From patchwork Sun Jul 7 21:28:22 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michal Luczaj X-Patchwork-Id: 13726109 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mailtransmit05.runbox.com (mailtransmit05.runbox.com [185.226.149.38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 99577101D4; Sun, 7 Jul 2024 23:27:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.226.149.38 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1720394835; cv=none; b=ZZIZl24mhjJ/onyOMaX/XZFEBo/Nj32GfgsuWv+AUi1CDaKz0IPO6Tmaud009M7F2EGCrl9ujDr/jlrIPWpAwmDg0LmHgSxKOEnyP01NhTQfgABgfX4PErITZ9fKkuRjRb8aF2yi0Nkh5P64vRdCEkyNpmVbHe2RYgI8xOTTn0c= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1720394835; c=relaxed/simple; bh=LRwdrUN8Ya95nK4RNxzM5XFpnqtnV35sN1AGNWTIjZs=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=nWUESFfZU2kFpNqKU2aCKoe4RcL07jCFo+8uzszTERTNB0IkJeMT+kVid7oxl28kWunF1LNEwAvbSpTXw8IVLlFAFFd1nest/HXdSIMiZXqdngGp/TtAQdTi5iufRK1dOBNJ9BqKmJdjjclwlSQ5nDTPuzJYE1+0BttUk69UR1c= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=rbox.co; spf=pass smtp.mailfrom=rbox.co; dkim=pass (2048-bit key) header.d=rbox.co header.i=@rbox.co header.b=Mh7peUDT; arc=none smtp.client-ip=185.226.149.38 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=rbox.co Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=rbox.co Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=rbox.co header.i=@rbox.co header.b="Mh7peUDT" Received: from mailtransmit03.runbox ([10.9.9.163] helo=aibo.runbox.com) by mailtransmit05.runbox.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.93) (envelope-from ) id 1sQaNs-00Ept8-UE; Mon, 08 Jul 2024 00:29:28 +0200 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=rbox.co; s=selector2; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:Cc:To:From; bh=9ya+VAvIvTkB/qGZf2DhEiH2W3KKLDsuPGXHcP/Gz8A=; b=Mh7peUDTeab3CkG33Pq7prRrqs eHKC/u1l70TK7NPlhHte4cvTKsObeaJbwwQHRaweAVMqLfD7GrB8Pmi7lCMlTrJB3uaRVy8UtSlJj mN9DOLf+pb190E317QNcgnEmaFAFFzLN6uXj7gHn0ydJzYzekmtlaSXjD1pXIN0CIa5GAVz8d03cA JVXUHfN+PS6EkbGQblHSgSn5R97D4UJY39lj094mSf6+GmHd25RQJ6Hh1KnpaC4DDdN+egGolnwsr O0wfojePPvQrIIXkHBdSpRERC8wufIV39Ikzz/mEKYjiTA/+ZhzMoVLI7q38qB3BgLPjnZvxtjaHg 0eaJFLxw==; Received: from [10.9.9.74] (helo=submission03.runbox) by mailtransmit03.runbox with esmtp (Exim 4.86_2) (envelope-from ) id 1sQaNs-0003NT-Kl; Mon, 08 Jul 2024 00:29:28 +0200 Received: by submission03.runbox with esmtpsa [Authenticated ID (604044)] (TLS1.2:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.93) id 1sQaNa-009IHx-92; Mon, 08 Jul 2024 00:29:10 +0200 From: Michal Luczaj To: netdev@vger.kernel.org Cc: bpf@vger.kernel.org, davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, john.fastabend@gmail.com, jakub@cloudflare.com, kuniyu@amazon.com, Rao.Shoaib@oracle.com, cong.wang@bytedance.com, Michal Luczaj Subject: [PATCH bpf v3 1/4] af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash Date: Sun, 7 Jul 2024 23:28:22 +0200 Message-ID: <20240707222842.4119416-2-mhal@rbox.co> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240707222842.4119416-1-mhal@rbox.co> References: <20240707222842.4119416-1-mhal@rbox.co> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: