On 10/19/2018 09:27 AM, Song Liu wrote:
> Tests are added to make sure CGROUP_SKB cannot access:
> tc_classid, data_meta, flow_keys
>
> and can read and write:
> mark, prority, and cb[0-4]
>
> and can read other fields.
>
> To make selftest with skb->sk work, a dummy sk is added in
> bpf_prog_test_run_skb().
>
> Signed-off-by: Song Liu <songliubrav...@fb.com>
> ---
> net/bpf/test_run.c | 8 +
> tools/testing/selftests/bpf/test_verifier.c | 171 ++++++++++++++++++++
> 2 files changed, 179 insertions(+)
>
> diff --git a/net/bpf/test_run.c b/net/bpf/test_run.c
> index 0c423b8cd75c..ae2ab89a9291 100644
> --- a/net/bpf/test_run.c
> +++ b/net/bpf/test_run.c
> @@ -10,6 +10,8 @@
> #include <linux/etherdevice.h>
> #include <linux/filter.h>
> #include <linux/sched/signal.h>
> +#include <net/sock.h>
> +#include <net/tcp.h>
>
> static __always_inline u32 bpf_test_run_one(struct bpf_prog *prog, void *ctx,
> struct bpf_cgroup_storage *storage[MAX_BPF_CGROUP_STORAGE_TYPE])
> @@ -106,6 +108,8 @@ static void *bpf_test_init(const union bpf_attr *kattr,
> u32 size,
> return data;
> }
>
> +static struct sock test_run_sk = {0};
No need for the {0} : bss is guaranteed to be zero.
> +
> int bpf_prog_test_run_skb(struct bpf_prog *prog, const union bpf_attr *kattr,
> union bpf_attr __user *uattr)
> {
> @@ -137,11 +141,15 @@ int bpf_prog_test_run_skb(struct bpf_prog *prog, const
> union bpf_attr *kattr,
> break;
> }
>
> + sock_net_set(&test_run_sk, current->nsproxy->net_ns);
> + sock_init_data(NULL, &test_run_sk);
> +
>
Can bpf_prog_test_run_skb() be used in parallel from different CPUS/threads ?
If yes, this looks racy, and I would suggest to use a kzalloc()ed socket just
to be safe.
