From patchwork Tue Nov 28 17:54:21 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Xu X-Patchwork-Id: 170892 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce62:0:b0:403:3b70:6f57 with SMTP id o2csp4111366vqx; Tue, 28 Nov 2023 09:55:50 -0800 (PST) X-Google-Smtp-Source: AGHT+IE1wopfWtamJYVAlk8vgSrltEAsSA5H5hGXaB6WBMI1aeiwzFrA9EXdT8fUeQfAigLZDDGT X-Received: by 2002:a05:6a21:81a9:b0:18b:cd15:b832 with SMTP id pd41-20020a056a2181a900b0018bcd15b832mr14056714pzb.42.1701194150269; Tue, 28 Nov 2023 09:55:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701194150; cv=none; d=google.com; s=arc-20160816; b=Ty2zAe3cBvX9shsQIpCkN+bYtidmK+i1Nic75uX4GIt5LBANjCKdTrQtrfxloOoc5Q aZFtsLChXGQtWNXQv/bA8LsUtf+2ruLgT7k4td99UF5u0bWzDD4tQzE5T6blMtnTdZ/D sVcO2dOtclgtHn+Z7l1NEnrYNmCmXj9eTu16jzvWqfNxIkwXIRKbTwMorGjFitwU0E54 3nKQYteRtEXap95/ojpc/fliy8k+BUD2G7ctXe/WBusHQjg60k/NGJ6HP8CbqwEREKO0 moGnzhcF10RofMON0Fm62LSMaNn8oVazJBZABwBH6YzSSMLH3G//02ZL5coun/zY1AHa rHgg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :feedback-id:dkim-signature:dkim-signature; bh=xTRa+2HDeb46JzorfzVt/qXV/++HAxjSIWVmSYgsSnU=; fh=v5+x/MzR4Xbch6dLxSApKnPip5vlkfY3iUEFl3KBASQ=; b=MaKJjgskZn86DrwRMFrrcEBPSb+x2NAb/C6p9dGAwBcNm2yO/DTlz2ufSNaxF9x3lT 387jxSoPZOnWT2qYYyYwGFDD4IR2NjTGfIOBPDBMmri2cKoPEZ1R5TnrCS7aCqdfuh8z ex3Di9gMM8bMA+XDipAjditlQd1PvyKvoW9JZZATpCgefNHFp9b4tR0+LJ1UP1tQUzeY NQlWYYlMxSs8uO2WoWbbEInq0zfJcoqHCiPqMpXE+1BkeR3Olnl0U96alY71MqgtHPXd RfJ1DkaTKm68LeW1v7ePUYJ1gJAc8C5mc68hbhwDJdoYRnkuWn9W57K8RpZX063vHJms uY+Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@dxuuu.xyz header.s=fm3 header.b=Cg9d71I2; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=Wrvkl5xd; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from morse.vger.email (morse.vger.email. [23.128.96.31]) by mx.google.com with ESMTPS id j3-20020a056a00174300b006cb8505bc3fsi13039280pfc.40.2023.11.28.09.55.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 28 Nov 2023 09:55:50 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) client-ip=23.128.96.31; Authentication-Results: mx.google.com; dkim=pass header.i=@dxuuu.xyz header.s=fm3 header.b=Cg9d71I2; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=Wrvkl5xd; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id F0A38807C746; Tue, 28 Nov 2023 09:55:15 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1346668AbjK1RzA (ORCPT + 99 others); Tue, 28 Nov 2023 12:55:00 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57394 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1346540AbjK1Rys (ORCPT ); Tue, 28 Nov 2023 12:54:48 -0500 Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A0E0A1BE; Tue, 28 Nov 2023 09:54:52 -0800 (PST) Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 128555C018F; Tue, 28 Nov 2023 12:54:52 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Tue, 28 Nov 2023 12:54:52 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dxuuu.xyz; h=cc :cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to; s=fm3; t=1701194092; x= 1701280492; bh=xTRa+2HDeb46JzorfzVt/qXV/++HAxjSIWVmSYgsSnU=; b=C g9d71I2EiMhyFaB7G/c+W2ub7fXhRbjxh95I7vBEW2QS9Dw+pLj+AcwO7OijpfMU 1Htk0AG8diqMVk7CpWN1sWCNZQPcMXSKchp1hkvF6T/u+oBIa7nLkLUHuiWalOiG qy+UCZ0344uJ2BQxKcB5k5kgLJMsyttc1DunfTUJ1xjMVY97A86dqDm0ILP4rv64 G/tVlMdLIVYJGbRGwwjBvW7AkbfTZONn5YuKN7hg/mM6gDRmqpx7nWCWIodwbxys BSyUFmzplE5ZLRYs2IkWak5NEIif8aYQep6e1mMnm8d15lMWD0Dkw6Le/aZoHU9j TFi5vlzZobLvWt2PxXuLg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1701194092; x= 1701280492; bh=xTRa+2HDeb46JzorfzVt/qXV/++HAxjSIWVmSYgsSnU=; b=W rvkl5xdtP5PzKZ2mqbc6YRDUXm0U3EpXajrKJ+T+pimZWby+vMV9q9UdK+vySA/0 n5mqFBbGNNsap5SV3sodVc0adZnfKlupRF4V8vTqN69mt8EjBim/95+iOmh7Icb5 LDvLhfcSxFLeXxyDmbywWTg8ZoUWBnu8zXM3teJsdLfridjyrsyrUhse4KnpN8R0 oIms79Ptb3ZBlLnpgjCZ7Gl5WIcOhgHRLi0Rftwd3vAuzYSBmPtH2whzuR1tkA9s Xv63uaAgIXcYG63bsJGhKl5h/15iwpmH6t0d0ioBAYn8Egwk8FsCC9zaTJXnr1cK XQCRCLeMwvjt2rEgDgDUw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrudeifedguddthecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enfghrlhcuvffnffculdefhedmnecujfgurhephffvvefufffkofgjfhgggfestdekredt redttdenucfhrhhomhepffgrnhhivghlucgiuhcuoegugihusegugihuuhhurdighiiiqe enucggtffrrghtthgvrhhnpefgfefggeejhfduieekvdeuteffleeifeeuvdfhheejleej jeekgfffgefhtddtteenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrih hlfhhrohhmpegugihusegugihuuhhurdighiii X-ME-Proxy: Feedback-ID: i6a694271:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 28 Nov 2023 12:54:49 -0500 (EST) From: Daniel Xu To: kuba@kernel.org, steffen.klassert@secunet.com, john.fastabend@gmail.com, Herbert Xu , davem@davemloft.net, hawk@kernel.org, daniel@iogearbox.net, pabeni@redhat.com, edumazet@google.com, ast@kernel.org, antony.antony@secunet.com, alexei.starovoitov@gmail.com, yonghong.song@linux.dev, eddyz87@gmail.com Cc: linux-kernel@vger.kernel.org, netdev@vger.kernel.org, bpf@vger.kernel.org, devel@linux-ipsec.org Subject: [PATCH ipsec-next v2 1/6] bpf: xfrm: Add bpf_xdp_get_xfrm_state() kfunc Date: Tue, 28 Nov 2023 10:54:21 -0700 Message-ID: <490d156ba0dd547329eba79bc536623fb0a2006d.1701193577.git.dxu@dxuuu.xyz> X-Mailer: git-send-email 2.42.1 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Tue, 28 Nov 2023 09:55:16 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783831357100918220 X-GMAIL-MSGID: 1783831357100918220 This commit adds an unstable kfunc helper to access internal xfrm_state associated with an SA. This is intended to be used for the upcoming IPsec pcpu work to assign special pcpu SAs to a particular CPU. In other words: for custom software RSS. That being said, the function that this kfunc wraps is fairly generic and used for a lot of xfrm tasks. I'm sure people will find uses elsewhere over time. Co-developed-by: Antony Antony Signed-off-by: Antony Antony Signed-off-by: Daniel Xu --- include/net/xfrm.h | 9 +++ net/xfrm/Makefile | 1 + net/xfrm/xfrm_policy.c | 2 + net/xfrm/xfrm_state_bpf.c | 112 ++++++++++++++++++++++++++++++++++++++ 4 files changed, 124 insertions(+) create mode 100644 net/xfrm/xfrm_state_bpf.c diff --git a/include/net/xfrm.h b/include/net/xfrm.h index c9bb0f892f55..1d107241b901 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -2190,4 +2190,13 @@ static inline int register_xfrm_interface_bpf(void) #endif +#if IS_ENABLED(CONFIG_DEBUG_INFO_BTF) +int register_xfrm_state_bpf(void); +#else +static inline int register_xfrm_state_bpf(void) +{ + return 0; +} +#endif + #endif /* _NET_XFRM_H */ diff --git a/net/xfrm/Makefile b/net/xfrm/Makefile index cd47f88921f5..547cec77ba03 100644 --- a/net/xfrm/Makefile +++ b/net/xfrm/Makefile @@ -21,3 +21,4 @@ obj-$(CONFIG_XFRM_USER_COMPAT) += xfrm_compat.o obj-$(CONFIG_XFRM_IPCOMP) += xfrm_ipcomp.o obj-$(CONFIG_XFRM_INTERFACE) += xfrm_interface.o obj-$(CONFIG_XFRM_ESPINTCP) += espintcp.o +obj-$(CONFIG_DEBUG_INFO_BTF) += xfrm_state_bpf.o diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index c13dc3ef7910..1b7e75159727 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -4218,6 +4218,8 @@ void __init xfrm_init(void) #ifdef CONFIG_XFRM_ESPINTCP espintcp_init(); #endif + + register_xfrm_state_bpf(); } #ifdef CONFIG_AUDITSYSCALL diff --git a/net/xfrm/xfrm_state_bpf.c b/net/xfrm/xfrm_state_bpf.c new file mode 100644 index 000000000000..1681825db506 --- /dev/null +++ b/net/xfrm/xfrm_state_bpf.c @@ -0,0 +1,112 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* Unstable XFRM state BPF helpers. + * + * Note that it is allowed to break compatibility for these functions since the + * interface they are exposed through to BPF programs is explicitly unstable. + */ + +#include +#include +#include +#include +#include + +/* bpf_xfrm_state_opts - Options for XFRM state lookup helpers + * + * Members: + * @error - Out parameter, set for any errors encountered + * Values: + * -EINVAL - netns_id is less than -1 + * -EINVAL - opts__sz isn't BPF_XFRM_STATE_OPTS_SZ + * -ENONET - No network namespace found for netns_id + * @netns_id - Specify the network namespace for lookup + * Values: + * BPF_F_CURRENT_NETNS (-1) + * Use namespace associated with ctx + * [0, S32_MAX] + * Network Namespace ID + * @mark - XFRM mark to match on + * @daddr - Destination address to match on + * @spi - Security parameter index to match on + * @proto - L3 protocol to match on + * @family - L3 protocol family to match on + */ +struct bpf_xfrm_state_opts { + s32 error; + s32 netns_id; + u32 mark; + xfrm_address_t daddr; + __be32 spi; + u8 proto; + u16 family; +}; + +enum { + BPF_XFRM_STATE_OPTS_SZ = sizeof(struct bpf_xfrm_state_opts), +}; + +__bpf_kfunc_start_defs(); + +/* bpf_xdp_get_xfrm_state - Get XFRM state + * + * Parameters: + * @ctx - Pointer to ctx (xdp_md) in XDP program + * Cannot be NULL + * @opts - Options for lookup (documented above) + * Cannot be NULL + * @opts__sz - Length of the bpf_xfrm_state_opts structure + * Must be BPF_XFRM_STATE_OPTS_SZ + */ +__bpf_kfunc struct xfrm_state * +bpf_xdp_get_xfrm_state(struct xdp_md *ctx, struct bpf_xfrm_state_opts *opts, u32 opts__sz) +{ + struct xdp_buff *xdp = (struct xdp_buff *)ctx; + struct net *net = dev_net(xdp->rxq->dev); + struct xfrm_state *x; + + if (!opts || opts__sz < sizeof(opts->error)) + return NULL; + + if (opts__sz != BPF_XFRM_STATE_OPTS_SZ) { + opts->error = -EINVAL; + return NULL; + } + + if (unlikely(opts->netns_id < BPF_F_CURRENT_NETNS)) { + opts->error = -EINVAL; + return NULL; + } + + if (opts->netns_id >= 0) { + net = get_net_ns_by_id(net, opts->netns_id); + if (unlikely(!net)) { + opts->error = -ENONET; + return NULL; + } + } + + x = xfrm_state_lookup(net, opts->mark, &opts->daddr, opts->spi, + opts->proto, opts->family); + + if (opts->netns_id >= 0) + put_net(net); + + return x; +} + +__bpf_kfunc_end_defs(); + +BTF_SET8_START(xfrm_state_kfunc_set) +BTF_ID_FLAGS(func, bpf_xdp_get_xfrm_state, KF_RET_NULL | KF_ACQUIRE) +BTF_SET8_END(xfrm_state_kfunc_set) + +static const struct btf_kfunc_id_set xfrm_state_xdp_kfunc_set = { + .owner = THIS_MODULE, + .set = &xfrm_state_kfunc_set, +}; + +int __init register_xfrm_state_bpf(void) +{ + return register_btf_kfunc_id_set(BPF_PROG_TYPE_XDP, + &xfrm_state_xdp_kfunc_set); +} From patchwork Tue Nov 28 17:54:22 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Xu X-Patchwork-Id: 170899 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce62:0:b0:403:3b70:6f57 with SMTP id o2csp4111746vqx; Tue, 28 Nov 2023 09:56:35 -0800 (PST) X-Google-Smtp-Source: AGHT+IE4qV0UK5fMei/ZDiDyY+s0qjpTms1DmekxZ2vCfPmyi8t8GM5P1pOv7AXuBXuEnT6iA3w4 X-Received: by 2002:a17:90a:a08e:b0:280:3650:382a with SMTP id r14-20020a17090aa08e00b002803650382amr17065735pjp.16.1701194195051; Tue, 28 Nov 2023 09:56:35 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701194195; cv=none; d=google.com; s=arc-20160816; b=kEKw4N44iFnUTJCylYehMrpAu3Y1jORj4DnBGT+b0aLmjqxfKpDnd0JfDNHkeTqv/e bvs5gvF4ytaTMBUigJIhNQZxcXBBSN+3QJjWciOMI1lNrzRfepb6Vn4n77vgzjvnAprX /rLl6OU1ULXhGt6JJ1zj9rvhJ53ZjYvEiCHtnRY9ABLr5o8yNv5/m8fY7XQrluPOzjU6 uO79jBXQhKdpeR+rwbKc79YCu3EakKC4k9MBtIezz2nETlrm6g00IwZNYIaf0PI6BcXR 99FXOlOTcQUwqpEpirGxDcWTlxfb9iVz9mrTOvePr95YJfSn60qYwfwjJb5P8pGk0NgW lwxw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :feedback-id:dkim-signature:dkim-signature; bh=gTC80DkbSwec6++klwVY+AjSyF2q8Jrio27MwPjAqCs=; fh=iAYcSdWuAUr6+TNz994QM/lgTJGPcAUkMsKb/QAvXHU=; b=iqHGVxvhNDrSqCqyoT9Ke8lDIH0OXrUlS1koWD+wdE54AYAjiKrMiHU/4jYkF248m0 wOjVR8bRrI+Wxvg9MxN2rYxG3nOcwwq8eSdLYUdQPPVZZijsJanKN7YdqsrnF+FE0ZQD a6RSH49R30sqc2/bnj06VRLL2NrbrDdYcxeqQjCO8/dd2o0rHbcKLSNVbn/33oeVNVPi /Q7rbgyruBgDpy8mq9V1o4pdPxu9lUK4Nj5lKtlt19FvXNBaD3FVDNKFdNRVcleiENWM eAIfYsGbSfovzi+1anMzJYoww4WWIZkrV1ACMjk2cwc++otC5nIH3vFIe2Eiea1nLxU+ ipoA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@dxuuu.xyz header.s=fm3 header.b=CaGi8k5s; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b="WJ3Q6IC/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from groat.vger.email (groat.vger.email. [2620:137:e000::3:5]) by mx.google.com with ESMTPS id ot16-20020a17090b3b5000b00285baead549si6498482pjb.157.2023.11.28.09.56.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 28 Nov 2023 09:56:35 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) client-ip=2620:137:e000::3:5; Authentication-Results: mx.google.com; dkim=pass header.i=@dxuuu.xyz header.s=fm3 header.b=CaGi8k5s; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b="WJ3Q6IC/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id C26678052BE1; Tue, 28 Nov 2023 09:55:23 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1346600AbjK1RzC (ORCPT + 99 others); Tue, 28 Nov 2023 12:55:02 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57408 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1346550AbjK1Rys (ORCPT ); Tue, 28 Nov 2023 12:54:48 -0500 Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 317EB1707; Tue, 28 Nov 2023 09:54:54 -0800 (PST) Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 90CFA5C00CC; Tue, 28 Nov 2023 12:54:53 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Tue, 28 Nov 2023 12:54:53 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dxuuu.xyz; h=cc :cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to; s=fm3; t=1701194093; x= 1701280493; bh=gTC80DkbSwec6++klwVY+AjSyF2q8Jrio27MwPjAqCs=; b=C aGi8k5sHfniVuQkeLjNo+EwdelKOnWfBnyMb/NMRdFN2srfwApTVGpdTK/n3qohb eMw/JDKfn8ZfPFNy3nCGUuarKaN1cjpuIxbTJ/adrtrwGs3rlCv8pL4dHkcsZsjY SqSZsBm3a9UO2Vz47jVh/1TuvUgD5kOn6PsJFBFHCyGn6aWwDb/k1sKqF9E7cvn2 4F60FeOpMXQ2au9hMVsWUDnojnzpa60ZJLi2muhcXN7J99UxGVA7oK1Hy1dTyczu WnrHI0Uecqqj4K/WuwloljYHPOb+DmHTlBTFl/XMMUkN73DrxfqXxgxcnc0xMHxx naRv7BF5NU0P/VbphyTIw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1701194093; x= 1701280493; bh=gTC80DkbSwec6++klwVY+AjSyF2q8Jrio27MwPjAqCs=; b=W J3Q6IC/dJzA+vWKAxn4aHyxUbT/H9FEqv/g2vfQYbo/zy1gS5pVTBZF0LYuP18LN R6dMSn66K4WVmofy+pKRKy6F18e4UXBpTdm4wO/mlzfL027XpYQx5e4bzUN9x+75 ENITXXqyEplY3QWT0LJ0cDppvGaKWs5+VMsISd9eJcYZtZcxOI2Cx6Mp5RW7lF9e enHuDaCjkAlhIEJob6S/uwr/FbT/5u1WmI/mTXDQmymriX657vRhtMo4z14sM+mO uIUtCwcNVvp+pXurm+Y4+73YsXkWM7kPIAsplqsbc2lNNxn9B3zUf/mQqpmctW96 glw8nkjQd2iACwE17d1HQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrudeifedguddthecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enfghrlhcuvffnffculdefhedmnecujfgurhephffvvefufffkofgjfhgggfestdekredt redttdenucfhrhhomhepffgrnhhivghlucgiuhcuoegugihusegugihuuhhurdighiiiqe enucggtffrrghtthgvrhhnpefgfefggeejhfduieekvdeuteffleeifeeuvdfhheejleej jeekgfffgefhtddtteenucevlhhushhtvghrufhiiigvpedunecurfgrrhgrmhepmhgrih hlfhhrohhmpegugihusegugihuuhhurdighiii X-ME-Proxy: Feedback-ID: i6a694271:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 28 Nov 2023 12:54:52 -0500 (EST) From: Daniel Xu To: kuba@kernel.org, steffen.klassert@secunet.com, john.fastabend@gmail.com, Herbert Xu , davem@davemloft.net, hawk@kernel.org, daniel@iogearbox.net, pabeni@redhat.com, edumazet@google.com, ast@kernel.org, antony.antony@secunet.com, alexei.starovoitov@gmail.com, yonghong.song@linux.dev, eddyz87@gmail.com Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, bpf@vger.kernel.org, devel@linux-ipsec.org Subject: [PATCH ipsec-next v2 2/6] bpf: xfrm: Add bpf_xdp_xfrm_state_release() kfunc Date: Tue, 28 Nov 2023 10:54:22 -0700 Message-ID: X-Mailer: git-send-email 2.42.1 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Tue, 28 Nov 2023 09:55:24 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783831404244777741 X-GMAIL-MSGID: 1783831404244777741 This kfunc releases a previously acquired xfrm_state from bpf_xdp_get_xfrm_state(). Co-developed-by: Antony Antony Signed-off-by: Antony Antony Signed-off-by: Daniel Xu --- net/xfrm/xfrm_state_bpf.