Skip to content

Commit f46a104

Browse files
jrifeAlexei Starovoitov
jrife
authored and
Alexei Starovoitov
committed
selftests/bpf: Migrate sendmsg deny test cases
This set of tests checks that sendmsg calls are rejected (return -EPERM) when the sendmsg* hook returns 0. Replace those in bpf/test_sock_addr.c with corresponding tests in prog_tests/sock_addr.c. Signed-off-by: Jordan Rife <jrife@google.com> Link: https://lore.kernel.org/r/20240510190246.3247730-8-jrife@google.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
1 parent d1b24fc commit f46a104

4 files changed

Lines changed: 110 additions & 45 deletions

File tree

tools/testing/selftests/bpf/prog_tests/sock_addr.c

Lines changed: 98 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -443,7 +443,9 @@ BPF_SKEL_FUNCS(connect4_prog, connect_v4_prog);
443443
BPF_SKEL_FUNCS(connect6_prog, connect_v6_prog);
444444
BPF_SKEL_FUNCS(connect_unix_prog, connect_unix_prog);
445445
BPF_SKEL_FUNCS(sendmsg4_prog, sendmsg_v4_prog);
446+
BPF_SKEL_FUNCS(sendmsg4_prog, sendmsg_v4_deny_prog);
446447
BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_prog);
448+
BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_deny_prog);
447449
BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_preserve_dst_prog);
448450
BPF_SKEL_FUNCS(sendmsg_unix_prog, sendmsg_unix_prog);
449451
BPF_SKEL_FUNCS(recvmsg4_prog, recvmsg4_prog);
@@ -766,6 +768,22 @@ static struct sock_addr_test tests[] = {
766768
SRC4_REWRITE_IP,
767769
SUCCESS,
768770
},
771+
{
772+
SOCK_ADDR_TEST_SENDMSG,
773+
"sendmsg4: sendmsg deny (dgram)",
774+
sendmsg_v4_deny_prog_load,
775+
sendmsg_v4_deny_prog_destroy,
776+
BPF_CGROUP_UDP4_SENDMSG,
777+
&user_ops,
778+
AF_INET,
779+
SOCK_DGRAM,
780+
SERV4_IP,
781+
SERV4_PORT,
782+
SERV4_REWRITE_IP,
783+
SERV4_REWRITE_PORT,
784+
SRC4_REWRITE_IP,
785+
SYSCALL_EPERM,
786+
},
769787
{
770788
SOCK_ADDR_TEST_SENDMSG,
771789
"sendmsg6: sendmsg (dgram)",
@@ -798,6 +816,22 @@ static struct sock_addr_test tests[] = {
798816
SRC6_IP,
799817
SUCCESS,
800818
},
819+
{
820+
SOCK_ADDR_TEST_SENDMSG,
821+
"sendmsg6: sendmsg deny (dgram)",
822+
sendmsg_v6_deny_prog_load,
823+
sendmsg_v6_deny_prog_destroy,
824+
BPF_CGROUP_UDP6_SENDMSG,
825+
&user_ops,
826+
AF_INET6,
827+
SOCK_DGRAM,
828+
SERV6_IP,
829+
SERV6_PORT,
830+
SERV6_REWRITE_IP,
831+
SERV6_REWRITE_PORT,
832+
SRC6_REWRITE_IP,
833+
SYSCALL_EPERM,
834+
},
801835
{
802836
SOCK_ADDR_TEST_SENDMSG,
803837
"sendmsg_unix: sendmsg (dgram)",
