Re: [PATCH bpf-next v5 12/17] selftests/bpf: add tests for bpf_hid_hw_request

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 5/19/22 14:51, Kumar Kartikeya Dwivedi wrote:
On Thu, May 19, 2022 at 05:42:40PM IST, Benjamin Tissoires wrote:
On Thu, May 19, 2022 at 12:20 AM Kumar Kartikeya Dwivedi
<memxor@xxxxxxxxx> wrote:

On Thu, May 19, 2022 at 02:29:19AM IST, Benjamin Tissoires wrote:
Add tests for the newly implemented function.
We test here only the GET_REPORT part because the other calls are pure
HID protocol and won't infer the result of the test of the bpf hook.

Signed-off-by: Benjamin Tissoires <benjamin.tissoires@xxxxxxxxxx>

---

changes in v5:
- use the new hid_bpf_allocate_context() API
- remove the need for ctx_in for syscall TEST_RUN

changes in v3:
- use the new hid_get_data API
- directly use HID_FEATURE_REPORT and HID_REQ_GET_REPORT from uapi

changes in v2:
- split the series by bpf/libbpf/hid/selftests and samples
---
  tools/testing/selftests/bpf/prog_tests/hid.c | 114 ++++++++++++++++---
  tools/testing/selftests/bpf/progs/hid.c      |  59 ++++++++++
  2 files changed, 155 insertions(+), 18 deletions(-)

diff --git a/tools/testing/selftests/bpf/prog_tests/hid.c b/tools/testing/selftests/bpf/prog_tests/hid.c
index 47bc0a30c275..54c0a0fcd54d 100644
--- a/tools/testing/selftests/bpf/prog_tests/hid.c
+++ b/tools/testing/selftests/bpf/prog_tests/hid.c
@@ -77,12 +77,23 @@ static unsigned char rdesc[] = {
       0xc0,                   /* END_COLLECTION */
  };

+static u8 feature_data[] = { 1, 2 };
+
  struct attach_prog_args {
       int prog_fd;
       unsigned int hid;
       int retval;
  };

+struct hid_hw_request_syscall_args {
+     __u8 data[10];
+     unsigned int hid;
+     int retval;
+     size_t size;
+     enum hid_report_type type;
+     __u8 request_type;
+};
+
  static pthread_mutex_t uhid_started_mtx = PTHREAD_MUTEX_INITIALIZER;
  static pthread_cond_t uhid_started = PTHREAD_COND_INITIALIZER;

@@ -142,7 +153,7 @@ static void destroy(int fd)

  static int uhid_event(int fd)
  {
-     struct uhid_event ev;
+     struct uhid_event ev, answer;
       ssize_t ret;

       memset(&ev, 0, sizeof(ev));
@@ -183,6 +194,15 @@ static int uhid_event(int fd)
               break;
       case UHID_GET_REPORT:
               fprintf(stderr, "UHID_GET_REPORT from uhid-dev\n");
+
+             answer.type = UHID_GET_REPORT_REPLY;
+             answer.u.get_report_reply.id = ev.u.get_report.id;
+             answer.u.get_report_reply.err = ev.u.get_report.rnum == 1 ? 0 : -EIO;
+             answer.u.get_report_reply.size = sizeof(feature_data);
+             memcpy(answer.u.get_report_reply.data, feature_data, sizeof(feature_data));
+
+             uhid_write(fd, &answer);
+
               break;
       case UHID_SET_REPORT:
               fprintf(stderr, "UHID_SET_REPORT from uhid-dev\n");
@@ -391,6 +411,7 @@ static int open_hidraw(int dev_id)
  struct test_params {
       struct hid *skel;
       int hidraw_fd;
+     int hid_id;
  };

  static int prep_test(int dev_id, const char *prog_name, struct test_params *test_data)
@@ -419,27 +440,33 @@ static int prep_test(int dev_id, const char *prog_name, struct test_params *test
       if (!ASSERT_OK_PTR(hid_skel, "hid_skel_open"))
               goto cleanup;

-     prog = bpf_object__find_program_by_name(*hid_skel->skeleton->obj, prog_name);
-     if (!ASSERT_OK_PTR(prog, "find_prog_by_name"))
-             goto cleanup;
+     if (prog_name) {
+             prog = bpf_object__find_program_by_name(*hid_skel->skeleton->obj, prog_name);
+             if (!ASSERT_OK_PTR(prog, "find_prog_by_name"))
+                     goto cleanup;