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/net/xfrm/xfrm_state_bpf.c b/net/xfrm/xfrm_state_bpf.c index 1681825db506..1485b9da9425 100644 --- a/net/xfrm/xfrm_state_bpf.c +++ b/net/xfrm/xfrm_state_bpf.c @@ -94,10 +94,26 @@ bpf_xdp_get_xfrm_state(struct xdp_md *ctx, struct bpf_xfrm_state_opts *opts, u32 return x; } +/* bpf_xdp_xfrm_state_release - Release acquired xfrm_state object + * + * This must be invoked for referenced PTR_TO_BTF_ID, and the verifier rejects + * the program if any references remain in the program in all of the explored + * states. + * + * Parameters: + * @x - Pointer to referenced xfrm_state object, obtained using + * bpf_xdp_get_xfrm_state. + */ +__bpf_kfunc void bpf_xdp_xfrm_state_release(struct xfrm_state *x) +{ + xfrm_state_put(x); +} + __bpf_kfunc_end_defs(); BTF_SET8_START(xfrm_state_kfunc_set) BTF_ID_FLAGS(func, bpf_xdp_get_xfrm_state, KF_RET_NULL | KF_ACQUIRE) +BTF_ID_FLAGS(func, bpf_xdp_xfrm_state_release, KF_RELEASE) BTF_SET8_END(xfrm_state_kfunc_set) static const struct btf_kfunc_id_set xfrm_state_xdp_kfunc_set = { From patchwork Tue Nov 28 17:54:23 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Xu X-Patchwork-Id: 170898 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce62:0:b0:403:3b70:6f57 with SMTP id o2csp4111694vqx; Tue, 28 Nov 2023 09:56:30 -0800 (PST) X-Google-Smtp-Source: AGHT+IF1y9+Fpv+gJc+hpHvj67s2hnbCT547FcHuAt1R9pb9xjtW/R4nnoHRbup8OjxbGQ6frbwT X-Received: by 2002:a05:6a00:3926:b0:68f:a92a:8509 with SMTP id fh38-20020a056a00392600b0068fa92a8509mr30465902pfb.7.1701194190085; Tue, 28 Nov 2023 09:56:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701194190; cv=none; d=google.com; s=arc-20160816; b=lQlyS/RQuEAm+3uIkyOxqWooEVE//mmIYmcDtfmopJGftHX1FEWsuu9tgPMpw3/Jwg KKs+acLULsP4YRfP3zr/6zxvAOV04zg/hrWjrvgPkysnpUThuuPdm9k0+rats0ez69yw n0SO4Kl+lrHugErfxS88XGGvdbn6zcWTeVNDRxHn6+DFhyq1BeeYDWkorZrBImwiEmkO LGjmQ1Sm6vJ3pMrGXtMrg9GgZC5/m5Xpl6Xb7nnQXWYqk+AaFVgRIsc0gjXliNBR1IDJ twY+bX1s5yeQbXtM4o1XRoienoMdgwkAwg6loZ/6kaXxdHfVqGUhh4RNXelBy45yABrH FjsQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :feedback-id:dkim-signature:dkim-signature; bh=dglH5gXWrAma2xG/u6UyN2gBVthWUPYa50A8Hb6InUE=; fh=0HAHtITq3ywsUkKweeSnLGMdlzfcfzek5mSjqVFpvm0=; b=i2fwFqmjGG93tOnwUg+68KyiaaFtcMXpBEVd3y/WfnltIqTbPN6M4u6oJHj4nCyq3O npE9WM3ZhXyp2uZmBvkj4WdS5I/TKXpXoGmRg5iUhWeP7j/kEGnDUiH2a1WY8ccQExgT drR9PuPbuglRl98USdCHVD4ePUchvEIyZKJ8Cgw3T44Q0Cjht0aKOkmCQVqqrn/UH+7s tS+ogV26nQ1g8nKc9vMPaWkfgbfJpzQgIEWVZv85e7VMwIXgjZ/8FTjc1c0KawZR3rZ3 fa9rkpP8Wgk3fQonL4rEE03LjqvARieL7CjNfpUTL+vKIFAcw8NgY8d3O2/GHBzurALc tbQQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@dxuuu.xyz header.s=fm3 header.b=Wufyli4R; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=y5wRvLz4; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from lipwig.vger.email (lipwig.vger.email. [23.128.96.33]) by mx.google.com with ESMTPS id fi37-20020a056a0039a500b006cb69513cc5si13030191pfb.254.2023.11.28.09.56.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 28 Nov 2023 09:56:30 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) client-ip=23.128.96.33; Authentication-Results: mx.google.com; dkim=pass header.i=@dxuuu.xyz header.s=fm3 header.b=Wufyli4R; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=y5wRvLz4; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id 57FE5804C1B8; Tue, 28 Nov 2023 09:56:24 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1346700AbjK1Rz2 (ORCPT + 99 others); Tue, 28 Nov 2023 12:55:28 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57408 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1346718AbjK1Ry5 (ORCPT ); Tue, 28 Nov 2023 12:54:57 -0500 Received: from new1-smtp.messagingengine.com (new1-smtp.messagingengine.com [66.111.4.221]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5D33F19A9; Tue, 28 Nov 2023 09:54:56 -0800 (PST) Received: from compute6.internal (compute6.nyi.internal [10.202.2.47]) by mailnew.nyi.internal (Postfix) with ESMTP id 84CC8580546; Tue, 28 Nov 2023 12:54:55 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute6.internal (MEProxy); Tue, 28 Nov 2023 12:54:55 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dxuuu.xyz; h=cc :cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to; s=fm3; t=1701194095; x= 1701201295; bh=dglH5gXWrAma2xG/u6UyN2gBVthWUPYa50A8Hb6InUE=; b=W ufyli4REJ6JnBRtaCU0Pz86CKsnf932Pu+Z1cKsmfMjG+Ci4d7bs9UUBeQFI2a3Z 8XUw42JDgjOHCUPM3IqNgQMLNWZZBE5mt7sCPf5c/ysdk++c7IoenDZg4nBbOHgK b9IZnrV6XiK0nqYbArcBNb84FCOoqEtRH0UyQl56be+MlJddD5cNNA3uURFbIVQ9 K5KOpbQzaNS7V84uasdXFWMEdArjFCSVP7ZNZ3te7gFsthpvlohNiLJLLqAgZhF5 KUceYnLFE63tbc7oQuSWRgc8+PLMOovz3AwuVJzUPYagEBjCQ86VfUz3SMNvKPpm ncjiXkY5X+M9c8irtsWsA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1701194095; x= 1701201295; bh=dglH5gXWrAma2xG/u6UyN2gBVthWUPYa50A8Hb6InUE=; b=y 5wRvLz4my7qdH4DHDizhlFoKpOIq6VA5lVQT2dAdB9OCLcoHpLR2/h0Ya2qG5SXF lrr7hXSr1D61GEM6vFPQYc55luZEnd/oNsvWfA6lBCoTuSinKaDEhPF7E3VvImCG t6exMEvJQ3gChzFrKv9T6gjnoqsnCCFTjk7Q+eVc7xINCj4UrYNRrvqhVjrPJxQb GQr6pK+b45s7QtsFOCBOeVBSkDUZou2MeHBjateUWZuvq6JFP+GyeAGpl974niC/ AfCOMPr2zLvHhDZKlvRYJrshrkjlk3DyUJMn8Im9dU7FDs7CAHXkeEJUkMo8D4PW BVQwi6K/oLv8bMcVsxPng== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrudeifedguddthecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecufghrlhcuvffnffculddvfedmnecujfgurhephf fvvefufffkofgjfhgggfestdekredtredttdenucfhrhhomhepffgrnhhivghlucgiuhcu oegugihusegugihuuhhurdighiiiqeenucggtffrrghtthgvrhhnpeeigeffteehteffhe ejkeefjeeuudfgvdekkeetudeghedugffgleffhefgjeevgfenucffohhmrghinheplhhl vhhmrdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrh homhepugiguhesugiguhhuuhdrgiihii X-ME-Proxy: Feedback-ID: i6a694271:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 28 Nov 2023 12:54:53 -0500 (EST) From: Daniel Xu To: ndesaulniers@google.com, andrii@kernel.org, nathan@kernel.org, daniel@iogearbox.net, ast@kernel.org, steffen.klassert@secunet.com, antony.antony@secunet.com, alexei.starovoitov@gmail.com, yonghong.song@linux.dev, eddyz87@gmail.com Cc: martin.lau@linux.dev, song@kernel.org, john.fastabend@gmail.com, kpsingh@kernel.org, sdf@google.com, haoluo@google.com, jolsa@kernel.org, trix@redhat.com, bpf@vger.kernel.org, linux-kernel@vger.kernel.org, llvm@lists.linux.dev, devel@linux-ipsec.org, netdev@vger.kernel.org Subject: [PATCH ipsec-next v2 3/6] libbpf: Add BPF_CORE_WRITE_BITFIELD() macro Date: Tue, 28 Nov 2023 10:54:23 -0700 Message-ID: X-Mailer: git-send-email 2.42.1 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Tue, 28 Nov 2023 09:56:24 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783831399014738219 X-GMAIL-MSGID: 1783831399014738219 Similar to reading from CO-RE bitfields, we need a CO-RE aware bitfield writing wrapper to make the verifier happy. Two alternatives to this approach are: 1. Use the upcoming `preserve_static_offset` [0] attribute to disable CO-RE on specific structs. 