This reverts commit 0072e3624b463636c842ad8e261f1dc91deb8c78.
The test tests behavior which can not be permitted because of Spectre v1. See the following commit
Revert "bpf: Fix issue in verifying allow_ptr_leaks"
which reverts commit d75e30dddf73449bc2d10bb8e2f1a2c446bc67a2 for a detailed description of the issue.
Reported-by: Daniel Borkmann daniel@iogearbox.net Signed-off-by: Luis Gerhorst gerhorst@amazon.de Signed-off-by: Luis Gerhorst gerhorst@cs.fau.de --- .../testing/selftests/bpf/prog_tests/tc_bpf.c | 36 +------------------ .../testing/selftests/bpf/progs/test_tc_bpf.c | 13 ------- 2 files changed, 1 insertion(+), 48 deletions(-)
diff --git a/tools/testing/selftests/bpf/prog_tests/tc_bpf.c b/tools/testing/selftests/bpf/prog_tests/tc_bpf.c index 48b55539331e..e873766276d1 100644 --- a/tools/testing/selftests/bpf/prog_tests/tc_bpf.c +++ b/tools/testing/selftests/bpf/prog_tests/tc_bpf.c @@ -3,7 +3,6 @@ #include <test_progs.h> #include <linux/pkt_cls.h>
-#include "cap_helpers.h" #include "test_tc_bpf.skel.h"
#define LO_IFINDEX 1 @@ -328,7 +327,7 @@ static int test_tc_bpf_api(struct bpf_tc_hook *hook, int fd) return 0; }
-void tc_bpf_root(void) +void test_tc_bpf(void) { DECLARE_LIBBPF_OPTS(bpf_tc_hook, hook, .ifindex = LO_IFINDEX, .attach_point = BPF_TC_INGRESS); @@ -394,36 +393,3 @@ void tc_bpf_root(void) } test_tc_bpf__destroy(skel); } - -void tc_bpf_non_root(void) -{ - struct test_tc_bpf *skel = NULL; - __u64 caps = 0; - int ret; - - /* In case CAP_BPF and CAP_PERFMON is not set */ - ret = cap_enable_effective(1ULL << CAP_BPF | 1ULL << CAP_NET_ADMIN, &caps); - if (!ASSERT_OK(ret, "set_cap_bpf_cap_net_admin")) - return; - ret = cap_disable_effective(1ULL << CAP_SYS_ADMIN | 1ULL << CAP_PERFMON, NULL); - if (!ASSERT_OK(ret, "disable_cap_sys_admin")) - goto restore_cap; - - skel = test_tc_bpf__open_and_load(); - if (!ASSERT_OK_PTR(skel, "test_tc_bpf__open_and_load")) - goto restore_cap; - - test_tc_bpf__destroy(skel); - -restore_cap: - if (caps) - cap_enable_effective(caps, NULL); -} - -void test_tc_bpf(void) -{ - if (test__start_subtest("tc_bpf_root")) - tc_bpf_root(); - if (test__start_subtest("tc_bpf_non_root")) - tc_bpf_non_root(); -} diff --git a/tools/testing/selftests/bpf/progs/test_tc_bpf.c b/tools/testing/selftests/bpf/progs/test_tc_bpf.c index ef7da419632a..d28ca8d1f3d0 100644 --- a/tools/testing/selftests/bpf/progs/test_tc_bpf.c +++ b/tools/testing/selftests/bpf/progs/test_tc_bpf.c @@ -2,8 +2,6 @@
#include <linux/bpf.h> #include <bpf/bpf_helpers.h> -#include <linux/if_ether.h> -#include <linux/ip.h>
/* Dummy prog to test TC-BPF API */
@@ -12,14 +10,3 @@ int cls(struct __sk_buff *skb) { return 0; } - -/* Prog to verify tc-bpf without cap_sys_admin and cap_perfmon */ -SEC("tcx/ingress") -int pkt_ptr(struct __sk_buff *skb) -{ - struct iphdr *iph = (void *)(long)skb->data + sizeof(struct ethhdr); - - if ((long)(iph + 1) > (long)skb->data_end) - return 1; - return 0; -}
Hello:
This series was applied to bpf/bpf.git (master) by Daniel Borkmann daniel@iogearbox.net:
On Wed, 13 Sep 2023 12:25:15 +0000 you wrote:
This reverts commit 0072e3624b463636c842ad8e261f1dc91deb8c78.
The test tests behavior which can not be permitted because of Spectre v1. See the following commit
Revert "bpf: Fix issue in verifying allow_ptr_leaks"
[...]
Here is the summary with links: - [1/3] Revert "selftests/bpf: Add selftest for allow_ptr_leaks" https://git.kernel.org/bpf/bpf/c/cc7a599ca30f - [2/3] Revert "bpf: Fix issue in verifying allow_ptr_leaks" https://git.kernel.org/bpf/bpf/c/45f2aaba1079 - [3/3] selftests/bpf: Add selftest for packet-pointer Spectre v1 gadget https://git.kernel.org/bpf/bpf/c/fc7274e42d14
You are awesome, thank you!
linux-kselftest-mirror@lists.linaro.org
-
Luis Gerhorst -
patchwork-bot+netdevbpf@kernel.org