bpf@iogearbox.net AF_UNIX socket tracks the most recent OOB packet (in its receive queue) with an `oob_skb` pointer. BPF redirecting does not account for that: when an OOB packet is moved between sockets, `oob_skb` is left outdated. This results in a single skb that may be accessed from two different sockets. Take the easy way out: silently drop MSG_OOB data targeting any socket that is in a sockmap or a sockhash. Note that such silent drop is akin to the fate of redirected skb's scm_fp_list (SCM_RIGHTS, SCM_CREDENTIALS). For symmetry, forbid MSG_OOB in unix_bpf_recvmsg(). Suggested-by: Kuniyuki Iwashima Fixes: 314001f0bf92 ("af_unix: Add OOB support") Signed-off-by: Michal Luczaj Reviewed-by: Kuniyuki Iwashima Reviewed-by: Jakub Sitnicki --- net/unix/af_unix.c | 41 ++++++++++++++++++++++++++++++++++++++++- net/unix/unix_bpf.c | 3 +++ 2 files changed, 43 insertions(+), 1 deletion(-) diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c index 142f56770b77..11cb5badafb6 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c @@ -2667,10 +2667,49 @@ static struct sk_buff *manage_oob(struct sk_buff *skb, struct sock *sk, static int unix_stream_read_skb(struct sock *sk, skb_read_actor_t recv_actor) { + struct unix_sock *u = unix_sk(sk); + struct sk_buff *skb; + int err; + if (unlikely(READ_ONCE(sk->sk_state) != TCP_ESTABLISHED)) return -ENOTCONN; - return unix_read_skb(sk, recv_actor); + mutex_lock(&u->iolock); + skb = skb_recv_datagram(sk, MSG_DONTWAIT, &err); + mutex_unlock(&u->iolock); + if (!skb) + return err; + +#if IS_ENABLED(CONFIG_AF_UNIX_OOB) + if (unlikely(skb == READ_ONCE(u->oob_skb))) { + bool drop = false; + + unix_state_lock(sk); + + if (sock_flag(sk, SOCK_DEAD)) { + unix_state_unlock(sk); + kfree_skb(skb); + return -ECONNRESET; + } + + spin_lock(&sk->sk_receive_queue.lock); + if (likely(skb == u->oob_skb)) { + WRITE_ONCE(u->oob_skb, NULL); + drop = true; + } + spin_unlock(&sk->sk_receive_queue.lock); + + unix_state_unlock(sk); + + if (drop) { + WARN_ON_ONCE(skb_unref(skb)); + kfree_skb(skb); + return -EAGAIN; + } + } +#endif + + return recv_actor(sk, skb); } static int unix_stream_read_generic(struct unix_stream_read_state *state, diff --git a/net/unix/unix_bpf.c b/net/unix/unix_bpf.c index bd84785bf8d6..bca2d86ba97d 100644 --- a/net/unix/unix_bpf.c +++ b/net/unix/unix_bpf.c @@ -54,6 +54,9 @@ static int unix_bpf_recvmsg(struct sock *sk, struct msghdr *msg, struct sk_psock *psock; int copied; + if (flags & MSG_OOB) + return -EOPNOTSUPP; + if (!len) return 0; From patchwork Sun Jul 7 21:28:23 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michal Luczaj X-Patchwork-Id: 13726084 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mailtransmit05.runbox.com (mailtransmit05.runbox.com [185.226.149.38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CE0981B970 for ; Sun, 7 Jul 2024 22:46:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.226.149.38 