2. Use broader byte-sized writes to write to bitfields. (1) is a bit a bit hard to use. It requires specific and not-very-obvious annotations to bpftool generated vmlinux.h. It's also not generally available in released LLVM versions yet. (2) makes the code quite hard to read and write. And especially if BPF_CORE_READ_BITFIELD() is already being used, it makes more sense to to have an inverse helper for writing. [0]: https://reviews.llvm.org/D133361 From: Eduard Zingerman Signed-off-by: Daniel Xu --- tools/lib/bpf/bpf_core_read.h | 36 +++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/tools/lib/bpf/bpf_core_read.h b/tools/lib/bpf/bpf_core_read.h index 1ac57bb7ac55..7a764f65d299 100644 --- a/tools/lib/bpf/bpf_core_read.h +++ b/tools/lib/bpf/bpf_core_read.h @@ -111,6 +111,42 @@ enum bpf_enum_value_kind { val; \ }) +/* + * Write to a bitfield, identified by s->field. + * This is the inverse of BPF_CORE_WRITE_BITFIELD(). + */ +#define BPF_CORE_WRITE_BITFIELD(s, field, new_val) ({ \ + void *p = (void *)s + __CORE_RELO(s, field, BYTE_OFFSET); \ + unsigned int byte_size = __CORE_RELO(s, field, BYTE_SIZE); \ + unsigned int lshift = __CORE_RELO(s, field, LSHIFT_U64); \ + unsigned int rshift = __CORE_RELO(s, field, RSHIFT_U64); \ + unsigned int bit_size = (rshift - lshift); \ + unsigned long long nval, val, hi, lo; \ + \ + asm volatile("" : "+r"(p)); \ + \ + switch (byte_size) { \ + case 1: val = *(unsigned char *)p; break; \ + case 2: val = *(unsigned short *)p; break; \ + case 4: val = *(unsigned int *)p; break; \ + case 8: val = *(unsigned long long *)p; break; \ + } \ + hi = val >> (bit_size + rshift); \ + hi <<= bit_size + rshift; \ + lo = val << (bit_size + lshift); \ + lo >>= bit_size + lshift; \ + nval = new_val; \ + nval <<= lshift; \ + nval >>= rshift; \ + val = hi | nval | lo; \ + switch (byte_size) { \ + case 1: *(unsigned char *)p = val; break; \ + case 2: *(unsigned short *)p = val; break; \ + case 4: *(unsigned int *)p = val; break; \ + case 8: *(unsigned long long *)p = val; break; \ + } \ +}) + #define ___bpf_field_ref1(field) (field) #define ___bpf_field_ref2(type, field) (((typeof(type) *)0)->field) #define ___bpf_field_ref(args...) \ From patchwork Tue Nov 28 17:54:24 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Xu X-Patchwork-Id: 170901 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce62:0:b0:403:3b70:6f57 with SMTP id o2csp4111789vqx; Tue, 28 Nov 2023 09:56:41 -0800 (PST) X-Google-Smtp-Source: AGHT+IFn8bzXkYRHPBbJrFzu/nWDWx8pP31hXMYOx87GnY6DshPZ9mRAhAa+FLz/oz4tNFdgP3fp X-Received: by 2002:a17:903:2304:b0:1cf:d934:bd8a with SMTP id d4-20020a170903230400b001cfd934bd8amr6926425plh.17.1701194201332; Tue, 28 Nov 2023 09:56:41 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701194201; cv=none; d=google.com; s=arc-20160816; b=0QeQmT3Fhysju53fSWVH/r+ohFJUmaj/eMrejYTz6VwtxdrgPfPO/xeJ80MJLIcylx Prydg/sExzS9JbSmYiKHhBiLfk4bdwI5shcpSk6sTREnFN8rDTuGvp/LNbxcwNv8w4yV Q/ez6AgGaIi3wR6ik5vEcRhEiDxoiVH1I01AF6XFPcCfIXHxzeJdhsuo4Oq4vcqG+YaF cSFEx0tkQPJt9kC92T/xPFgiPrWrd2tAeshx58Llk2Y040mt7ZsxSXY2lPcak7w1l1Ei gSz4MszBD1Ibszox4FNBr3yWRJaJKmst5IPnzTAc5dRWoz3vYgLRZCsQoi2l5EZotszd W7mg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :feedback-id:dkim-signature:dkim-signature; bh=9Zj48xwH3RKj/ArgA1aCuMUGNgo6h0Y1fWoiEhljy1A=; fh=GvyVPdxQgUGovSuJ7LqFT0gVm38jV7pLYViU+rDEGJs=; b=XSa5IoiIlTH8Z7gijjowYFAWxjvI2OpRXljXl2aLCFQs1FBT5UXX01pncOcX7gtR3z OJmgSRglhNvGP2SU542wKymvucnUAR1TWsHnowhnpXPLkIINmLO7TreA6VGw5PPCNcdy lkoguW45OmPNaYYEF5KDdNDaep/ESWfm5VJ7OkqW6T2BtC/fDp6FtGngcSmoho4fwZxV zjNyP0alLMfJo1Uze1bH3jZ8xcUAGMROPYyKHSbXxu6QGQJTiZ9GpIuWBTPIxEGMshVA upWt5KUCqmPYXpqat6DDdUC4mqEyQcyoy7ue48+uhjk1fvwO+5eODGpUO+0DwngGy0cD Rk/g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@dxuuu.xyz header.s=fm3 header.b="PlIqAg/F"; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=FuXkUFwk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id n12-20020a1709026a8c00b001c9c89fd36dsi12069541plk.203.2023.11.28.09.56.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 28 Nov 2023 09:56:41 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; dkim=pass header.i=@dxuuu.xyz header.s=fm3 header.b="PlIqAg/F"; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=FuXkUFwk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id DE481807755B; Tue, 28 Nov 2023 09:55:54 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1376263AbjK1Rzi (ORCPT + 99 others); Tue, 28 Nov 2023 12:55:38 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43710 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1346777AbjK1RzI (ORCPT ); Tue, 28 Nov 2023 12:55:08 -0500 Received: from new1-smtp.messagingengine.com (new1-smtp.messagingengine.com [66.111.4.221]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1ED31D63; Tue, 28 Nov 2023 09:54:58 -0800 (PST) Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailnew.nyi.internal (Postfix) with ESMTP id 58807580898; Tue, 28 Nov 2023 12:54:57 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Tue, 28 Nov 2023 12:54:57 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dxuuu.xyz; h=cc :cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to; s=fm3; t=1701194097; x= 1701201297; bh=9Zj48xwH3RKj/ArgA1aCuMUGNgo6h0Y1fWoiEhljy1A=; b=P lIqAg/F4BwMyly8UootJU70U7FOTU0x6laVDjOerMzudpPjzA0gph8zLoGV63W2q SN2F3Qz2uvOS2zAI4tAtCTR3BbQ6YjLmJW4JwQci/QI7WXXYOBWv40y0e3q0Od0l J7l01AyZSGiJ/WVYuvToqDpiY+nWMj1hi+5aMw5RBSO/xjkT/yJskJ/CbN2JS+t2 6yjl/tG8b1MksXv1WNlA1h63OX7ZnhLho63x6vyeiXHHfyzy6+/XbwCrhMGXtb58 5SUEJ1uoER2QIy9AZ9ZoF4HV7ps/2zHuc/IJfrY68obwsZp0sf6TjK3K0fIPIZuJ fVdC5dYbVPnGZZkVR4n+w== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1701194097; x= 1701201297; bh=9Zj48xwH3RKj/ArgA1aCuMUGNgo6h0Y1fWoiEhljy1A=; b=F uXkUFwk+DnEFrFU1oD2gOzlyFaiL3pt/uFjHUcMkBn6nBYcFzdFCyX8Gsq4ZbqX6 53SvCCySKvfOQKiRDUXXarCNvimj1YLx6cC/RMYunok2qAwCE+Gf91WxwayEastK DycNIMa6nHbsRZNqO3wylV2OEn35FnKUgZWXXiCelHSbLp31u7EuMJTqXswS2cdN sUZexwGTKJyt71+wW14paWzF9N7WFCcQMs/fgZPg9EJAFJDQc1MMqIZLRWF5YkFH 91bNXF9ibqpj62CuWH2/xmni8N4Y4XKkOOtCG82jRS/k67i7gi8b5zI929lnyxbm brL5iDMvAZwMUtq447yDw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrudeifedguddthecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecufghrlhcuvffnffculdefhedmnecujfgurhephf fvvefufffkofgjfhgggfestdekredtredttdenucfhrhhomhepffgrnhhivghlucgiuhcu oegugihusegugihuuhhurdighiiiqeenucggtffrrghtthgvrhhnpefgfefggeejhfduie ekvdeuteffleeifeeuvdfhheejleejjeekgfffgefhtddtteenucevlhhushhtvghrufhi iigvpedvnecurfgrrhgrmhepmhgrihhlfhhrohhmpegugihusegugihuuhhurdighiii X-ME-Proxy: Feedback-ID: i6a694271:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 28 Nov 2023 12:54:55 -0500 (EST) From: Daniel Xu To: andrii@kernel.org, shuah@kernel.org, ast@kernel.org, daniel@iogearbox.net, steffen.klassert@secunet.com, antony.antony@secunet.com, alexei.starovoitov@gmail.com, yonghong.song@linux.dev, eddyz87@gmail.com Cc: mykolal@fb.com, martin.lau@linux.dev, song@kernel.org, john.fastabend@gmail.com, kpsingh@kernel.org, sdf@google.com, haoluo@google.com, jolsa@kernel.org, bpf@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, devel@linux-ipsec.org, netdev@vger.kernel.org Subject: [PATCH ipsec-next v2 4/6] bpf: selftests: test_tunnel: Use vmlinux.h declarations Date: Tue, 28 Nov 2023 10:54:24 -0700 Message-ID: <89c157c177116e2040b8b5d62a9e34e5c518048b.1701193577.git.dxu@dxuuu.xyz> X-Mailer: git-send-email 2.42.1 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Tue, 28 Nov 2023 09:55:55 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783831410959677515 X-GMAIL-MSGID: 1783831410959677515 vmlinux.h declarations are more ergnomic, especially when working with kfuncs. The uapi headers are often incomplete for kfunc definitions. This commit also switches bitfield accesses to use CO-RE helpers. Switching to vmlinux.h definitions makes the verifier very unhappy with raw bitfield accesses. The error is: ; md.u.md2.dir = direction; 33: (69) r1 = *(u16 *)(r2 +11) misaligned stack access off (0x0; 0x0)+-64+11 size 2 Fix by using CO-RE-aware bitfield reads and writes. Co-developed-by: Antony