade (patch) | |
| tree | c8a67095d219b652a8eea067188bff6c599e6881 /net/bpf | |
| parent | b39b5f411dcfce28ff954e5d6acb2c11be3cb0ec (diff) | |
bpf: add tests for direct packet access from CGROUP_SKB
Tests are added to make sure CGROUP_SKB cannot access:
tc_classid, data_meta, flow_keys
and can read and write:
mark, prority, and cb[0-4]
and can read other fields.
To make selftest with skb->sk work, a dummy sk is added in
bpf_prog_test_run_skb().
Signed-off-by: Song Liu <songliubraving@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Diffstat (limited to 'net/bpf')
| -rw-r--r-- | net/bpf/test_run.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/net/bpf/test_run.c b/net/bpf/test_run.c index 0c423b8cd75c..c89c22c49015 100644 --- a/net/bpf/test_run.c +++ b/net/bpf/test_run.c | |||
| @@ -10,6 +10,8 @@ | |||
| 10 | #include <linux/etherdevice.h> | 10 | #include <linux/etherdevice.h> |
| 11 | #include <linux/filter.h> | 11 | #include <linux/filter.h> |
| 12 | #include <linux/sched/signal.h> | 12 | #include <linux/sched/signal.h> |
| 13 | #include <net/sock.h> | ||
| 14 | #include <net/tcp.h> | ||
| 13 | 15 | ||
| 14 | static __always_inline u32 bpf_test_run_one(struct bpf_prog *prog, void *ctx, | 16 | static __always_inline u32 bpf_test_run_one(struct bpf_prog *prog, void *ctx, |
| 15 | struct bpf_cgroup_storage *storage[MAX_BPF_CGROUP_STORAGE_TYPE]) | 17 | struct bpf_cgroup_storage *storage[MAX_BPF_CGROUP_STORAGE_TYPE]) |
| @@ -115,6 +117,7 @@ int bpf_prog_test_run_skb(struct bpf_prog *prog, const union bpf_attr *kattr, | |||
| 115 | u32 retval, duration; | 117 | u32 retval, duration; |
| 116 | int hh_len = ETH_HLEN; | 118 | int hh_len = ETH_HLEN; |
| 117 | struct sk_buff *skb; | 119 | struct sk_buff *skb; |
| 120 | struct sock *sk; | ||
| 118 | void *data; | 121 | void *data; |
| 119 | int ret; | 122 | int ret; |
| 120 | 123 | ||
| @@ -137,11 +140,21 @@ int bpf_prog_test_run_skb(struct bpf_prog *prog, const union bpf_attr *kattr, | |||
| 137 | break; | 140 | break; |
| 138 | } | 141 | } |
| 139 | 142 | ||
| 143 | sk = kzalloc(sizeof(struct sock), GFP_USER); | ||
| 144 | if (!sk) { | ||
| 145 | kfree(data); | ||
| 146 | return -ENOMEM; | ||
| 147 | } | ||
| 148 | sock_net_set(sk, current->nsproxy->net_ns); | ||
| 149 | sock_init_data(NULL, sk); | ||
| 150 | |||
| 140 | skb = build_skb(data, 0); | 151 | skb = build_skb(data, 0); |
| 141 | if (!skb) { | 152 | if (!skb) { |
| 142 | kfree(data); | 153 | kfree(data); |
| 154 | kfree(sk); | ||
| 143 | return -ENOMEM; | 155 | return -ENOMEM; |
| 144 | } | 156 | } |
| 157 | skb->sk = sk; | ||
| 145 | 158 | ||
| 146 | skb_reserve(skb, NET_SKB_PAD + NET_IP_ALIGN); | 159 | skb_reserve(skb, NET_SKB_PAD + NET_IP_ALIGN); |
| 147 | __skb_put(skb, size); | 160 | __skb_put(skb, size); |
| @@ -159,6 +172,7 @@ int bpf_prog_test_run_skb(struct bpf_prog *prog, const union bpf_attr *kattr, | |||
| 159 | 172 | ||
| 160 | if (pskb_expand_head(skb, nhead, 0, GFP_USER)) { | 173 | if (pskb_expand_head(skb, nhead, 0, GFP_USER)) { |
| 161 | kfree_skb(skb); | 174 | kfree_skb(skb); |
| 175 | kfree(sk); | ||
| 162 | return -ENOMEM; | 176 | return -ENOMEM; |
| 163 | } | 177 | } |
| 164 | } | 178 | } |
| @@ -171,6 +185,7 @@ int bpf_prog_test_run_skb(struct bpf_prog *prog, const union bpf_attr *kattr, | |||
| 171 | size = skb_headlen(skb); | 185 | size = skb_headlen(skb); |
| 172 | ret = bpf_test_finish(kattr, uattr, skb->data, size, retval, duration); | 186 | ret = bpf_test_finish(kattr, uattr, skb->data, size, retval, duration); |
| 173 | kfree_skb(skb); | 187 | kfree_skb(skb); |
| 188 | kfree(sk); | ||
| 174 | return ret; | 189 | return ret; |
| 175 | } | 190 | } |
| 176 | 191 | ||