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1720392410; cv=none; b=r8K/JdlD5vX7a7cy3egcvLKc4RehR4dXjfaIRjV9OqSP+AYMNxNBSFr43SUre2b14XrzlJAHAT146Y3EvEpaKPoqqtfFxQXxEcn4CJpy9IrN8vpi62rg0RckQSugZ6I7Ckzgyn3+E43U3xyD+m0DF0eajYkdtxpD8v0G5WGdnDg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1720392410; c=relaxed/simple; bh=YN77VaJ7VVTFbS0RwmicdTZQvRTVuESW3tR6Mgbd/JQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=kgUz9UPTkXxK8DswGy/BNenuQ0peEDRVhAiT9Gx1bgXBTY07VX+VbpVfYOXPnFCIklcLgRxzOZ0hnOPH2xr6V+7nu15kzrAUPYanal1NjwDvgRnX88/RzcVFYJWnZUuTEznKceD13cbCgWxTW3RT+cvg0Pnvoy0703QS96UxOQ4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=rbox.co; spf=pass smtp.mailfrom=rbox.co; dkim=pass (2048-bit key) header.d=rbox.co header.i=@rbox.co header.b=eYc5oiyL; arc=none smtp.client-ip=185.226.149.38 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=rbox.co Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=rbox.co Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=rbox.co header.i=@rbox.co header.b="eYc5oiyL" Received: from mailtransmit03.runbox ([10.9.9.163] helo=aibo.runbox.com) by mailtransmit05.runbox.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.93) (envelope-from ) id 1sQaNu-00Eptk-LJ; Mon, 08 Jul 2024 00:29:30 +0200 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=rbox.co; s=selector2; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:Cc:To:From; bh=AMRMfwTLPNxsgjKocG+YNGakQaPHJC19gcwx9Mcwiko=; b=eYc5oiyLVPgga9eoxIOhpZdPH8 eaKzwmhtyPAhqagVdoddnKdyiWaMtc91QKtZCSW+HtFI1PBD2iEdl8aVNp6/HwUaLze1n/DrKc2vc f95xMLTJegt3CPah9R0gNAlsrlLUZmVuE9ouzZfcxSJ4IEvtBBq7Fu67oz2ygUc6clPc/2jJP7VjT +tpMYNMUIEPBuwMsweTUaxWu/Pom4AtKJO2+lYriXucvhALu0DtTeQDikc4dA2dzMT2+6ZxSOHtj/ 72A3n2mXoALdbrFdZ7bjxkU+ShVnM/9UcDZns70kCL1sN2BnX9+xGrf/x9h/y18+2bPIy5cuR0WzR z5ncyKog==; Received: from [10.9.9.74] (helo=submission03.runbox) by mailtransmit03.runbox with esmtp (Exim 4.86_2) (envelope-from ) id 1sQaNu-0003NZ-8H; Mon, 08 Jul 2024 00:29:30 +0200 Received: by submission03.runbox with esmtpsa [Authenticated ID (604044)] (TLS1.2:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.93) id 1sQaNa-009IHx-SA; Mon, 08 Jul 2024 00:29:10 +0200 From: Michal Luczaj To: netdev@vger.kernel.org Cc: bpf@vger.kernel.org, davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, john.fastabend@gmail.com, jakub@cloudflare.com, kuniyu@amazon.com, Rao.Shoaib@oracle.com, cong.wang@bytedance.com, Michal Luczaj Subject: [PATCH bpf v3 2/4] selftest/bpf: Support SOCK_STREAM in unix_inet_redir_to_connected() Date: Sun, 7 Jul 2024 23:28:23 +0200 Message-ID: <20240707222842.4119416-3-mhal@rbox.co> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240707222842.4119416-1-mhal@rbox.co> References: <20240707222842.4119416-1-mhal@rbox.co> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: bpf@iogearbox.net Function ignores the AF_INET socket type argument, SOCK_DGRAM is hardcoded. Fix to respect the argument provided. Suggested-by: Jakub Sitnicki Signed-off-by: Michal Luczaj Reviewed-by: Jakub Sitnicki --- tools/testing/selftests/bpf/prog_tests/sockmap_listen.