tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

selftests/bpf: Migrate sendmsg deny test cases

This set of tests checks that sendmsg calls are rejected (return -EPERM)
when the sendmsg* hook returns 0. Replace those in bpf/test_sock_addr.c
with corresponding tests in prog_tests/sock_addr.c.

Signed-off-by: Jordan Rife <jrife@google.com>
Link: https://lore.kernel.org/r/20240510190246.3247730-8-jrife@google.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

authored by

Jordan Rife and committed by
Alexei Starovoitov f46a1048 d1b24fcf

+110 -45
+98
tools/testing/selftests/bpf/prog_tests/sock_addr.c
··· 443 443 BPF_SKEL_FUNCS(connect6_prog, connect_v6_prog); 444 444 BPF_SKEL_FUNCS(connect_unix_prog, connect_unix_prog); 445 445 BPF_SKEL_FUNCS(sendmsg4_prog, sendmsg_v4_prog); 446 + BPF_SKEL_FUNCS(sendmsg4_prog, sendmsg_v4_deny_prog); 446 447 BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_prog); 448 + BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_deny_prog); 447 449 BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_preserve_dst_prog); 448 450 BPF_SKEL_FUNCS(sendmsg_unix_prog, sendmsg_unix_prog); 449 451 BPF_SKEL_FUNCS(recvmsg4_prog, recvmsg4_prog); ··· 770 768 }, 771 769 { 772 770 SOCK_ADDR_TEST_SENDMSG, 771 + "sendmsg4: sendmsg deny (dgram)", 772 + sendmsg_v4_deny_prog_load, 773 + sendmsg_v4_deny_prog_destroy, 774 + BPF_CGROUP_UDP4_SENDMSG, 775 + &user_ops, 776 + AF_INET, 777 + SOCK_DGRAM, 778 + SERV4_IP, 779 + SERV4_PORT, 780 + SERV4_REWRITE_IP, 781 + SERV4_REWRITE_PORT, 782 + SRC4_REWRITE_IP, 783 + SYSCALL_EPERM, 784 + }, 785 + { 786 + SOCK_ADDR_TEST_SENDMSG, 773 787 "sendmsg6: sendmsg (dgram)", 774 788 sendmsg_v6_prog_load, 775 789 sendmsg_v6_prog_destroy, ··· 815 797 SERV6_PORT, 816 798 SRC6_IP, 817 799 SUCCESS, 800 + }, 801 + { 802 + SOCK_ADDR_TEST_SENDMSG, 803 + "sendmsg6: sendmsg deny (dgram)", 804 + sendmsg_v6_deny_prog_load, 805 + sendmsg_v6_deny_prog_destroy, 806 + BPF_CGROUP_UDP6_SENDMSG, 807 + &user_ops, 808 + AF_INET6, 809 + SOCK_DGRAM, 810 + SERV6_IP, 811 + SERV6_PORT, 812 + SERV6_REWRITE_IP, 813 + SERV6_REWRITE_PORT, 814 + SRC6_REWRITE_IP, 815 + SYSCALL_EPERM, 818 816 }, 819 817 { 820 818 SOCK_ADDR_TEST_SENDMSG, ··· 868 834 }, 869 835 { 870 836 SOCK_ADDR_TEST_SENDMSG, 837 + "sendmsg4: sock_sendmsg deny (dgram)", 838 + sendmsg_v4_deny_prog_load, 839 + sendmsg_v4_deny_prog_destroy, 840 + BPF_CGROUP_UDP4_SENDMSG, 841 + &kern_ops_sock_sendmsg, 842 + AF_INET, 843 + SOCK_DGRAM, 844 + SERV4_IP, 845 + SERV4_PORT, 846 + SERV4_REWRITE_IP, 847 + SERV4_REWRITE_PORT, 848 + SRC4_REWRITE_IP, 849 + SYSCALL_EPERM, 850 + }, 851 + { 852 + SOCK_ADDR_TEST_SENDMSG, 871 853 "sendmsg6: sock_sendmsg (dgram)", 872 854 sendmsg_v6_prog_load, 873 855 sendmsg_v6_prog_destroy, ··· 913 863 SERV6_PORT, 914 864 SRC6_IP, 915 865 SUCCESS, 866 + }, 867 + { 868 + SOCK_ADDR_TEST_SENDMSG, 869 + "sendmsg6: sock_sendmsg deny (dgram)", 870 + sendmsg_v6_deny_prog_load, 871 + sendmsg_v6_deny_prog_destroy, 872 + BPF_CGROUP_UDP6_SENDMSG, 873 + &kern_ops_sock_sendmsg, 874 + AF_INET6, 875 + SOCK_DGRAM, 876 + SERV6_IP, 877 + SERV6_PORT, 878 + SERV6_REWRITE_IP, 879 + SERV6_REWRITE_PORT, 880 + SRC6_REWRITE_IP, 881 + SYSCALL_EPERM, 916 882 }, 917 883 { 918 884 SOCK_ADDR_TEST_SENDMSG, ··· 966 900 }, 967 901 { 968 902 SOCK_ADDR_TEST_SENDMSG, 903 + "sendmsg4: kernel_sendmsg deny (dgram)", 904 + sendmsg_v4_deny_prog_load, 905 + sendmsg_v4_deny_prog_destroy, 906 + BPF_CGROUP_UDP4_SENDMSG, 907 + &kern_ops_kernel_sendmsg, 