Antony Signed-off-by: Antony Antony Signed-off-by: Daniel Xu --- .../selftests/bpf/progs/bpf_tracing_net.h | 1 + .../selftests/bpf/progs/test_tunnel_kern.c | 76 +++++-------------- 2 files changed, 22 insertions(+), 55 deletions(-) diff --git a/tools/testing/selftests/bpf/progs/bpf_tracing_net.h b/tools/testing/selftests/bpf/progs/bpf_tracing_net.h index 0b793a102791..1bdc680b0e0e 100644 --- a/tools/testing/selftests/bpf/progs/bpf_tracing_net.h +++ b/tools/testing/selftests/bpf/progs/bpf_tracing_net.h @@ -26,6 +26,7 @@ #define IPV6_AUTOFLOWLABEL 70 #define TC_ACT_UNSPEC (-1) +#define TC_ACT_OK 0 #define TC_ACT_SHOT 2 #define SOL_TCP 6 diff --git a/tools/testing/selftests/bpf/progs/test_tunnel_kern.c b/tools/testing/selftests/bpf/progs/test_tunnel_kern.c index f66af753bbbb..b320fb7bb080 100644 --- a/tools/testing/selftests/bpf/progs/test_tunnel_kern.c +++ b/tools/testing/selftests/bpf/progs/test_tunnel_kern.c @@ -6,62 +6,26 @@ * modify it under the terms of version 2 of the GNU General Public * License as published by the Free Software Foundation. */ -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include +#include "vmlinux.h" +#include #include #include +#include "bpf_kfuncs.h" +#include "bpf_tracing_net.h" #define log_err(__ret) bpf_printk("ERROR line:%d ret:%d\n", __LINE__, __ret) -#define VXLAN_UDP_PORT 4789 +#define VXLAN_UDP_PORT 4789 +#define ETH_P_IP 0x0800 +#define PACKET_HOST 0 +#define TUNNEL_CSUM bpf_htons(0x01) +#define TUNNEL_KEY bpf_htons(0x04) /* Only IPv4 address assigned to veth1. * 172.16.1.200 */ #define ASSIGNED_ADDR_VETH1 0xac1001c8 -struct geneve_opt { - __be16 opt_class; - __u8 type; - __u8 length:5; - __u8 r3:1; - __u8 r2:1; - __u8 r1:1; - __u8 opt_data[8]; /* hard-coded to 8 byte */ -}; - -struct vxlanhdr { - __be32 vx_flags; - __be32 vx_vni; -} __attribute__((packed)); - -struct vxlan_metadata { - __u32 gbp; -}; - -struct bpf_fou_encap { - __be16 sport; - __be16 dport; -}; - -enum bpf_fou_encap_type { - FOU_BPF_ENCAP_FOU, - FOU_BPF_ENCAP_GUE, -}; - int bpf_skb_set_fou_encap(struct __sk_buff *skb_ctx, struct bpf_fou_encap *encap, int type) __ksym; int bpf_skb_get_fou_encap(struct __sk_buff *skb_ctx, @@ -205,9 +169,9 @@ int erspan_set_tunnel(struct __sk_buff *skb) __u8 hwid = 7; md.version = 2; - md.u.md2.dir = direction; - md.u.md2.hwid = hwid & 0xf; - md.u.md2.hwid_upper = (hwid >> 4) & 0x3; + BPF_CORE_WRITE_BITFIELD(&md.u.md2, dir, direction); + BPF_CORE_WRITE_BITFIELD(&md.u.md2, hwid, (hwid & 0xf)); + BPF_CORE_WRITE_BITFIELD(&md.u.md2, hwid_upper, (hwid >> 4) & 0x3); #endif ret = bpf_skb_set_tunnel_opt(skb, &md, sizeof(md)); @@ -246,8 +210,9 @@ int erspan_get_tunnel(struct __sk_buff *skb) bpf_printk("\tindex %x\n", index); #else bpf_printk("\tdirection %d hwid %x timestamp %u\n", - md.u.md2.dir, - (md.u.md2.hwid_upper << 4) + md.u.md2.hwid, + BPF_CORE_READ_BITFIELD(&md.u.md2, dir), + (BPF_CORE_READ_BITFIELD(&md.u.md2, hwid_upper) << 4) + + BPF_CORE_READ_BITFIELD(&md.u.md2, hwid), bpf_ntohl(md.u.md2.timestamp)); #endif @@ -284,9 +249,9 @@ int ip4ip6erspan_set_tunnel(struct __sk_buff *skb) __u8 hwid = 17; md.version = 2; - md.u.md2.dir = direction; - md.u.md2.hwid = hwid & 0xf; - md.u.md2.hwid_upper = (hwid >> 4) & 0x3; + BPF_CORE_WRITE_BITFIELD(&md.u.md2, dir, direction); + BPF_CORE_WRITE_BITFIELD(&md.u.md2, hwid, (hwid & 0xf)); + BPF_CORE_WRITE_BITFIELD(&md.u.md2, hwid_upper, (hwid >> 4) & 0x3); #endif ret = bpf_skb_set_tunnel_opt(skb, &md, sizeof(md)); @@ -326,8 +291,9 @@ int ip4ip6erspan_get_tunnel(struct __sk_buff *skb) bpf_printk("\tindex %x\n", index); #else bpf_printk("\tdirection %d hwid %x timestamp %u\n", - md.u.md2.dir, - (md.u.md2.hwid_upper << 4) + md.u.md2.hwid, + BPF_CORE_READ_BITFIELD(&md.u.md2, dir), + (BPF_CORE_READ_BITFIELD(&md.u.md2, hwid_upper) << 4) + + BPF_CORE_READ_BITFIELD(&md.u.md2, hwid), bpf_ntohl(md.u.md2.timestamp)); #endif From patchwork Tue Nov 28 17:54:25 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Xu X-Patchwork-Id: 170893 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce62:0:b0:403:3b70:6f57 with SMTP id o2csp4111468vqx; Tue, 28 Nov 2023 09:56:03 -0800 (PST) X-Google-Smtp-Source: AGHT+IGjQoBgbGstipc1ytVxHd/M4V0vv+GVgJm57oCcxwF+HXkHn50ISF27zoiN6xE18sQWuFTE X-Received: by 2002:a17:903:24c:b0:1ce:5b93:1596 with SMTP id j12-20020a170903024c00b001ce5b931596mr18427580plh.5.1701194163019; Tue, 28 Nov 2023 09:56:03 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701194163; cv=none; d=google.com; s=arc-20160816; b=hMDNpRIBi9VaUdPPttCVg048N6XJJWhtUnOQte7X5ZnpG+dezQ/5L+BH8MNIdaqsdb yXengumxJymnXiMZlS4BU0BPRQeAkYeY/vbJYjChvcU3oAiAeR/UYSuA5FAFT02fjhiV WyOxQW/Ke0olqxpjOpa4lsV2WAqLDQ73uUvjRUx4V4VqehipqgA/N9G4R9ins7/YmNET IaNktoOt+/9DUH5acm9PxNnHTODfHWdGGhm22XvnAp5+BEReWcHGzwQMC/VID0y2FKlX KTWroQ7HLQ8U0upSayNJ8LenyhsKOUt+UZm83PRLnpiyJBb3EqFbKMGS4BuYny577cwl E56Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :feedback-id:dkim-signature:dkim-signature; bh=p3Zw5us8kLbs917T8ED3SksOTsKj9Ybct50Y5ylH7VI=; fh=on+10fsAsOKQsfKrbd1RTJlWR0RKqQDdfgbGg6/WrYw=; b=NivpsKmERDUIfQ5sA+De6dk3BKtfC8wKQInp0EB6NeJNkw8YgEo32tmNnODWmVDVZV Gp2939wMnIyWuWQSD51pzPZH067PmKYkbhy7K2UViW2BJS9jQhR66AfYEx2JIcw8Ncjz V+eyC/bJf2lmxO+1om+L3qppRN7uYjdmnQzQh63grTlV+Cw7y0hxtKkWipoeYcz3tEwt bFp12FKPP3kmcWuM2WFCySHZ9aNmY9//j+0A49XBJlUr5LUVEphKBH/xpaZ3pHA1Fezi Fhiv7Wf2OANWtTaA4jG7pkHmS7NA731e2946AyPtI/4BW1p7nHMXKHVM7736+CIsI4Jn bx7A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@dxuuu.xyz header.s=fm3 header.b=OiPNctlF; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=G2xJKR8d; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from agentk.vger.email (agentk.vger.email. [23.128.96.32]) by mx.google.com with ESMTPS id u3-20020a17090282c300b001ca85b797c9si11679109plz.624.2023.11.28.09.56.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 28 Nov 2023 09:56:02 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) client-ip=23.128.96.32; Authentication-Results: mx.google.com; dkim=pass header.i=@dxuuu.xyz header.s=fm3 header.b=OiPNctlF; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=G2xJKR8d; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id 6D6EC8050FAC; Tue, 28 Nov 2023 09:55:55 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1376274AbjK1Rzl (ORCPT + 99 others); Tue, 28 Nov 2023 12:55:41 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57404 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1346701AbjK1RzK (ORCPT ); Tue, 28 Nov 2023 12:55:10 -0500 Received: from new1-smtp.messagingengine.com (new1-smtp.messagingengine.com [66.111.4.221]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2100219BF; Tue, 28 Nov 2023 09:54:59 -0800 (PST) Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailnew.nyi.internal (Postfix) with ESMTP id 47ABD580888; Tue, 28 Nov 2023 12:54:59 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Tue, 28 Nov 2023 12:54:59 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dxuuu.xyz; h=cc :cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to; s=fm3; t=1701194099; x= 1701201299; bh=p3Zw5us8kLbs917T8ED3SksOTsKj9Ybct50Y5ylH7VI=; b=O iPNctlFLoFjjFN47WMhDTgDSxNOt47DUc3qBaCODKGjcRbJcrSobsLvnMXi6RIg6 31SUwWaLMqVC8FbAlO8kJ2T6rp9Jgkyh+mEqlqxcWhUDOq2ZmcpV6nEEUNGreQ2k 5tbrOsNAL6yks9q+jE1+SMqeMrv9Usi/HGP33GM9LuMaiFOsgLGLVRcWwjtuxRSF RAUwqrhGJVwIWiCLB5P67PxlNomE96QKTqu30hwqVUAHCivpAlPxdVJE3XWRWiVa 6z0VfEaV4BmzId1MCBXSxlP2Ih93w2KYrMRD/XFvtGTrv4e1XVAjgQQIBuP844yL M3LbA3xOrt2oXk2Ha6u+A== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1701194099; x= 1701201299; bh=p3Zw5us8kLbs917T8ED3SksOTsKj9Ybct50Y5ylH7VI=; b=G 2xJKR8d9XdE+kVX2kAvm7Q9QEECRIiZpdGpUnDxeo9XxKq5wE4TF4fFa9mXOu6nI 