@@ -832,6 +866,22 @@ static struct sock_addr_test tests[] = {
832866
SRC4_REWRITE_IP,
833867
SUCCESS,
834868
},
869+
{
870+
SOCK_ADDR_TEST_SENDMSG,
871+
"sendmsg4: sock_sendmsg deny (dgram)",
872+
sendmsg_v4_deny_prog_load,
873+
sendmsg_v4_deny_prog_destroy,
874+
BPF_CGROUP_UDP4_SENDMSG,
875+
&kern_ops_sock_sendmsg,
876+
AF_INET,
877+
SOCK_DGRAM,
878+
SERV4_IP,
879+
SERV4_PORT,
880+
SERV4_REWRITE_IP,
881+
SERV4_REWRITE_PORT,
882+
SRC4_REWRITE_IP,
883+
SYSCALL_EPERM,
884+
},
835885
{
836886
SOCK_ADDR_TEST_SENDMSG,
837887
"sendmsg6: sock_sendmsg (dgram)",
@@ -864,6 +914,22 @@ static struct sock_addr_test tests[] = {
864914
SRC6_IP,
865915
SUCCESS,
866916
},
917+
{
918+
SOCK_ADDR_TEST_SENDMSG,
919+
"sendmsg6: sock_sendmsg deny (dgram)",
920+
sendmsg_v6_deny_prog_load,
921+
sendmsg_v6_deny_prog_destroy,
922+
BPF_CGROUP_UDP6_SENDMSG,
923+
&kern_ops_sock_sendmsg,
924+
AF_INET6,
925+
SOCK_DGRAM,
926+
SERV6_IP,
927+
SERV6_PORT,
928+
SERV6_REWRITE_IP,
929+
SERV6_REWRITE_PORT,
930+
SRC6_REWRITE_IP,
931+
SYSCALL_EPERM,
932+
},
867933
{
868934
SOCK_ADDR_TEST_SENDMSG,
869935
"sendmsg_unix: sock_sendmsg (dgram)",
@@ -898,6 +964,22 @@ static struct sock_addr_test tests[] = {
898964
SRC4_REWRITE_IP,
899965
SUCCESS,
900966
},
967+
{
968+
SOCK_ADDR_TEST_SENDMSG,
969+
"sendmsg4: kernel_sendmsg deny (dgram)",
970+
sendmsg_v4_deny_prog_load,
971+
sendmsg_v4_deny_prog_destroy,
972+
BPF_CGROUP_UDP4_SENDMSG,
973+
&kern_ops_kernel_sendmsg,
974+
AF_INET,
975+
SOCK_DGRAM,
976+
SERV4_IP,
977+
SERV4_PORT,
978+
SERV4_REWRITE_IP,
979+
SERV4_REWRITE_PORT,
980+
SRC4_REWRITE_IP,
981+
SYSCALL_EPERM,
982+
},
901983
{
902984
SOCK_ADDR_TEST_SENDMSG,
903985
"sendmsg6: kernel_sendmsg (dgram)",
@@ -930,6 +1012,22 @@ static struct sock_addr_test tests[] = {
9301012
SRC6_IP,
9311013
SUCCESS,
9321014
},
1015+
{
1016+
SOCK_ADDR_TEST_SENDMSG,
1017+
"sendmsg6: kernel_sendmsg deny (dgram)",
1018+
sendmsg_v6_deny_prog_load,
1019+
sendmsg_v6_deny_prog_destroy,
1020+
BPF_CGROUP_UDP6_SENDMSG,
1021+
&kern_ops_kernel_sendmsg,
1022+
AF_INET6,
1023+
SOCK_DGRAM,
1024+
SERV6_IP,
1025+
SERV6_PORT,
1026+
SERV6_REWRITE_IP,
1027+
SERV6_REWRITE_PORT,
1028+
SRC6_REWRITE_IP,
1029+
SYSCALL_EPERM,
1030+
},
9331031
{
9341032
SOCK_ADDR_TEST_SENDMSG,
9351033
"sendmsg_unix: sock_sendmsg (dgram)",

tools/testing/selftests/bpf/progs/sendmsg4_prog.c

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -49,4 +49,10 @@ int sendmsg_v4_prog(struct bpf_sock_addr *ctx)
4949
return 1;
5050
}
5151