908 + AF_INET, 909 + SOCK_DGRAM, 910 + SERV4_IP, 911 + SERV4_PORT, 912 + SERV4_REWRITE_IP, 913 + SERV4_REWRITE_PORT, 914 + SRC4_REWRITE_IP, 915 + SYSCALL_EPERM, 916 + }, 917 + { 918 + SOCK_ADDR_TEST_SENDMSG, 969 919 "sendmsg6: kernel_sendmsg (dgram)", 970 920 sendmsg_v6_prog_load, 971 921 sendmsg_v6_prog_destroy, ··· 1011 929 SERV6_PORT, 1012 930 SRC6_IP, 1013 931 SUCCESS, 932 + }, 933 + { 934 + SOCK_ADDR_TEST_SENDMSG, 935 + "sendmsg6: kernel_sendmsg deny (dgram)", 936 + sendmsg_v6_deny_prog_load, 937 + sendmsg_v6_deny_prog_destroy, 938 + BPF_CGROUP_UDP6_SENDMSG, 939 + &kern_ops_kernel_sendmsg, 940 + AF_INET6, 941 + SOCK_DGRAM, 942 + SERV6_IP, 943 + SERV6_PORT, 944 + SERV6_REWRITE_IP, 945 + SERV6_REWRITE_PORT, 946 + SRC6_REWRITE_IP, 947 + SYSCALL_EPERM, 1014 948 }, 1015 949 { 1016 950 SOCK_ADDR_TEST_SENDMSG,
+6
tools/testing/selftests/bpf/progs/sendmsg4_prog.c
··· 49 49 return 1; 50 50 } 51 51 52 + SEC("cgroup/sendmsg4") 53 + int sendmsg_v4_deny_prog(struct bpf_sock_addr *ctx) 54 + { 55 + return 0; 56 + } 57 + 52 58 char _license[] SEC("license") = "GPL";
+6
tools/testing/selftests/bpf/progs/sendmsg6_prog.c
··· 65 65 return 1; 66 66 } 67 67 68 + SEC("cgroup/sendmsg6") 69 + int sendmsg_v6_deny_prog(struct bpf_sock_addr *ctx) 70 + { 71 + return 0; 72 + } 73 + 68 74 char _license[] SEC("license") = "GPL";
-45
tools/testing/selftests/bpf/test_sock_addr.c
··· 92 92 static int bind6_prog_load(const struct sock_addr_test *test); 93 93 static int connect4_prog_load(const struct sock_addr_test *test); 94 94 static int connect6_prog_load(const struct sock_addr_test *test); 95 - static int sendmsg_deny_prog_load(const struct sock_addr_test *test); 96 95 static int sendmsg4_rw_asm_prog_load(const struct sock_addr_test *test); 97 96 static int sendmsg6_rw_asm_prog_load(const struct sock_addr_test *test); 98 97 static int sendmsg6_rw_v4mapped_prog_load(const struct sock_addr_test *test); ··· 258 259 SUCCESS, 259 260 }, 260 261 { 261 - "sendmsg4: deny call", 262 - sendmsg_deny_prog_load, 263 - BPF_CGROUP_UDP4_SENDMSG, 264 - BPF_CGROUP_UDP4_SENDMSG, 265 - AF_INET, 266 - SOCK_DGRAM, 267 - SERV4_IP, 268 - SERV4_PORT, 269 - SERV4_REWRITE_IP, 270 - SERV4_REWRITE_PORT, 271 - SRC4_REWRITE_IP, 272 - SYSCALL_EPERM, 273 - }, 274 - { 275 262 "sendmsg6: load prog with wrong expected attach type", 276 263 sendmsg6_rw_asm_prog_load, 277 264 BPF_CGROUP_UDP4_SENDMSG, ··· 326 341 SERV6_REWRITE_PORT, 327 342 SRC6_REWRITE_IP, 328 343 SUCCESS, 329 - }, 330 - { 331 - "sendmsg6: deny call", 332 - sendmsg_deny_prog_load, 333 - BPF_CGROUP_UDP6_SENDMSG, 334 - BPF_CGROUP_UDP6_SENDMSG, 335 - AF_INET6, 336 - SOCK_DGRAM, 337 - SERV6_IP, 338 - SERV6_PORT, 339 - SERV6_REWRITE_IP, 340 - SERV6_REWRITE_PORT, 341 - SRC6_REWRITE_IP, 342 - SYSCALL_EPERM, 343 344 }, 344 345 }; 345 346 ··· 400 429 static int connect6_prog_load(const struct sock_addr_test *test) 401 430 { 402 431 return load_path(test, CONNECT6_PROG_PATH); 403 - } 404 - 405 - static int xmsg_ret_only_prog_load(const struct sock_addr_test *test, 406 - int32_t rc) 407 - { 408 - struct bpf_insn insns[] = { 409 - /* return rc */ 410 - BPF_MOV64_IMM(BPF_REG_0, rc), 411 - BPF_EXIT_INSN(), 412 - }; 413 - return load_insns(test, insns, ARRAY_SIZE(insns)); 414 - } 415 - 416 - static int sendmsg_deny_prog_load(const struct sock_addr_test *test) 417 - { 418 - return xmsg_ret_only_prog_load(test, /*rc*/ 0); 419 432 } 420 433 421 434 static int sendmsg4_rw_asm_prog_load(const struct sock_addr_test *test)