-     bpf_program__set_autoload(prog, true);
+             bpf_program__set_autoload(prog, true);

-     err = hid__load(hid_skel);
-     if (!ASSERT_OK(err, "hid_skel_load"))
-             goto cleanup;
+             err = hid__load(hid_skel);
+             if (!ASSERT_OK(err, "hid_skel_load"))
+                     goto cleanup;

-     attach_fd = bpf_program__fd(hid_skel->progs.attach_prog);
-     if (!ASSERT_GE(attach_fd, 0, "locate attach_prog")) {
-             err = attach_fd;
-             goto cleanup;
-     }
+             attach_fd = bpf_program__fd(hid_skel->progs.attach_prog);
+             if (!ASSERT_GE(attach_fd, 0, "locate attach_prog")) {
+                     err = attach_fd;
+                     goto cleanup;
+             }

-     args.prog_fd = bpf_program__fd(prog);
-     err = bpf_prog_test_run_opts(attach_fd, &tattr);
-     snprintf(buf, sizeof(buf), "attach_hid(%s)", prog_name);
-     if (!ASSERT_EQ(args.retval, 0, buf))
-             goto cleanup;
+             args.prog_fd = bpf_program__fd(prog);
+             err = bpf_prog_test_run_opts(attach_fd, &tattr);
+             snprintf(buf, sizeof(buf), "attach_hid(%s)", prog_name);
+             if (!ASSERT_EQ(args.retval, 0, buf))
+                     goto cleanup;
+     } else {
+             err = hid__load(hid_skel);
+             if (!ASSERT_OK(err, "hid_skel_load"))
+                     goto cleanup;
+     }

       hidraw_fd = open_hidraw(dev_id);
       if (!ASSERT_GE(hidraw_fd, 0, "open_hidraw"))
@@ -447,6 +474,7 @@ static int prep_test(int dev_id, const char *prog_name, struct test_params *test

       test_data->skel = hid_skel;
       test_data->hidraw_fd = hidraw_fd;
+     test_data->hid_id = hid_id;

       return 0;

@@ -693,6 +721,54 @@ static int test_hid_change_report(int uhid_fd, int dev_id)
       return ret;
  }

+/*
+ * Attach hid_user_raw_request to the given uhid device,
+ * call the bpf program from userspace
+ * check that the program is called and does the expected.
+ */
+static int test_hid_user_raw_request_call(int uhid_fd, int dev_id)
+{
+     struct test_params params;
+     int err, prog_fd;
+     int ret = -1;
+     struct hid_hw_request_syscall_args args = {
+             .retval = -1,
+             .type = HID_FEATURE_REPORT,
+             .request_type = HID_REQ_GET_REPORT,
+             .size = 10,
+     };
+     DECLARE_LIBBPF_OPTS(bpf_test_run_opts, tattrs,
+                         .ctx_in = &args,
+                         .ctx_size_in = sizeof(args),
+     );
+
+     err = prep_test(dev_id, NULL, &params);
+     if (!ASSERT_EQ(err, 0, "prep_test()"))
+             goto cleanup;
+
+     args.hid = params.hid_id;
+     args.data[0] = 1; /* report ID */
+
+     prog_fd = bpf_program__fd(params.skel->progs.hid_user_raw_request);
+
+     err = bpf_prog_test_run_opts(prog_fd, &tattrs);
+     if (!ASSERT_EQ(err, 0, "bpf_prog_test_run_opts"))
+             goto cleanup;
+
+     if (!ASSERT_EQ(args.retval, 2, "bpf_prog_test_run_opts_retval"))
+             goto cleanup;
+
+     if (!ASSERT_EQ(args.data[1], 2, "hid_user_raw_request_check_in"))
+             goto cleanup;
+
+     ret = 0;
+
+cleanup:
+     cleanup_test(&params);
+
+     return ret;
+}
+
  void serial_test_hid_bpf(void)
  {
       int err, uhid_fd;
@@ -720,6 +796,8 @@ void serial_test_hid_bpf(void)
       ASSERT_OK(err, "hid_attach_detach");
       err = test_hid_change_report(uhid_fd, dev_id);
       ASSERT_OK(err, "hid_change_report");
+     err = test_hid_user_raw_request_call(uhid_fd, dev_id);
+     ASSERT_OK(err, "hid_change_report");

       destroy(uhid_fd);