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tools/testing/selftests/bpf/prog_tests/sockmap_listen.c b/tools/testing/selftests/bpf/prog_tests/sockmap_listen.c index e91b59366030..c075d376fcab 100644 --- a/tools/testing/selftests/bpf/prog_tests/sockmap_listen.c +++ b/tools/testing/selftests/bpf/prog_tests/sockmap_listen.c @@ -1828,7 +1828,7 @@ static void unix_inet_redir_to_connected(int family, int type, if (err) return; - if (socketpair(AF_UNIX, SOCK_DGRAM | SOCK_NONBLOCK, 0, sfd)) + if (socketpair(AF_UNIX, type | SOCK_NONBLOCK, 0, sfd)) goto close_cli0; c1 = sfd[0], p1 = sfd[1]; @@ -1840,7 +1840,6 @@ static void unix_inet_redir_to_connected(int family, int type, close_cli0: xclose(c0); xclose(p0); - } static void unix_inet_skb_redir_to_connected(struct test_sockmap_listen *skel, From patchwork Sun Jul 7 21:28:24 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michal Luczaj X-Patchwork-Id: 13726074 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mailtransmit04.runbox.com (mailtransmit04.runbox.com [185.226.149.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D6ED512E55; Sun, 7 Jul 2024 22:29:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.226.149.37 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1720391384; cv=none; b=KdSSd4j5ii0iYdXaWg8OnM8q3tbCud7BL13av2F5wQDF+YCFsLY6OLwouduKmdPfaxXkc+LrHZj5cACcKi5A/UaUVsqKdb3sYa5WtaM/mIcc7iwYmdVhUKjAGxnuaOTFyhF+0U8e7UzF26jqp831omInfBPL8qYavM4ke3sK1Lg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1720391384; c=relaxed/simple; bh=dGUOgYZXO+dYc4Hd2aEZo7E1ZNs9m6oaDpq8IcnWEaA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=mQfE8lW4Md0Gl8y7GzPPIV8x1ocXP2gFiEAdSWKl6Tt5cnNfz8BuhLn7dG+2HGm4lgBoAm/QvmTC8NT/KIodOFyXQGzlT8JwckyvmDHjVOhf0NqdGPLGnzmPGLqKVHa9qlNcyhEWxF1LCRtUXHlGAI4P3aMLyZvH550HtQE8aJ4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=rbox.co; spf=pass smtp.mailfrom=rbox.co; dkim=pass (2048-bit key) header.d=rbox.co header.i=@rbox.co header.b=XTquWd9Z; arc=none smtp.client-ip=185.226.149.37 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=rbox.co Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=rbox.co Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=rbox.co header.i=@rbox.co header.b="XTquWd9Z" Received: from mailtransmit02.runbox ([10.9.9.162] helo=aibo.runbox.com) by mailtransmit04.runbox.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.93) (envelope-from ) id 1sQaO1-00H8ig-A7; Mon, 08 Jul 2024 00:29:37 +0200 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=rbox.co; s=selector2; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:Cc:To:From; bh=E4IXG40cCmALJCoKYDNrqUR7yMYyRtdiJB1SHvERVGo=; b=XTquWd9ZHlzloP5OkvTkhb8+wW vZWtMfohM6X3ipEbgHClu2WnkZSCePVhNAzhrSNcretd5LmqokfAaCH+SHIK+b0ujFtCvBqmtpim+ FiZ1pThKNYdKf3LKtbvQv8Jd60KjZBu41py1TbXCktR6Aksw+hvbb9dK5C7IUXpVerSvLhg5avfSP FuSctR0ZsvwOt+da6QwaIn/Wb3h1/Z7tnxll+MhmMz2jzD4ocEXp05RNMQX/ogRUwb6/ZXKft4laa 8Aq5t7jlqcXw8K0AXlWjBqrcx5mQI0aHOGm7Dm+wwSGmcAsnQ/CWBJBxDXLY/P7uneJ/MjEQ1lcb9 7osUCOjg==; Received: from [10.9.9.74] (helo=submission03.runbox) by mailtransmit02.runbox with esmtp (Exim 4.86_2) (envelope-from ) id 1sQaNw-00060Z-0K; Mon, 08 Jul 2024 00:29:32 +0200 Received: by submission03.runbox with esmtpsa [Authenticated ID (604044)] (TLS1.2:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.93) id 1sQaNb-009IHx-F4; Mon, 08 Jul 2024 00:29:11 +0200 From: Michal Luczaj To: netdev@vger.kernel.org Cc: bpf@vger.kernel.org, davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, john.fastabend@gmail.com, jakub@cloudflare.com, kuniyu@amazon.com, Rao.Shoaib@oracle.com, cong.wang@bytedance.com, Michal