Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bpf: fix ktls panic with sockmap and add tests #8509

Open
wants to merge 2 commits into
base: bpf-next_base
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 6 additions & 2 deletions net/tls/tls_sw.c
Original file line number Diff line number Diff line change
@@ -1120,9 +1120,13 @@ static int tls_sw_sendmsg_locked(struct sock *sk, struct msghdr *msg,
num_async++;
else if (ret == -ENOMEM)
goto wait_for_memory;
else if (ctx->open_rec && ret == -ENOSPC)
else if (ctx->open_rec && ret == -ENOSPC) {
if (msg_pl->cork_bytes) {
ret = 0;
goto send_end;
}
goto rollback_iter;
else if (ret != -EAGAIN)
} else if (ret != -EAGAIN)
goto send_end;
}
continue;
174 changes: 173 additions & 1 deletion tools/testing/selftests/bpf/prog_tests/sockmap_ktls.c
Original file line number Diff line number Diff line change
@@ -3,13 +3,64 @@
/*
* Tests for sockmap/sockhash holding kTLS sockets.
*/

#include <error.h>
#include <netinet/tcp.h>
#include <linux/tls.h>
#include "test_progs.h"
#include "sockmap_helpers.h"
#include "test_skmsg_load_helpers.skel.h"
#include "test_sockmap_ktls.skel.h"

#define MAX_TEST_NAME 80
#define TCP_ULP 31

static int init_ktls_pairs(int c, int p)
{
int err;
struct tls12_crypto_info_aes_gcm_128 crypto_rx;
struct tls12_crypto_info_aes_gcm_128 crypto_tx;

err = setsockopt(c, IPPROTO_TCP, TCP_ULP, "tls", strlen("tls"));
if (!ASSERT_OK(err, "setsockopt(TCP_ULP)"))
goto out;

err = setsockopt(p, IPPROTO_TCP, TCP_ULP, "tls", strlen("tls"));
if (!ASSERT_OK(err, "setsockopt(TCP_ULP)"))
goto out;

memset(&crypto_rx, 0, sizeof(crypto_rx));
memset(&crypto_tx, 0, sizeof(crypto_tx));
crypto_rx.info.version = TLS_1_2_VERSION;
crypto_tx.info.version = TLS_1_2_VERSION;
crypto_rx.info.cipher_type = TLS_CIPHER_AES_GCM_128;
crypto_tx.info.cipher_type = TLS_CIPHER_AES_GCM_128;

err = setsockopt(c, SOL_TLS, TLS_TX, &crypto_tx, sizeof(crypto_tx));
if (!ASSERT_OK(err, "setsockopt(TLS_TX)"))
goto out;

err = setsockopt(p, SOL_TLS, TLS_RX, &crypto_rx, sizeof(crypto_rx));
if (!ASSERT_OK(err, "setsockopt(TLS_RX)"))
goto out;
return 0;
out:
return -1;
}

static int create_ktls_pairs(int family, int sotype, int *c, int *p)
{
int err;

err = create_pair(family, sotype, c, p);
if (!ASSERT_OK(err, "create_pair()"))
return -1;

err = init_ktls_pairs(*c, *p);
if (!ASSERT_OK(err, "init_ktls_pairs(c, p)"))
return -1;
return 0;
}

static int tcp_server(int family)
{
int err, s;
@@ -146,6 +197,115 @@ static const char *fmt_test_name(const char *subtest_name, int family,
return test_name;
}

static void test_sockmap_ktls_offload(int family, int sotype)
{
int err;
int c = 0, p = 0, sent, recvd;
char msg[12] = "hello world\0";
char rcv[13];

err = create_ktls_pairs(family, sotype, &c, &p);
if (!ASSERT_OK(err, "create_ktls_pairs()"))
goto out;

sent = send(c, msg, sizeof(msg), 0);
if (!ASSERT_OK(err, "send(msg)"))
goto out;

recvd = recv(p, rcv, sizeof(rcv), 0);
if (!ASSERT_OK(err, "recv(msg)") ||
!ASSERT_EQ(recvd, sent, "length mismatch"))
goto out;