52+
SEC("cgroup/sendmsg4")
53+
int sendmsg_v4_deny_prog(struct bpf_sock_addr *ctx)
54+
{
55+
return 0;
56+
}
57+
5258
char _license[] SEC("license") = "GPL";

tools/testing/selftests/bpf/progs/sendmsg6_prog.c

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -65,4 +65,10 @@ int sendmsg_v6_preserve_dst_prog(struct bpf_sock_addr *ctx)
6565
return 1;
6666
}
6767

68+
SEC("cgroup/sendmsg6")
69+
int sendmsg_v6_deny_prog(struct bpf_sock_addr *ctx)
70+
{
71+
return 0;
72+
}
73+
6874
char _license[] SEC("license") = "GPL";

tools/testing/selftests/bpf/test_sock_addr.c

Lines changed: 0 additions & 45 deletions
Original file line numberDiff line numberDiff line change
@@ -92,7 +92,6 @@ static int bind4_prog_load(const struct sock_addr_test *test);
9292
static int bind6_prog_load(const struct sock_addr_test *test);
9393
static int connect4_prog_load(const struct sock_addr_test *test);
9494
static int connect6_prog_load(const struct sock_addr_test *test);
95-
static int sendmsg_deny_prog_load(const struct sock_addr_test *test);
9695
static int sendmsg4_rw_asm_prog_load(const struct sock_addr_test *test);
9796
static int sendmsg6_rw_asm_prog_load(const struct sock_addr_test *test);
9897
static int sendmsg6_rw_v4mapped_prog_load(const struct sock_addr_test *test);
@@ -258,20 +257,6 @@ static struct sock_addr_test tests[] = {
258257
SRC4_REWRITE_IP,
259258
SUCCESS,
260259
},
261-
{
262-
"sendmsg4: deny call",
263-
sendmsg_deny_prog_load,
264-
BPF_CGROUP_UDP4_SENDMSG,
265-
BPF_CGROUP_UDP4_SENDMSG,
266-
AF_INET,
267-
SOCK_DGRAM,
268-
SERV4_IP,
269-
SERV4_PORT,
270-
SERV4_REWRITE_IP,
271-
SERV4_REWRITE_PORT,
272-
SRC4_REWRITE_IP,
273-
SYSCALL_EPERM,
274-
},
275260
{
276261
"sendmsg6: load prog with wrong expected attach type",
277262
sendmsg6_rw_asm_prog_load,
@@ -342,20 +327,6 @@ static struct sock_addr_test tests[] = {
342327
SRC6_REWRITE_IP,
343328
SUCCESS,
344329
},
345-
{
346-
"sendmsg6: deny call",
347-
sendmsg_deny_prog_load,
348-
BPF_CGROUP_UDP6_SENDMSG,
349-
BPF_CGROUP_UDP6_SENDMSG,
350-
AF_INET6,
351-
SOCK_DGRAM,
352-
SERV6_IP,
353-
SERV6_PORT,
354-
SERV6_REWRITE_IP,
355-
SERV6_REWRITE_PORT,
356-
SRC6_REWRITE_IP,
357-
SYSCALL_EPERM,
358-
},
359330
};
360331

361332
static int load_insns(const struct sock_addr_test *test,
@@ -431,22 +402,6 @@ static int connect6_prog_load(const struct sock_addr_test *test)
431402
return load_path(test, CONNECT6_PROG_PATH);
432403
}
433404

434-
static int xmsg_ret_only_prog_load(const struct sock_addr_test *test,
435-
int32_t rc)
436-
{
437-
struct bpf_insn insns[] = {
438-
/* return rc */
439-
BPF_MOV64_IMM(BPF_REG_0, rc),
440-
BPF_EXIT_INSN(),
441-
};
442-
return load_insns(test, insns, ARRAY_SIZE(insns));
443-
}
444-
445-
static int sendmsg_deny_prog_load(const struct sock_addr_test *test)
446-
{
447-
return xmsg_ret_only_prog_load(test, /*rc*/ 0);
448-
}
449-
450405
static int sendmsg4_rw_asm_prog_load(const struct sock_addr_test *test)
451406
{
452407
struct sockaddr_in dst4_rw_addr;

0 commit comments

Comments
 (0)