Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ https://git.shady.money/linux/atom?h=v3.17 2014-08-02T22:03:58Z 2014-08-02T22:03:58Z Alexei Starovoitov ast@plumgrid.com 2014-07-31T03:34:16Z urn:sha1:7ae457c1e5b45a1b826fad9d62b32191d2bdcfdb clean up names related to socket filtering and bpf in the following way: - everything that deals with sockets keeps 'sk_*' prefix - everything that is pure BPF is changed to 'bpf_*' prefix split 'struct sk_filter' into struct sk_filter { atomic_t refcnt; struct rcu_head rcu; struct bpf_prog *prog; }; and struct bpf_prog { u32 jited:1, len:31; struct sock_fprog_kern *orig_prog; unsigned int (*bpf_func)(const struct sk_buff *skb, const struct bpf_insn *filter); union { struct sock_filter insns[0]; struct bpf_insn insnsi[0]; struct work_struct work; }; }; so that 'struct bpf_prog' can be used independent of sockets and cleans up 'unattached' bpf use cases split SK_RUN_FILTER macro into: SK_RUN_FILTER to be used with 'struct sk_filter *' and BPF_PROG_RUN to be used with 'struct bpf_prog *' __sk_filter_release(struct sk_filter *) gains __bpf_prog_release(struct bpf_prog *) helper function also perform related renames for the functions that work with 'struct bpf_prog *', since they're on the same lines: sk_filter_size -> bpf_prog_size sk_filter_select_runtime -> bpf_prog_select_runtime sk_filter_free -> bpf_prog_free sk_unattached_filter_create -> bpf_prog_create sk_unattached_filter_destroy -> bpf_prog_destroy sk_store_orig_filter -> bpf_prog_store_orig_filter sk_release_orig_filter -> bpf_release_orig_filter __sk_migrate_filter -> bpf_migrate_filter __sk_prepare_filter -> bpf_prepare_filter API for attaching classic BPF to a socket stays the same: sk_attach_filter(prog, struct sock *)/sk_detach_filter(struct sock *) and SK_RUN_FILTER(struct sk_filter *, ctx) to execute a program which is used by sockets, tun, af_packet API for 'unattached' BPF programs becomes: bpf_prog_create(struct bpf_prog **)/bpf_prog_destroy(struct bpf_prog *) and BPF_PROG_RUN(struct bpf_prog *, ctx) to execute a program which is used by isdn, ppp, team, seccomp, ptp, xt_bpf, cls_bpf, test_bpf Signed-off-by: Alexei Starovoitov <ast@plumgrid.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2014-07-25T06:27:17Z Alexei Starovoitov ast@plumgrid.com 2014-07-24T23:38:21Z urn:sha1:2695fb552cbef1029aa025a98acb80cc51d66de5 eBPF is used by socket filtering, seccomp and soon by tracing and exposed to userspace, therefore 'sock_filter_int' name is not accurate. Rename it to 'bpf_insn' Signed-off-by: Alexei Starovoitov <ast@plumgrid.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2014-06-11T07:13:16Z Alexei Starovoitov ast@plumgrid.com 2014-06-07T00:48:20Z urn:sha1:df6d0f983a59c333bc2b0cb82b65441b34310cf7 - 'struct nlattr' must be 2 byte aligned - provide big-endian input data for nlattr/nlattr_nest tests Signed-off-by: Alexei Starovoitov <ast@plumgrid.com> Acked-by: Daniel Borkmann <dborkman@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2014-06-02T23:32:43Z Chema Gonzalez chema@google.com 2014-05-30T17:15:12Z urn:sha1:e9d9450497f77ee40c7d895bf1b5b134b9347d5f The current probe_filter_length() (the function that calculates the length of a test BPF filter) behavior is to declare the end of the filter as soon as it finds {0, *, *, 0}. This is actually a valid insn ("ld #0"), so any filter with includes "BPF_STMT(BPF_LD | BPF_IMM, 0)" fails (its length is cut short). We are changing probe_filter_length() so as to start from the end, and declare the end of the filter as the first instruction which is not {0, *, *, 0}. This solution produces a simpler patch than the alternative of using an explicit end-of-filter mark. It is technically incorrect if your filter ends up with "ld #0", but that should not happen anyway. We also add a new test (LD_IMM_0) that includes ld #0 (does not work without this patch). Signed-off-by: Chema Gonzalez <chema@google.com> Acked-by: Daniel Borkmann <dborkman@redhat.com> Acked-by: Alexei Starovoitov <ast@plumgrid.