ASSERT_OK(memcmp(msg, rcv, sizeof(msg)), "data mismatch");

out:
if (c)
close(c);
if (p)
close(p);
}

static void test_sockmap_ktls_tx_cork(int family, int sotype, bool push)
{
int err, off;
int i, j;
int start_push = 0, push_len = 0;
int c = 0, p = 0, one = 1, sent, recvd;
int prog_fd, map_fd;
char msg[12] = "hello world\0";
char rcv[20] = {0};
struct test_sockmap_ktls *skel;

skel = test_sockmap_ktls__open_and_load();
if (!ASSERT_TRUE(skel, "open ktls skel"))
return;

err = create_pair(family, sotype, &c, &p);
if (!ASSERT_OK(err, "create_pair()"))
goto out;

prog_fd = bpf_program__fd(skel->progs.prog_sk_policy);
map_fd = bpf_map__fd(skel->maps.sock_map);

err = bpf_prog_attach(prog_fd, map_fd, BPF_SK_MSG_VERDICT, 0);
if (!ASSERT_OK(err, "bpf_prog_attach sk msg"))
goto out;

err = bpf_map_update_elem(map_fd, &one, &c, BPF_NOEXIST);
if (!ASSERT_OK(err, "bpf_map_update_elem(c)"))
goto out;

err = init_ktls_pairs(c, p);
if (!ASSERT_OK(err, "init_ktls_pairs(c, p)"))
goto out;

skel->bss->cork_byte = sizeof(msg);
if (push) {
start_push = 1;
push_len = 2;
}
skel->bss->push_start = start_push;
skel->bss->push_end = push_len;

off = sizeof(msg) / 2;
sent = send(c, msg, off, 0);
if (!ASSERT_EQ(sent, off, "send(msg)"))
goto out;

recvd = recv_timeout(p, rcv, sizeof(rcv), MSG_DONTWAIT, 1);
if (!ASSERT_EQ(-1, recvd, "expected no data"))
goto out;

/* send remaining msg */
sent = send(c, msg + off, sizeof(msg) - off, 0);
if (!ASSERT_EQ(sent, sizeof(msg) - off, "send remaining data"))
goto out;

recvd = recv_timeout(p, rcv, sizeof(rcv), MSG_DONTWAIT, 1);
if (!ASSERT_OK(err, "recv(msg)") ||
!ASSERT_EQ(recvd, sizeof(msg) + push_len, "check length mismatch"))
goto out;

for (i = 0, j = 0; i < recvd;) {
/* skip checking the data that has been pushed in */
if (i >= start_push && i <= start_push + push_len - 1) {
i++;
continue;
}
if (!ASSERT_EQ(rcv[i], msg[j], "data mismatch"))
goto out;
i++;
j++;
}
out:
if (c)
close(c);
if (p)
close(p);
test_sockmap_ktls__destroy(skel);
}

static void run_tests(int family, enum bpf_map_type map_type)
{
int map;
@@ -162,10 +322,22 @@ static void run_tests(int family, enum bpf_map_type map_type)
close(map);
}

static void run_ktls_test(int family, int sotype)
{
if (test__start_subtest("tls simple offload"))
test_sockmap_ktls_offload(family, sotype);
if (test__start_subtest("tls tx cork"))
test_sockmap_ktls_tx_cork(family, sotype, false);
if (test__start_subtest("tls tx cork with push"))
test_sockmap_ktls_tx_cork(family, sotype, true);
}

void test_sockmap_ktls(void)
{
run_tests(AF_INET, BPF_MAP_TYPE_SOCKMAP);
run_tests(AF_INET, BPF_MAP_TYPE_SOCKHASH);
run_tests(AF_INET6, BPF_MAP_TYPE_SOCKMAP);
run_tests(AF_INET6, BPF_MAP_TYPE_SOCKHASH);
run_ktls_test(AF_INET, SOCK_STREAM);
run_ktls_test(AF_INET6, SOCK_STREAM);
}
26 changes: 26 additions & 0 deletions tools/testing/selftests/bpf/progs/test_sockmap_ktls.c
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
// SPDX-License-Identifier: GPL-2.0
#include <linux/bpf.h>
#include <bpf/bpf_helpers.h>
#include <bpf/bpf_endian.h>

int cork_byte;
int push_start;
int push_end;

struct {
__uint(type, BPF_MAP_TYPE_SOCKMAP);
__uint(max_entries, 20);
__type(key, int);
__type(value, int);
} sock_map SEC(".maps");

SEC("sk_msg")
int prog_sk_policy(struct sk_msg_md *msg)
{
if (cork_byte > 0)
bpf_msg_cork_bytes(msg, cork_byte);
if (push_start > 0 && push_end > 0)
bpf_msg_push_data(msg, push_start, push_end, 0);

return SK_PASS;
}