diff --git a/tools/testing/selftests/bpf/progs/hid.c b/tools/testing/selftests/bpf/progs/hid.c
index ee7529c47ad8..e3444d444303 100644
--- a/tools/testing/selftests/bpf/progs/hid.c
+++ b/tools/testing/selftests/bpf/progs/hid.c
@@ -10,6 +10,13 @@ extern __u8 *hid_bpf_get_data(struct hid_bpf_ctx *ctx,
                             unsigned int offset,
                             const size_t __sz) __ksym;
  extern int hid_bpf_attach_prog(unsigned int hid_id, int prog_fd, u32 flags) __ksym;
+extern struct hid_bpf_ctx *hid_bpf_allocate_context(unsigned int hid_id) __ksym;
+extern void hid_bpf_release_context(struct hid_bpf_ctx *ctx) __ksym;
+extern int hid_bpf_hw_request(struct hid_bpf_ctx *ctx,
+                           __u8 *data,
+                           size_t len,
+                           enum hid_report_type type,
+                           int reqtype) __ksym;

  struct attach_prog_args {
       int prog_fd;
@@ -56,3 +63,55 @@ int attach_prog(struct attach_prog_args *ctx)
                                         0);
       return 0;
  }
+
+struct hid_hw_request_syscall_args {
+     /* data needs to come at offset 0 so we can do a memcpy into it */
+     __u8 data[10];
+     unsigned int hid;
+     int retval;
+     size_t size;
+     enum hid_report_type type;
+     __u8 request_type;
+};
+
+SEC("syscall")
+int hid_user_raw_request(struct hid_hw_request_syscall_args *args)
+{
+     struct hid_bpf_ctx *ctx;
+     int i, ret = 0;
+     __u8 *data;
+
+     ctx = hid_bpf_allocate_context(args->hid);
+     if (!ctx)
+             return 0; /* EPERM check */
+
+     /* We can not use the context data memory directly in the hid_bpf call,
+      * so we rely on the PTR_TO_MEM allocated in the hid_bpf_context
+      */
+     data = hid_bpf_get_data(ctx, 0 /* offset */, 10 /* size */);
+     if (!data)
+             goto out; /* EPERM check */
+

If I'm reading this right, you need more than just returning PTR_TO_MEM. Since
this points into allocated ctx, nothing prevents user from accessing data after
we do hid_bpf_release_context.

oops. I missed that point.

TBH, ideally I wanted to directly pass args->data into
hid_bpf_hw_request(). But because args is seen as the context of the
program, I can not pass it to the kfunc arguments.
I would happily prevent getting a data pointer for a manually
allocated context if I could solve that issue. This would save me from
calling twice  __builtin_memcpy.

Oh, is that why you need to do this? So if you were able to pass args->data, you
wouldn't need this hid_bpf_get_data? kfunc does support taking PTR_TO_CTX (i.e.
args in your case), I am not sure why you're not passing it in directly then.
Did you encounter any errors when trying to do so? The only requirement is that
args offset must be 0 (i.e. passed as is without increment).

With the following patch applied, the tests are failing:
---
diff --git a/tools/testing/selftests/bpf/progs/hid.c b/tools/testing/selftests/bpf/progs/hid.c
index 43724fd26fb9..976fc8b83934 100644
--- a/tools/testing/selftests/bpf/progs/hid.c
+++ b/tools/testing/selftests/bpf/progs/hid.c
@@ -80,24 +80,14 @@ int hid_user_raw_request(struct hid_hw_request_syscall_args *args)
 {
        struct hid_bpf_ctx *ctx;
        int i, ret = 0;
-       __u8 *data;
ctx = hid_bpf_allocate_context(args->hid);
        if (!ctx)
                return 0; /* EPERM check */
- /* We can not use the context data memory directly in the hid_bpf call,
-        * so we rely on the PTR_TO_MEM allocated in the hid_bpf_context
-        */
-       data = hid_bpf_get_data(ctx, 0 /* offset */, 10 /* size */);
-       if (!data)
-               goto out; /* EPERM check */
-
-       __builtin_memcpy(data, args->data, sizeof(args->data));
-
        if (args->size <= sizeof(args->data)) {
                ret = hid_bpf_hw_request(ctx,
-                                        data,
+                                        args->data,
                                         args->size,
                                         args->type,
                                         args->request_type);
@@ -109,8 +99,6 @@ int hid_user_raw_request(struct hid_hw_request_syscall_args *args)
                goto out;
        }
- __builtin_memcpy(args->data, data, sizeof(args->data));
-
  out:
        hid_bpf_release_context(ctx);
---