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2014-06-02T05:16:58Z Daniel Borkmann dborkman@redhat.com 2014-05-29T08:22:49Z urn:sha1:d50bc1575096250aa37f17299c86ea548156efe8 This check tests that overloading BPF_LD | BPF_ABS with an always invalid BPF extension, that is SKF_AD_MAX, fails to make sure classic BPF behaviour is correct in filter checker. Also, we add a test for loading at packet offset SKF_AD_OFF-1 which should pass the filter, but later on fail during runtime. Signed-off-by: Daniel Borkmann <dborkman@redhat.com> Acked-by: Alexei Starovoitov <ast@plumgrid.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2014-06-02T05:16:57Z Daniel Borkmann dborkman@redhat.com 2014-05-29T08:22:48Z urn:sha1:9fe13baad6b1e8d3063dd48faf1b9be9b7c5e92c Also add a test for the scratch memory store that first fills all slots and then sucessively reads all of them back adding up to A, and eventually returning A. This and the previous M[] test with alternating fill/spill will detect possible JIT errors on M[]. Suggested-by: Alexei Starovoitov <ast@plumgrid.com> Signed-off-by: Daniel Borkmann <dborkman@redhat.com> Acked-by: Alexei Starovoitov <ast@plumgrid.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2014-05-30T23:27:39Z Daniel Borkmann dborkman@redhat.com 2014-05-26T18:17:35Z urn:sha1:ce25b68b74593bbb676ec087b3a0c69f94df7de0 This patch converts raw opcodes for tcpdump tests into BPF_STMT()/BPF_JUMP() combinations, which brings it into conformity with the rest of the patches and it also makes life easier to grasp what's going on in these particular test cases when they ever fail. Also arrange payload from the jump+holes test in a way as we have with other packet payloads in the test suite. Signed-off-by: Daniel Borkmann <dborkman@redhat.com> Acked-by: Alexei Starovoitov <ast@plumgrid.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2014-05-30T23:27:39Z Daniel Borkmann dborkman@redhat.com 2014-05-26T18:17:34Z urn:sha1:108cc22a93e1843e728b9753442429c71f48f9e4 This test for classic BPF probes stores and load combination via X on all 16 registers of the scratch memory store. It initially loads integer 100 and passes this value around to each register while incrementing it every time, thus we expect to have 116 as a result. Might be useful for JIT testing. Signed-off-by: Daniel Borkmann <dborkman@redhat.com> Acked-by: Alexei Starovoitov <ast@plumgrid.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2014-05-23T20:48:06Z Daniel Borkmann dborkman@redhat.com 2014-05-23T16:44:01Z urn:sha1:2e8a83c52ffa41816a979ab0e3bcadf4b0d9e8a1 This patch adds three more test cases: 1) long jumps with holes of unreachable code 2) ret x 3) ldx + ret x All three tests are for classical BPF and to make sure that any changes will not break some exotic behaviour that exists probably since decades. The last two tests are expected to fail by the BPF checker already, as in classic BPF only K or A are allowed to be returned. Thus, there are now 52 test cases for BPF. Signed-off-by: Daniel Borkmann <dborkman@redhat.com> Acked-by: Alexei Starovoitov <ast@plumgrid.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2014-05-23T20:48:06Z Daniel Borkmann dborkman@redhat.com 2014-05-23T16:44:00Z urn:sha1:10f18e0ba1ea7eb004bbaecb4748b1eb28802d24 This patch simplifies and refactors the test case code a bit and also adds a summary of all test that passed or failed in the kernel log, so that it's easier to spot if something has failed. Future work could further extend the test framework to also support different input 'stimuli' i.e. related structures to seccomp. Signed-off-by: Daniel Borkmann <dborkman@redhat.com> Acked-by: Alexei Starovoitov <ast@plumgrid.com> Signed-off-by: David S. Miller <davem@davemloft.net>