7wAistolLkjwxez9rC5FCbC8SIXKbl518P68UoW2jC7F67WS0dE7wL57sJYKAB9J /wub5UfyjIQ2JIQLq94DevW8EqFPpYdFZhQHgDTytTh0pbP0O8hFl0iaj7Wuk6gn FOyEo2btTAKz0AAj0VWhgeLbW3Ij/X6r2QyDOYIat+teOgixJwrbA6ljbE0fZeK2 0fsUNBsXQdZRDkc7BLIq5XgkDC7TwQIUoYHWD8khKQYRlvcqomTtFRomEm9S5jJh hTwoUvMiojrlQQu9EUtyQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrudeifedguddthecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecufghrlhcuvffnffculdefhedmnecujfgurhephf fvvefufffkofgjfhgggfestdekredtredttdenucfhrhhomhepffgrnhhivghlucgiuhcu oegugihusegugihuuhhurdighiiiqeenucggtffrrghtthgvrhhnpefgfefggeejhfduie ekvdeuteffleeifeeuvdfhheejleejjeekgfffgefhtddtteenucevlhhushhtvghrufhi iigvpedvnecurfgrrhgrmhepmhgrihhlfhhrohhmpegugihusegugihuuhhurdighiii X-ME-Proxy: Feedback-ID: i6a694271:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 28 Nov 2023 12:54:57 -0500 (EST) From: Daniel Xu To: andrii@kernel.org, shuah@kernel.org, ast@kernel.org, daniel@iogearbox.net, steffen.klassert@secunet.com, antony.antony@secunet.com, alexei.starovoitov@gmail.com, yonghong.song@linux.dev, eddyz87@gmail.com Cc: martin.lau@linux.dev, song@kernel.org, john.fastabend@gmail.com, kpsingh@kernel.org, sdf@google.com, haoluo@google.com, jolsa@kernel.org, mykolal@fb.com, bpf@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, devel@linux-ipsec.org, netdev@vger.kernel.org Subject: [PATCH ipsec-next v2 5/6] bpf: selftests: Move xfrm tunnel test to test_progs Date: Tue, 28 Nov 2023 10:54:25 -0700 Message-ID: <6b06fc7b453a7296c5177d3002b974166b80b043.1701193577.git.dxu@dxuuu.xyz> X-Mailer: git-send-email 2.42.1 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Tue, 28 Nov 2023 09:55:55 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783831370690407737 X-GMAIL-MSGID: 1783831370690407737 test_progs is better than a shell script b/c C is a bit easier to maintain than shell. Also it's easier to use new infra like memory mapped global variables from C via bpf skeleton. Co-developed-by: Antony Antony Signed-off-by: Antony Antony Signed-off-by: Daniel Xu --- .../selftests/bpf/prog_tests/test_tunnel.c | 143 ++++++++++++++++++ .../selftests/bpf/progs/test_tunnel_kern.c | 11 +- tools/testing/selftests/bpf/test_tunnel.sh | 92 ----------- 3 files changed, 151 insertions(+), 95 deletions(-) diff --git a/tools/testing/selftests/bpf/prog_tests/test_tunnel.c b/tools/testing/selftests/bpf/prog_tests/test_tunnel.c index d149ab98798d..3bcb6f96b9b5 100644 --- a/tools/testing/selftests/bpf/prog_tests/test_tunnel.c +++ b/tools/testing/selftests/bpf/prog_tests/test_tunnel.c @@ -50,6 +50,7 @@ */ #include +#include #include #include #include @@ -92,6 +93,11 @@ #define IPIP_TUNL_DEV0 "ipip00" #define IPIP_TUNL_DEV1 "ipip11" +#define XFRM_AUTH "0x1111111111111111111111111111111111111111" +#define XFRM_ENC "0x22222222222222222222222222222222" +#define XFRM_SPI_IN_TO_OUT 0x1 +#define XFRM_SPI_OUT_TO_IN 0x2 + #define PING_ARGS "-i 0.01 -c 3 -w 10 -q" static int config_device(void) @@ -264,6 +270,92 @@ static void delete_ipip_tunnel(void) SYS_NOFAIL("ip fou del port 5555 2> /dev/null"); } +static int add_xfrm_tunnel(void) +{ + /* at_ns0 namespace + * at_ns0 -> root + */ + SYS(fail, + "ip netns exec at_ns0 " + "ip xfrm state add src %s dst %s proto esp " + "spi %d reqid 1 mode tunnel " + "auth-trunc 'hmac(sha1)' %s 96 enc 'cbc(aes)' %s", + IP4_ADDR_VETH0, IP4_ADDR1_VETH1, XFRM_SPI_IN_TO_OUT, XFRM_AUTH, XFRM_ENC); + SYS(fail, + "ip netns exec at_ns0 " + "ip xfrm policy add src %s/32 dst %s/32 dir out " + "tmpl src %s dst %s proto esp reqid 1 " + "mode tunnel", + IP4_ADDR_TUNL_DEV0, IP4_ADDR_TUNL_DEV1, IP4_ADDR_VETH0, IP4_ADDR1_VETH1); + + /* root -> at_ns0 */ + SYS(fail, + "ip netns exec at_ns0 " + "ip xfrm state add src %s dst %s proto esp " + "spi %d reqid 2 mode tunnel " + "auth-trunc 'hmac(sha1)' %s 96 enc 'cbc(aes)' %s", + IP4_ADDR1_VETH1, IP4_ADDR_VETH0, XFRM_SPI_OUT_TO_IN, XFRM_AUTH, XFRM_ENC); + SYS(fail, + "ip netns exec at_ns0 " + "ip xfrm policy add src %s/32 dst %s/32 dir in " + "tmpl src %s dst %s proto esp reqid 2 " + "mode tunnel", + IP4_ADDR_TUNL_DEV1, IP4_ADDR_TUNL_DEV0, IP4_ADDR1_VETH1, IP4_ADDR_VETH0); + + /* address & route */ + SYS(fail, "ip netns exec at_ns0 ip addr add dev veth0 %s/32", + IP4_ADDR_TUNL_DEV0); + SYS(fail, "ip netns exec at_ns0 ip route add %s dev veth0 via %s src %s", + IP4_ADDR_TUNL_DEV1, IP4_ADDR1_VETH1, IP4_ADDR_TUNL_DEV0); + + /* root namespace + * at_ns0 -> root + */ + SYS(fail, + "ip xfrm state add src %s dst %s proto esp " + "spi %d reqid 1 mode tunnel " + "auth-trunc 'hmac(sha1)' %s 96 enc 'cbc(aes)' %s", + IP4_ADDR_VETH0, IP4_ADDR1_VETH1, XFRM_SPI_IN_TO_OUT, XFRM_AUTH, XFRM_ENC); + SYS(fail, + "ip xfrm policy add src %s/32 dst %s/32 dir in " + "tmpl src %s dst %s proto esp reqid 1 " + "mode tunnel", + IP4_ADDR_TUNL_DEV0, IP4_ADDR_TUNL_DEV1, IP4_ADDR_VETH0, IP4_ADDR1_VETH1); + + /* root -> at_ns0 */ + SYS(fail, + "ip xfrm state add src %s dst %s proto esp " + "spi %d reqid 2 mode tunnel " + "auth-trunc 'hmac(sha1)' %s 96 enc 'cbc(aes)' %s", + IP4_ADDR1_VETH1, IP4_ADDR_VETH0, XFRM_SPI_OUT_TO_IN, XFRM_AUTH, XFRM_ENC); + SYS(fail, + "ip xfrm policy add src %s/32 dst %s/32 dir out " + "tmpl src %s dst %s proto esp reqid 2 " + "mode tunnel", + IP4_ADDR_TUNL_DEV1, IP4_ADDR_TUNL_DEV0, IP4_ADDR1_VETH1, IP4_ADDR_VETH0); + + /* address & route */ + SYS(fail, "ip addr add dev veth1 %s/32", IP4_ADDR_TUNL_DEV1); + SYS(fail, "ip route add %s dev veth1 via %s src %s", + IP4_ADDR_TUNL_DEV0, IP4_ADDR_VETH0, IP4_ADDR_TUNL_DEV1); + + return 0; +fail: + return -1; +} + +static void delete_xfrm_tunnel(void) +{ + SYS_NOFAIL("ip xfrm policy delete dir out src %s/32 dst %s/32 2> /dev/null", + IP4_ADDR_TUNL_DEV1, IP4_ADDR_TUNL_DEV0); + SYS_NOFAIL("ip xfrm policy delete dir in src %s/32 dst %s/32 2> /dev/null", + IP4_ADDR_TUNL_DEV0, IP4_ADDR_TUNL_DEV1); + SYS_NOFAIL("ip xfrm state delete src %s dst %s proto esp spi %d 2> /dev/null", + IP4_ADDR_VETH0, IP4_ADDR1_VETH1, XFRM_SPI_IN_TO_OUT); + SYS_NOFAIL("ip xfrm state delete src %s dst %s proto esp spi %d 2> /dev/null", + IP4_ADDR1_VETH1, IP4_ADDR_VETH0, XFRM_SPI_OUT_TO_IN); +} + static int test_ping(int family, const char *addr) { SYS(fail, "%s %s %s > /dev/null", ping_command(family), PING_ARGS, addr); @@ -532,6 +624,56 @@ static void test_ipip_tunnel(enum ipip_encap encap) test_tunnel_kern__destroy(skel); } +static void test_xfrm_tunnel(void) +{ + DECLARE_LIBBPF_OPTS(bpf_tc_hook, tc_hook, + .attach_point = BPF_TC_INGRESS); + struct test_tunnel_kern *skel = NULL; + struct nstoken *nstoken; + int tc_prog_fd; + int ifindex; + int err; + + err = add_xfrm_tunnel(); + if (!ASSERT_OK(err, "add_xfrm_tunnel")) + return; + + skel = test_tunnel_kern__open_and_load(); + if (!ASSERT_OK_PTR(skel, "test_tunnel_kern__open_and_load")) + goto done; + + ifindex = if_nametoindex("veth1"); + if (!ASSERT_NEQ(ifindex, 0, "veth1 ifindex")) + goto done; + + /* attach tc prog to tunnel dev */ + tc_hook.ifindex = ifindex; + tc_prog_fd = bpf_program__fd(skel->progs.xfrm_get_state); + if (!ASSERT_GE(tc_prog_fd, 0, "bpf_program__fd")) + goto done; + if (attach_tc_prog(&tc_hook, tc_prog_fd, -1)) + goto done; + + /* ping from at_ns0 namespace test */ + nstoken = open_netns("at_ns0"); + err = test_ping(AF_INET, IP4_ADDR_TUNL_DEV1); + close_netns(nstoken); + if (!ASSERT_OK(err, "test_ping")) + goto done; + + if (!ASSERT_EQ(skel->bss->xfrm_reqid, 1, "req_id")) + goto done; + if (!ASSERT_EQ(skel->bss->xfrm_spi, XFRM_SPI_IN_TO_OUT, "spi")) + goto done; + if (!ASSERT_EQ(skel->bss->xfrm_remote_ip, 0xac100164, "remote_ip")) + goto done; + +done: + delete_xfrm_tunnel(); + if (skel) + test_tunnel_kern__destroy(skel); +} + #define RUN_TEST(name, ...) \ ({ \ if (test__start_subtest(#name)) { \ @@ -549,6 +691,7 @@ static void *test_tunnel_run_tests(void *arg) RUN_TEST(ipip_tunnel, NONE); RUN_TEST(ipip_tunnel, FOU); RUN_TEST(ipip_tunnel, GUE); + RUN_TEST(xfrm_tunnel); cleanup(); diff --git a/tools/testing/selftests/bpf/progs/test_tunnel_kern.c b/tools/testing/selftests/bpf/progs/test_tunnel_kern.c index b320fb7bb080..3a59eb9c34de 100644 --- a/tools/testing/selftests/bpf/progs/test_tunnel_kern.c +++ b/tools/testing/selftests/bpf/progs/test_tunnel_kern.c @@ -929,6 +929,10 @@ int ip6ip6_get_tunnel(struct __sk_buff *skb) return TC_ACT_OK; } +volatile int xfrm_reqid = 0; +volatile int xfrm_spi = 0; +volatile int xfrm_remote_ip = 0; + SEC("tc") int xfrm_get_state(struct __sk_buff *skb) { @@ -939,9 +943,10 @@ int xfrm_get_state(struct __sk_buff *skb) if (ret < 0) return TC_ACT_OK; - bpf_printk("reqid %d spi 0x%x remote ip 0x%x\n", - x.reqid, bpf_ntohl(x.spi), - bpf_ntohl(x.remote_ipv4)); + xfrm_reqid = x.reqid; + xfrm_spi = bpf_ntohl(x.spi); + xfrm_remote_ip = bpf_ntohl(x.remote_ipv4); + return TC_ACT_OK; } diff --git a/tools/testing/selftests/bpf/test_tunnel.sh b/tools/testing/selftests/bpf/test_tunnel.sh index 2dec7dbf29a2..d9661b9988ba 100755 --- a/tools/testing/selftests/bpf/test_tunnel.sh +++ b/tools/testing/selftests/bpf/test_tunnel.sh @@ -517,90 +517,6 @@ test_ip6ip6() echo -e ${GREEN}"PASS: ip6$TYPE"${NC} } -setup_xfrm_tunnel() -{ - auth=0x$(printf '1%.0s' {1..40}) - enc=0x$(printf '2%.0s' {1..32}) - spi_in_to_out=0x1 - spi_out_to_in=0x2 - # at_ns0 namespace - # at_ns0 -> root - ip netns exec at_ns0 \ - ip xfrm state add src 172.16.1.100 dst 172.16.1.200 proto esp \ - spi $spi_in_to_out reqid 1 mode tunnel \ - auth-trunc 'hmac(sha1)' $auth 96 enc 'cbc(aes)' $enc - ip netns exec at_ns0 \ - ip xfrm policy add src 10.1.1.100/32 dst 10.1.1.200/32 dir out \ - tmpl src 172.16.1.100 dst 172.16.1.200 proto esp reqid 1 \ - mode tunnel - # root -> at_ns0 - ip netns exec at_ns0 \ - ip xfrm state add src 172.16.1.200 dst 172.16.1.100 proto esp \ - spi $spi_out_to_in reqid 2 mode tunnel \ - auth-trunc 'hmac(sha1)' $auth 96 enc 'cbc(aes)' $enc - ip netns exec at_ns0 \ - ip xfrm policy add src 10.1.1.200/32 dst 10.1.1.100/32 dir in \ - tmpl src 172.16.1.200 dst 172.16.1.100 proto esp reqid 2 \ - mode tunnel - # address & route - ip netns exec at_ns0 \ - ip addr add dev veth0 10.1.1.100/32 - ip netns exec at_ns0 \ - ip route add 10.1.1.200 dev veth0 via 172.16.1.200 \ - src 10.1.1.100 - - # root namespace - # at_ns0 -> root - ip xfrm state add src 172.16.1.100 dst 172.16.1.200 proto esp \ - spi $spi_in_to_out reqid 1 mode tunnel \ - auth-trunc 'hmac(sha1)' $auth 96 enc 'cbc(aes)' $enc - ip xfrm policy add src 10.1.1.100/32 dst 10.1.1.200/32 dir in \ - tmpl src 172.16.1.100 dst 172.16.1.200 proto esp reqid 1 \ - mode tunnel - # root -> at_ns0 - ip xfrm state add src 172.16.1.200 dst 172.16.1.100 proto esp \ - spi $spi_out_to_in reqid 2 mode tunnel \ - auth-trunc 'hmac(sha1)' $auth 96 enc 'cbc(aes)' $enc - ip xfrm policy add src 10.1.1.200/32 dst 10.1.1.100/32 dir out \ - tmpl src 172.16.1.200 dst 172.16.1.100 proto esp reqid 2 \ - mode tunnel - # address & route - ip addr add dev veth1 10.1.1.200/32 - ip route add 10.1.1.100 dev veth1 via 172.16.1.100 src 10.1.1.200 -} - -test_xfrm_tunnel() -{ - if [[ -e /sys/kernel/tracing/trace ]]; then - TRACE=/sys/kernel/tracing/trace - else - TRACE=/sys/kernel/debug/tracing/trace - fi - config_device - > ${TRACE} - setup_xfrm_tunnel - mkdir -p ${BPF_PIN_TUNNEL_DIR} - bpftool prog loadall ${BPF_FILE} ${BPF_PIN_TUNNEL_DIR} - tc qdisc add dev veth1 clsact - tc filter add dev veth1 proto ip ingress bpf da object-pinned \ - ${BPF_PIN_TUNNEL_DIR}/xfrm_get_state - ip netns exec at_ns0 ping $PING_ARG 10.1.1.200 - sleep 1 - grep "reqid 1" ${TRACE} - check_err $? - grep "spi 0x1" ${TRACE} - check_err $? - grep "remote ip 0xac100164" ${TRACE} - check_err $? - cleanup - - if [ $ret -ne 0 ]; then - echo -e ${RED}"FAIL: xfrm tunnel"${NC} - return 1 - fi - echo -e ${GREEN}"PASS: xfrm tunnel"${NC} -} - attach_bpf() { DEV=$1 @@ -630,10 +546,6 @@ cleanup() ip link del ip6geneve11 2> /dev/null ip link del erspan11 2> /dev/null ip link del ip6erspan11 2> /dev/null - ip xfrm policy delete dir out src 10.1.1.200/32 dst 10.1.1.100/32 2> /dev/null - ip xfrm policy delete dir in src 10.1.1.100/32 dst 10.1.1.200/32 2> /dev/null - ip xfrm state delete src 172.16.1.100 dst 172.16.1.200 proto esp spi 0x1 2> /dev/null - ip xfrm state delete src 172.16.1.200 dst 172.16.1.100 proto esp spi 0x2 2> /dev/null } cleanup_exit() @@ -716,10 +628,6 @@ bpf_tunnel_test() test_ip6ip6 errors=$(( $errors + $? )) - echo "Testing IPSec tunnel..." - test_xfrm_tunnel - errors=$(( $errors + $? )) - return $errors } From patchwork Tue Nov 28 17:54:26 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Xu X-Patchwork-Id: 170900 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce62:0:b0:403:3b70:6f57 with SMTP id o2csp4111769vqx; Tue, 28 Nov 2023 09:56:40 -0800 (PST) X-Google-Smtp-Source: AGHT+IGEIg3zQXYLfNJYxSRUYdN7PXIT4roWcjjBcfDVENjDMG8TQCA0weuTlaTb4NVrEWDAeU93 X-Received: by 2002:a05:6a00:1799:b0:6cb:a578:1345 with SMTP id s25-20020a056a00179900b006cba5781345mr16955099pfg.12.1701194199990; Tue, 28 Nov 2023 09:56:39 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701194199; cv=none; d=google.com; s=arc-20160816; b=Wafs6i0DoGl5eqJUdodnMXo1otEx8DcnPopMXzLfKRWPmyeqVUnHEg3KGjsK7XiTN9 T9WUTdh0L3KBZACDc2d7IQJ5OMrG3r9z+78vleyLm8v5gcXNfPsISkabMd0zUWZw/DSh YyZTewPXiungq/VRHvWOUQsIUZaJ/85AbaCV4oQGLVz6iAuNRk+j+yVRGHwDoHfvQf5v Q3RfZtM5a3qaGTrK6E9RA3lW5I0Bb1hegGJGkQdfL+OSTVNjOHgpJMgBLleTZpznhd7E DfJSI+oKv4SNzOZogCYEMbRcp/Dy/gb9AKCPi62VXdDEtejLZJ9zecw9QAIkyzx8z3rt YNOQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :feedback-id:dkim-signature:dkim-signature; bh=pRzLMeVRPt+MUHCng+m1tZ8fgrKzg19ebGP/3BAFCkA=; fh=VyKgDkRgp9590eTZwDXCD3B0kqk42TEe817zsqklaPg=; b=XiuBURD0DvBPe2eLMMU/TM6bw7zDelTI+4IDySdlB6pKQepRI78eqbWXcWdJ8I9hxZ IiDz46Wtl2T8aXRqXjNSIiHYxKU4hwsqa50yMfI3dUCkmSa0m3Q8HvaUrPRRLJobdKi7 fxoe508F8Aq12G5+nXgDuNe2GW2CvY7PvR4ZZbY8+f8GcbpE2GDLdPkiUS3kELfPrWr5 648hsLAOBfqC9gqXDf74Q1joKuPkS0hQ3eVivlHTwtnTnTvEucf0M8FRayWuJjneJIeF iQ8fS5CDdVmTpxFwjYkmlN5a3UDkjkEVIQPMw6Qp07+W+lPJurihI/JAXcRB2qdFI5zk emmw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@dxuuu.xyz header.s=fm3 header.b=fYxIriBq; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=ESXHxqeR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from lipwig.vger.email (lipwig.vger.email. [23.128.96.33]) by mx.google.com with ESMTPS id t42-20020a056a0013aa00b006cb901a87c4si13109113pfg.376.2023.11.28.09.56.