Output of the verifier:

libbpf: prog 'hid_user_raw_request': BPF program load failed: Invalid argument
libbpf: prog 'hid_user_raw_request': -- BEGIN PROG LOAD LOG --
R1 type=ctx expected=fp
0: R1=ctx(off=0,imm=0) R10=fp0
; int hid_user_raw_request(struct hid_hw_request_syscall_args *args)
0: (bf) r7 = r1                       ; R1=ctx(off=0,imm=0) R7_w=ctx(off=0,imm=0)
; ctx = hid_bpf_allocate_context(args->hid);
1: (61) r1 = *(u32 *)(r7 +12)         ; R1_w=scalar(umax=4294967295,var_off=(0x0; 0xffffffff)) R7_w=ctx(off=0,imm=0)
; ctx = hid_bpf_allocate_context(args->hid);
2: (85) call hid_bpf_allocate_context#66484
3: (bf) r6 = r0                       ; R0_w=ptr_or_null_hid_bpf_ctx(id=2,ref_obj_id=2,off=0,imm=0) R6_w=ptr_or_null_hid_bpf_ctx(id=2,ref_obj_id=2,off=0,imm=0) refs=2
4: (b4) w8 = 0                        ; R8_w=0 refs=2
; if (!ctx)
5: (15) if r6 == 0x0 goto pc+12       ; R6_w=ptr_hid_bpf_ctx(ref_obj_id=2,off=0,imm=0) refs=2
6: (b4) w8 = -7                       ; R8_w=4294967289 refs=2
; if (args->size <= sizeof(args->data)) {
7: (79) r3 = *(u64 *)(r7 +24)         ; R3=scalar() R7=ctx(off=0,imm=0) refs=2
; if (args->size <= sizeof(args->data)) {
8: (25) if r3 > 0xa goto pc+7         ; R3=scalar(umax=10,var_off=(0x0; 0xf)) refs=2
; args->request_type);
9: (71) r5 = *(u8 *)(r7 +36)          ; R5_w=scalar(umax=255,var_off=(0x0; 0xff)) R7=ctx(off=0,imm=0) refs=2
; args->type,
10: (61) r4 = *(u32 *)(r7 +32)        ; R4_w=scalar(umax=4294967295,var_off=(0x0; 0xffffffff)) R7=ctx(off=0,imm=0) refs=2
; ret = hid_bpf_hw_request(ctx,
11: (bf) r1 = r6                      ; R1_w=ptr_hid_bpf_ctx(ref_obj_id=2,off=0,imm=0) R6=ptr_hid_bpf_ctx(ref_obj_id=2,off=0,imm=0) refs=2
12: (bf) r2 = r7                      ; R2_w=ctx(off=0,imm=0) R7=ctx(off=0,imm=0) refs=2
13: (85) call hid_bpf_hw_request#66480
R2 type=ctx expected=fp
processed 14 insns (limit 1000000) max_states_per_insn 0 total_states 1 peak_states 1 mark_read 1
-- END PROG LOAD LOG --

Maybe I am wrongly declaring hid_bpf_hw_request()?

Cheers,
Benjamin



That doesn't change the fact that you are correct and the PTR_TO_MEM
in kfunc code should be fixed.
But right now, I am not sure what you mean below and I'll need a
little bit more time to process it.

Cheers,
Benjamin


The ref_obj_id of ctx needs to be transferred to R0.ref_obj_id, and R0.id needs
to be assigned another id distinct from the ref_obj_id.

My idea would be to give this type of function a new set, and handle this case
of transferring ref_obj_id into R0. See is_ptr_cast_function in verifier.c.
Shouldn't be too much code. You could even use the bpf_kfunc_arg_meta to store
the ref_obj_id (and ensure only one referenced register exists among the 5
arguments).

+     __builtin_memcpy(data, args->data, sizeof(args->data));
+
+     if (args->size <= sizeof(args->data)) {
+             ret = hid_bpf_hw_request(ctx,
+                                      data,
+                                      args->size,
+                                      args->type,
+                                      args->request_type);
+             args->retval = ret;
+             if (ret < 0)
+                     goto out;
+     } else {
+             ret = -7; /* -E2BIG */
+             goto out;
+     }
+
+     __builtin_memcpy(args->data, data, sizeof(args->data));
+
+ out:
+     hid_bpf_release_context(ctx);
+
+     return ret;
+}
--
2.36.1


--
Kartikeya



--
Kartikeya





[Index of Archives]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]

  Powered by Linux