Luczaj Subject: [PATCH bpf v3 3/4] selftest/bpf: Parametrize AF_UNIX redir functions to accept send() flags Date: Sun, 7 Jul 2024 23:28:24 +0200 Message-ID: <20240707222842.4119416-4-mhal@rbox.co> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240707222842.4119416-1-mhal@rbox.co> References: <20240707222842.4119416-1-mhal@rbox.co> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: bpf@iogearbox.net Extend pairs_redir_to_connected() and unix_inet_redir_to_connected() with a send_flags parameter. Replace write() with send() allowing packets to be sent as MSG_OOB. Signed-off-by: Michal Luczaj --- .../selftests/bpf/prog_tests/sockmap_listen.c | 40 +++++++++++++------ 1 file changed, 27 insertions(+), 13 deletions(-) diff --git a/tools/testing/selftests/bpf/prog_tests/sockmap_listen.c b/tools/testing/selftests/bpf/prog_tests/sockmap_listen.c index c075d376fcab..59e16f8f2090 100644 --- a/tools/testing/selftests/bpf/prog_tests/sockmap_listen.c +++ b/tools/testing/selftests/bpf/prog_tests/sockmap_listen.c @@ -1374,9 +1374,10 @@ static void test_redir(struct test_sockmap_listen *skel, struct bpf_map *map, } } -static void pairs_redir_to_connected(int cli0, int peer0, int cli1, int peer1, - int sock_mapfd, int nop_mapfd, - int verd_mapfd, enum redir_mode mode) +static void __pairs_redir_to_connected(int cli0, int peer0, int cli1, int peer1, + int sock_mapfd, int nop_mapfd, + int verd_mapfd, enum redir_mode mode, + int send_flags) { const char *log_prefix = redir_mode_str(mode); unsigned int pass; @@ -1396,11 +1397,9 @@ static void pairs_redir_to_connected(int cli0, int peer0, int cli1, int peer1, return; } - n = write(cli1, "a", 1); - if (n < 0) - FAIL_ERRNO("%s: write", log_prefix); + n = xsend(cli1, "a", 1, send_flags); if (n == 0) - FAIL("%s: incomplete write", log_prefix); + FAIL("%s: incomplete send", log_prefix); if (n < 1) return; @@ -1418,6 +1417,14 @@ static void pairs_redir_to_connected(int cli0, int peer0, int cli1, int peer1, FAIL("%s: incomplete recv", log_prefix); } +static void pairs_redir_to_connected(int cli0, int peer0, int cli1, int peer1, + int sock_mapfd, int nop_mapfd, + int verd_mapfd, enum redir_mode mode) +{ + __pairs_redir_to_connected(cli0, peer0, cli1, peer1, sock_mapfd, + nop_mapfd, verd_mapfd, mode, 0); +} + static void unix_redir_to_connected(int sotype, int sock_mapfd, int verd_mapfd, enum redir_mode mode) { @@ -1815,10 +1822,9 @@ static void inet_unix_skb_redir_to_connected(struct test_sockmap_listen *skel, xbpf_prog_detach2(verdict, sock_map, BPF_SK_SKB_VERDICT); } -static void unix_inet_redir_to_connected(int family, int type, - int sock_mapfd, int nop_mapfd, - int verd_mapfd, - enum redir_mode mode) +static void __unix_inet_redir_to_connected(int family, int type, int sock_mapfd, + int nop_mapfd, int verd_mapfd, + enum redir_mode mode, int send_flags) { int c0, c1, p0, p1; int sfd[2]; @@ -1832,8 +1838,8 @@ static void unix_inet_redir_to_connected(int family, int type, goto close_cli0; c1 = sfd[0], p1 = sfd[1]; - pairs_redir_to_connected(c0, p0, c1, p1, - sock_mapfd, nop_mapfd, verd_mapfd, mode); + __pairs_redir_to_connected(c0, p0, c1, p1, sock_mapfd, nop_mapfd, + verd_mapfd, mode, send_flags); xclose(c1); xclose(p1); @@ -1842,6 +1848,14 @@ static void unix_inet_redir_to_connected(int family, int type, xclose(p0); } +static void unix_inet_redir_to_connected(int family, int type, int sock_mapfd, + int nop_mapfd, int verd_mapfd, + enum redir_mode mode) +{ + __unix_inet_redir_to_connected(family, type, sock_mapfd, nop_mapfd, + verd_mapfd, mode, 0); +} + static void unix_inet_skb_redir_to_connected(struct test_sockmap_listen *skel, struct bpf_map *inner_map, int family) { From patchwork Sun Jul 7 21:28:25 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michal Luczaj X-Patchwork-Id: 13726083 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mailtransmit05.runbox.com (mailtransmit05.runbox.com [185.226.149.38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F3E6C79D2 for ; Sun, 7 Jul 2024 22:46:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.226.149.38 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1720392371; cv=none; b=BkaGFUHzBmCt3K0Yg1TF0cHV0cNT8iODEK8FQKNx40x9mHlPsXM0zovCsU0weeLXSfyV9e66kOk5MEwnNRIZUSAbCZMn13csLRSeW83XQdDADf6zvOXgK0jFn2aL18Ps8g4OXe8m6iCGDCoiZMMEKAmEr9/07g04zu7Mr50Fsmg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1720392371; c=relaxed/simple; bh=yNwHYkAOCmlJNvypb0TAJ2pUkHpu6UqqKg+zFVXg++4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=bGYynYVlNcEEM0n5n7gbSzaH792Lc4YHXjnNL5z5v2uye0jOafnVnbIJ3/0tf7hTXhGW2FRogtGTdjcAt2qNMbGrqnlB3tAjMmPytEkh6OzaoocNX+XNqmoJwuiiBjfPWyhnOpFMHWJ8D9jE6UGC+14XHgEhPZVlU4CDUVqbAY8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=rbox.co; spf=pass smtp.mailfrom=rbox.co; dkim=pass (2048-bit key) header.d=rbox.co header.i=@rbox.co header.b=HhQAF2is; arc=none smtp.client-ip=185.226.149.38 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=rbox.co Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=rbox.co Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=rbox.co header.i=@rbox.co header.b="HhQAF2is" Received: from mailtransmit03.runbox ([10.9.9.163] helo=aibo.runbox.com) by mailtransmit05.runbox.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.93) (envelope-from ) id 1sQaNx-00Eptr-Ri; Mon, 08 Jul 2024 00:29:33 +0200 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=rbox.co; s=selector2; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:Cc:To:From; bh=BKuhIUlMW8s1SuZt1nyqI32uXlG0E+DHjgfZWeAUcCY=; b=HhQAF2isE6g3xlniqZ7sK8cEsA UqNa94MXmJeVCNvpeCnlYiUaQ4mg8L+r2HDTmKaEalR5dVbZ6UEYRy/AngBaWGu/zxHWx1EEQm4br w86GzcXNeLjop0nzO5PM2/nZO8bM5dY+0L+HnIE3NoWFr94Vufx13trvMTeSMNA1stadAjBEsnKFH Y2Kc1Gc35DLSBBvjPJ9tFiqQwpU4p/Zk8Xq+bvXAXku5y6VV2YAEL86312+BR4Lod5uZZ4vlGniTX uVzYSJ4IrqFU4jA6s5EM1g1dT6alFu1twpegOHyX0Te9mvsRw4s9z0iPfbnqq5MN1Q004485pD9w5 nqNi9sIQ==; Received: from [10.9.9.74] (helo=submission03.runbox) by mailtransmit03.runbox with esmtp (Exim 4.86_2) (envelope-from ) id 1sQaNx-0003Nf-IK; Mon, 08 Jul 2024 00:29:33 +0200 Received: by submission03.runbox with esmtpsa [Authenticated ID (604044)] (TLS1.2:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.93) id 1sQaNc-009IHx-1O; Mon, 08 Jul 2024 00:29:12 +0200 From: Michal Luczaj To: netdev@vger.kernel.org Cc: bpf@vger.kernel.org, davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, john.fastabend@gmail.com, jakub@cloudflare.com, kuniyu@amazon.com, Rao.Shoaib@oracle.com, cong.wang@bytedance.com, Michal Luczaj Subject: [PATCH bpf v3 4/4] selftest/bpf: Test sockmap redirect for AF_UNIX MSG_OOB Date: Sun, 7 Jul 2024 23:28:25 +0200 Message-ID: <20240707222842.4119416-5-mhal@rbox.co> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240707222842.4119416-1-mhal@rbox.co> References: <20240707222842.4119416-1-mhal@rbox.co> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: bpf@iogearbox.net Verify that out-of-band packets are silently dropped before they reach the redirection logic. Attempt to recv() stale data that might have been erroneously left reachable from the original socket. The idea is to test with a 2 byte long send(). Should a MSG_OOB flag be in use, only the last byte will be treated as out-of-band. Test fails if verd_mapfd indicates a wrong number of packets processed (e.g. if OOB data wasn't dropped at the source) or if it was still somehow possble to recv() OOB from the mapped socket. Signed-off-by: Michal Luczaj --- .../selftests/bpf/prog_tests/sockmap_listen.c | 26 ++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/tools/testing/selftests/bpf/prog_tests/sockmap_listen.c b/tools/testing/selftests/bpf/prog_tests/sockmap_listen.c index 59e16f8f2090..878fcca36a55 100644 --- a/tools/testing/selftests/bpf/prog_tests/sockmap_listen.c +++ b/tools/testing/selftests/bpf/prog_tests/sockmap_listen.c @@ -1397,10 +1397,10 @@ static void __pairs_redir_to_connected(int cli0, int peer0, int cli1, int peer1, return; } - n = xsend(cli1, "a", 1, send_flags); - if (n == 0) + n = xsend(cli1, "ab", 2, send_flags); + if (n >= 0 && n < 2) FAIL("%s: incomplete send", log_prefix); - if (n < 1) + if (n < 2) return; key = SK_PASS; @@ -1415,6 +1415,19 @@ static void __pairs_redir_to_connected(int cli0, int peer0, int cli1, int peer1, FAIL_ERRNO("%s: recv_timeout", log_prefix); if (n == 0) FAIL("%s: incomplete recv", log_prefix); + + if (send_flags & MSG_OOB) { + key = 0; + xbpf_map_delete_elem(sock_mapfd, &key); + key = 1; + xbpf_map_delete_elem(sock_mapfd, &key); + + n = recv(peer1, &b, 1, MSG_OOB | MSG_DONTWAIT); + if (n > 0) + FAIL("%s: recv(MSG_OOB) succeeded", log_prefix); + if (n == 0) + FAIL("%s: recv(MSG_OOB) returned 0", log_prefix); + } } static void pairs_redir_to_connected(int cli0, int peer0, int cli1, int peer1, @@ -1883,6 +1896,10 @@ static void unix_inet_skb_redir_to_connected(struct test_sockmap_listen *skel, unix_inet_redir_to_connected(family, SOCK_STREAM, sock_map, nop_map, verdict_map, REDIR_EGRESS); + __unix_inet_redir_to_connected(family, SOCK_STREAM, + sock_map, nop_map, verdict_map, + REDIR_EGRESS, MSG_OOB); + skel->bss->test_ingress = true; unix_inet_redir_to_connected(family, SOCK_DGRAM, sock_map, -1, verdict_map, @@ -1897,6 +1914,9 @@ static void unix_inet_skb_redir_to_connected(struct test_sockmap_listen *skel, unix_inet_redir_to_connected(family, SOCK_STREAM, sock_map, nop_map, verdict_map, REDIR_INGRESS); + __unix_inet_redir_to_connected(family, SOCK_STREAM, + sock_map, nop_map, verdict_map, + REDIR_INGRESS, MSG_OOB); xbpf_prog_detach2(verdict, sock_map, BPF_SK_SKB_VERDICT); }