This test is similar to icmp_send_unreach_kfunc but checks that, in case of recursion, meaning that the BPF program calling the kfunc was re-triggered by the icmp_send done by the kfunc, the kfunc will stop early and return -EBUSY. Signed-off-by: Mahe Tardy --- .../bpf/prog_tests/icmp_send_unreach_kfunc.c | 43 +++++++++++++++++++ .../selftests/bpf/progs/icmp_send_unreach.c | 30 +++++++++++++ 2 files changed, 73 insertions(+) diff --git a/tools/testing/selftests/bpf/prog_tests/icmp_send_unreach_kfunc.c b/tools/testing/selftests/bpf/prog_tests/icmp_send_unreach_kfunc.c index 047bfd4d80f7..a4f4324b2b99 100644 --- a/tools/testing/selftests/bpf/prog_tests/icmp_send_unreach_kfunc.c +++ b/tools/testing/selftests/bpf/prog_tests/icmp_send_unreach_kfunc.c @@ -1,6 +1,7 @@ // SPDX-License-Identifier: GPL-2.0 #include #include +#include #include #include "icmp_send_unreach.skel.h" @@ -10,6 +11,7 @@ #define ICMP_DEST_UNREACH 3 #define ICMPV6_DEST_UNREACH 1 +#define ICMP_HOST_UNREACH 1 #define ICMP_FRAG_NEEDED 4 #define NR_ICMP_UNREACH 15 #define NR_ICMPV6_UNREACH 6 @@ -157,3 +159,44 @@ void test_icmp_send_unreach_kfunc(void) icmp_send_unreach__destroy(skel); close(cgroup_fd); } + +void test_icmp_send_unreach_recursion(void) +{ + struct icmp_send_unreach *skel; + int cgroup_fd = -1; + int *code; + + skel = icmp_send_unreach__open_and_load(); + if (!ASSERT_OK_PTR(skel, "skel_open")) + goto cleanup; + + if (setup_cgroup_environment()) { + fprintf(stderr, "Failed to setup cgroup environment\n"); + goto cleanup; + } + + cgroup_fd = get_root_cgroup(); + if (!ASSERT_GE(cgroup_fd, 0, "get_root_cgroup")) + goto cleanup; + + skel->links.recursion = + bpf_program__attach_cgroup(skel->progs.recursion, cgroup_fd); + if (!ASSERT_OK_PTR(skel->links.recursion, "prog_attach_cgroup")) + goto cleanup; + + code = &skel->bss->unreach_code; + *code = ICMP_HOST_UNREACH; + + trigger_prog_read_icmp_errqueue(code, AF_INET, "127.0.0.1"); + + /* Because there's recursion involved, the first call will return at + * index 1 since it will return the second, and the second call will + * return at index 0 since it will return the first. + */ + ASSERT_EQ(skel->data->rec_kfunc_rets[1], 0, "kfunc_rets[1]"); + ASSERT_EQ(skel->data->rec_kfunc_rets[0], -EBUSY, "kfunc_rets[0]"); + +cleanup: + icmp_send_unreach__destroy(skel); + close(cgroup_fd); +} diff --git a/tools/testing/selftests/bpf/progs/icmp_send_unreach.c b/tools/testing/selftests/bpf/progs/icmp_send_unreach.c index 112b9cbfab6f..9aca7c0b12e1 100644 --- a/tools/testing/selftests/bpf/progs/icmp_send_unreach.c +++ b/tools/testing/selftests/bpf/progs/icmp_send_unreach.c @@ -15,6 +15,9 @@ int unreach_code = 0; int kfunc_ret = -1; +uint rec_count = 0; +int rec_kfunc_rets[] = { -1, -1 }; + SEC("cgroup_skb/egress") int egress(struct __sk_buff *skb) { @@ -67,4 +70,31 @@ int egress(struct __sk_buff *skb) return SK_DROP; } +SEC("cgroup_skb/egress") +int recursion(struct __sk_buff *skb) +{ + void *data = (void *)(long)skb->data; + void *data_end = (void *)(long)skb->data_end; + struct iphdr *iph; + + iph = data; + if ((void *)(iph + 1) > data_end || iph->version != 4) + return SK_PASS; + + /* This call will provoke a recursion: the ICMP package generated by the + * kfunc will re-trigger this program since we are in the root cgroup in + * which the kernel ICMP socket belongs. However when re-entering the + * kfunc, it should return EBUSY. + */ + rec_kfunc_rets[rec_count & 1] = + bpf_icmp_send_unreach(skb, unreach_code); + __sync_fetch_and_add(&rec_count, 1); + + /* Let the first ICMP error message pass */ + if (iph->protocol == IPPROTO_ICMP) + return SK_PASS; + + return SK_DROP; +} + char LICENSE[] SEC("license") = "Dual BSD/GPL"; -- 2.34.1