On Thu, Mar 25, 2021 at 04:40:34PM +0100, Toke Høiland-Jørgensen wrote:
> This adds a selftest to check that the verifier rejects a TCP CC struct_ops
> with a non-GPL license. To save having to add a whole new BPF object just
> for this, reuse the dctcp CC, but rewrite the license field before loading.
>
> Signed-off-by: Toke Høiland-Jørgensen <toke@xxxxxxxxxx>
> ---
> .../selftests/bpf/prog_tests/bpf_tcp_ca.c | 31 +++++++++++++++++++
> 1 file changed, 31 insertions(+)
>
> diff --git a/tools/testing/selftests/bpf/prog_tests/bpf_tcp_ca.c b/tools/testing/selftests/bpf/prog_tests/bpf_tcp_ca.c
> index 37c5494a0381..613cf8a00b22 100644
> --- a/tools/testing/selftests/bpf/prog_tests/bpf_tcp_ca.c
> +++ b/tools/testing/selftests/bpf/prog_tests/bpf_tcp_ca.c
> @@ -227,10 +227,41 @@ static void test_dctcp(void)
> bpf_dctcp__destroy(dctcp_skel);
> }
>
> +static void test_invalid_license(void)
> +{
> + /* We want to check that the verifier refuses to load a non-GPL TCP CC.
> + * Rather than create a whole new file+skeleton, just reuse an existing
> + * object and rewrite the license in memory after loading. Sine libbpf
> + * doesn't expose this, we define a struct that includes the first couple
> + * of internal fields for struct bpf_object so we can overwrite the right
> + * bits. Yes, this is a bit of a hack, but it makes the test a lot simpler.
> + */
> + struct bpf_object_fragment {
> + char name[BPF_OBJ_NAME_LEN];
> + char license[64];
> + } *obj;
It is fragile. A new bpf_nogpltcp.c should be created and it does
not have to be a full tcp-cc. A very minimal implementation with
only .init. Something like this (uncompiled code):
char _license[] SEC("license") = "X";
void BPF_STRUCT_OPS(nogpltcp_init, struct sock *sk)
{
}
SEC(".struct_ops")
struct tcp_congestion_ops bpf_nogpltcp = {
.init = (void *)nogpltcp_init,
.name = "bpf_nogpltcp",
};
libbpf_set_print() can also be used to look for the
the verifier log "struct ops programs must have a GPL compatible license".