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 28 Nov 2023 09:56:39 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) client-ip=23.128.96.33; Authentication-Results: mx.google.com; dkim=pass header.i=@dxuuu.xyz header.s=fm3 header.b=fYxIriBq; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=ESXHxqeR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id AAE46804C23A; Tue, 28 Nov 2023 09:56:36 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1346721AbjK1Rzr (ORCPT + 99 others); Tue, 28 Nov 2023 12:55:47 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57376 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1346725AbjK1RzO (ORCPT ); Tue, 28 Nov 2023 12:55:14 -0500 Received: from new1-smtp.messagingengine.com (new1-smtp.messagingengine.com [66.111.4.221]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0F7E21BEE; Tue, 28 Nov 2023 09:55:01 -0800 (PST) Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailnew.nyi.internal (Postfix) with ESMTP id 4D4DA5808A6; Tue, 28 Nov 2023 12:55:01 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Tue, 28 Nov 2023 12:55:01 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dxuuu.xyz; h=cc :cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to; s=fm3; t=1701194101; x= 1701201301; bh=pRzLMeVRPt+MUHCng+m1tZ8fgrKzg19ebGP/3BAFCkA=; b=f YxIriBqXmmHg8j6KtUAs/3OPkhsMO0klMHNjwrU/YJyLjr00tiMG9XQmCnDsf/zB 3EC1PlMzxU50eN8WfT8AobHniog8ctqc3x3GyPBzkwJx/kfXKEITLaBCdT+S2DHS GbUf0lAilvzSd3fq8bO+GQi6jVBFkeweD3A5xYdgVtT4ELoxWrfwR59lkQ+T/XIW W4DzQlpiTxN1diMkRGCDwvknGKHpI0aQ5lEogRKPm+jtAkLJE8CHCasSvF7HYe8W H3wuoAdU2fhdyl0pkVnqmQfgsLzvBGSoA86BDKq8ORwIYi+UB8d1WUy2uV3e2a30 ucsHILT89/jVCEGsLNj4w== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1701194101; x= 1701201301; bh=pRzLMeVRPt+MUHCng+m1tZ8fgrKzg19ebGP/3BAFCkA=; b=E SXHxqeRf/J/HiMLdJB5LjmNYaN5GEguqEdhdlUMuSlu6zsAXw4+zHC1vjTWsPiOn pr06G6jucT4jVQ9ywbfgJDFcDDjOoD5+NNQnqnvPJUrGzYpaWt9vj8aHfG3NRtR+ J5bs9bzj0mr4sz7VCvihnX+tngfsQo0eC1vC9C9Qjw8xFrNAbX7tX+Tue1Y7Wv4Z mjR0PIWdeYyRwfjO93cTPWC+jMc11kTHdsl/eQ4TW8bG6Udz4+LXah/b0tUXVXfm 9OREeT5jyEROAIEo2xbaua96MRSTLE0iTvlgam87Pri9yZTvWK7wnkhWA8y/7Eg/ QBCxRqOsWkcHVpT8+gHnA== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrudeifedguddthecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecufghrlhcuvffnffculdefhedmnecujfgurhephf fvvefufffkofgjfhgggfestdekredtredttdenucfhrhhomhepffgrnhhivghlucgiuhcu oegugihusegugihuuhhurdighiiiqeenucggtffrrghtthgvrhhnpefgfefggeejhfduie ekvdeuteffleeifeeuvdfhheejleejjeekgfffgefhtddtteenucevlhhushhtvghrufhi iigvpedvnecurfgrrhgrmhepmhgrihhlfhhrohhmpegugihusegugihuuhhurdighiii X-ME-Proxy: Feedback-ID: i6a694271:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 28 Nov 2023 12:54:59 -0500 (EST) From: Daniel Xu To: kuba@kernel.org, john.fastabend@gmail.com, davem@davemloft.net, shuah@kernel.org, hawk@kernel.org, andrii@kernel.org, daniel@iogearbox.net, ast@kernel.org, steffen.klassert@secunet.com, antony.antony@secunet.com, alexei.starovoitov@gmail.com, yonghong.song@linux.dev, eddyz87@gmail.com Cc: martin.lau@linux.dev, song@kernel.org, kpsingh@kernel.org, sdf@google.com, haoluo@google.com, jolsa@kernel.org, mykolal@fb.com, bpf@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, devel@linux-ipsec.org Subject: [PATCH ipsec-next v2 6/6] bpf: xfrm: Add selftest for bpf_xdp_get_xfrm_state() Date: Tue, 28 Nov 2023 10:54:26 -0700 Message-ID: <85d3bf6440c6fd3b7b007d044da9b78ccc1dbda4.1701193577.git.dxu@dxuuu.xyz> X-Mailer: git-send-email 2.42.1 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Tue, 28 Nov 2023 09:56:36 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783831409445946012 X-GMAIL-MSGID: 1783831409445946012 This commit extends test_tunnel selftest to test the new XDP xfrm state lookup kfunc. Co-developed-by: Antony Antony Signed-off-by: Antony Antony Signed-off-by: Daniel Xu --- .../selftests/bpf/prog_tests/test_tunnel.c | 20 ++++++-- .../selftests/bpf/progs/test_tunnel_kern.c | 51 +++++++++++++++++++ 2 files changed, 67 insertions(+), 4 deletions(-) diff --git a/tools/testing/selftests/bpf/prog_tests/test_tunnel.c b/tools/testing/selftests/bpf/prog_tests/test_tunnel.c index 3bcb6f96b9b5..54308afb3cdc 100644 --- a/tools/testing/selftests/bpf/prog_tests/test_tunnel.c +++ b/tools/testing/selftests/bpf/prog_tests/test_tunnel.c @@ -278,7 +278,7 @@ static int add_xfrm_tunnel(void) SYS(fail, "ip netns exec at_ns0 " "ip xfrm state add src %s dst %s proto esp " - "spi %d reqid 1 mode tunnel " + "spi %d reqid 1 mode tunnel replay-window 42 " "auth-trunc 'hmac(sha1)' %s 96 enc 'cbc(aes)' %s", IP4_ADDR_VETH0, IP4_ADDR1_VETH1, XFRM_SPI_IN_TO_OUT, XFRM_AUTH, XFRM_ENC); SYS(fail, @@ -292,7 +292,7 @@ static int add_xfrm_tunnel(void) SYS(fail, "ip netns exec at_ns0 " "ip xfrm state add src %s dst %s proto esp " - "spi %d reqid 2 mode tunnel " + "spi %d reqid 2 mode tunnel replay-window 42 " "auth-trunc 'hmac(sha1)' %s 96 enc 'cbc(aes)' %s", IP4_ADDR1_VETH1, IP4_ADDR_VETH0, XFRM_SPI_OUT_TO_IN, XFRM_AUTH, XFRM_ENC); SYS(fail, @@ -313,7 +313,7 @@ static int add_xfrm_tunnel(void) */ SYS(fail, "ip xfrm state add src %s dst %s proto esp " - "spi %d reqid 1 mode tunnel " + "spi %d reqid 1 mode tunnel replay-window 42 " "auth-trunc 'hmac(sha1)' %s 96 enc 'cbc(aes)' %s", IP4_ADDR_VETH0, IP4_ADDR1_VETH1, XFRM_SPI_IN_TO_OUT, XFRM_AUTH, XFRM_ENC); SYS(fail, @@ -325,7 +325,7 @@ static int add_xfrm_tunnel(void) /* root -> at_ns0 */ SYS(fail, "ip xfrm state add src %s dst %s proto esp " - "spi %d reqid 2 mode tunnel " + "spi %d reqid 2 mode tunnel replay-window 42 " "auth-trunc 'hmac(sha1)' %s 96 enc 'cbc(aes)' %s", IP4_ADDR1_VETH1, IP4_ADDR_VETH0, XFRM_SPI_OUT_TO_IN, XFRM_AUTH, XFRM_ENC); SYS(fail, @@ -628,8 +628,10 @@ static void test_xfrm_tunnel(void) { DECLARE_LIBBPF_OPTS(bpf_tc_hook, tc_hook, .attach_point = BPF_TC_INGRESS); + LIBBPF_OPTS(bpf_xdp_attach_opts, opts); struct test_tunnel_kern *skel = NULL; struct nstoken *nstoken; + int xdp_prog_fd; int tc_prog_fd; int ifindex; int err; @@ -654,6 +656,14 @@ static void test_xfrm_tunnel(void) if (attach_tc_prog(&tc_hook, tc_prog_fd, -1)) goto done; + /* attach xdp prog to tunnel dev */ + xdp_prog_fd = bpf_program__fd(skel->progs.xfrm_get_state_xdp); + if (!ASSERT_GE(xdp_prog_fd, 0, "bpf_program__fd")) + goto done; + err = bpf_xdp_attach(ifindex, xdp_prog_fd, XDP_FLAGS_REPLACE, &opts); + if (!ASSERT_OK(err, "bpf_xdp_attach")) + goto done; + /* ping from at_ns0 namespace test */ nstoken = open_netns("at_ns0"); err = test_ping(AF_INET, IP4_ADDR_TUNL_DEV1); @@ -667,6 +677,8 @@ static void test_xfrm_tunnel(void) goto done; if (!ASSERT_EQ(skel->bss->xfrm_remote_ip, 0xac100164, "remote_ip")) goto done; + if (!ASSERT_EQ(skel->bss->xfrm_replay_window, 42, "replay_window")) + goto done; done: delete_xfrm_tunnel(); diff --git a/tools/testing/selftests/bpf/progs/test_tunnel_kern.c b/tools/testing/selftests/bpf/progs/test_tunnel_kern.c index 3a59eb9c34de..c0dd38616562 100644 --- a/tools/testing/selftests/bpf/progs/test_tunnel_kern.c +++ b/tools/testing/selftests/bpf/progs/test_tunnel_kern.c @@ -30,6 +30,10 @@ int bpf_skb_set_fou_encap(struct __sk_buff *skb_ctx, struct bpf_fou_encap *encap, int type) __ksym; int bpf_skb_get_fou_encap(struct __sk_buff *skb_ctx, struct bpf_fou_encap *encap) __ksym; +struct xfrm_state * +bpf_xdp_get_xfrm_state(struct xdp_md *ctx, struct bpf_xfrm_state_opts *opts, + u32 opts__sz) __ksym; +void bpf_xdp_xfrm_state_release(struct xfrm_state *x) __ksym; struct { __uint(type, BPF_MAP_TYPE_ARRAY); @@ -950,4 +954,51 @@ int xfrm_get_state(struct __sk_buff *skb) return TC_ACT_OK; } +volatile int xfrm_replay_window = 0; + +SEC("xdp") +int xfrm_get_state_xdp(struct xdp_md *xdp) +{ + struct bpf_xfrm_state_opts opts = {}; + struct xfrm_state *x = NULL; + struct ip_esp_hdr *esph; + struct bpf_dynptr ptr; + u8 esph_buf[8] = {}; + u8 iph_buf[20] = {}; + struct iphdr *iph; + u32 off; + + if (bpf_dynptr_from_xdp(xdp, 0, &ptr)) + goto out; + + off = sizeof(struct ethhdr); + iph = bpf_dynptr_slice(&ptr, off, iph_buf, sizeof(iph_buf)); + if (!iph || iph->protocol != IPPROTO_ESP) + goto out; + + off += sizeof(struct iphdr); + esph = bpf_dynptr_slice(&ptr, off, esph_buf, sizeof(esph_buf)); + if (!esph) + goto out; + + opts.netns_id = BPF_F_CURRENT_NETNS; + opts.daddr.a4 = iph->daddr; + opts.spi = esph->spi; + opts.proto = IPPROTO_ESP; + opts.family = AF_INET; + + x = bpf_xdp_get_xfrm_state(xdp, &opts, sizeof(opts)); + if (!x || opts.error) + goto out; + + if (!x->replay_esn) + goto out; + + xfrm_replay_window = x->replay_esn->replay_window; +out: + if (x) + bpf_xdp_xfrm_state_release(x); + return XDP_PASS; +} + char _license[] SEC("license") = "GPL";