| Message ID | 20240401123455.1377896-1-usama.anjum@collabora.com |
|---|---|
| State | New |
| Headers | show |
| Series | [bpf-next,v3] selftests/bpf: Move test_dev_cgroup to prog_tests | expand |
On 4/3/24 5:03 AM, Muhammad Usama Anjum wrote: > On 4/3/24 7:36 AM, Yonghong Song wrote: >> On 4/2/24 8:16 AM, Muhammad Usama Anjum wrote: >>> Yonghong Song, >>> >>> Thank you so much for replying. I was missing how to run pipeline manually. >>> Thanks a ton. >>> >>> On 4/1/24 11:53 PM, Yonghong Song wrote: >>>> On 4/1/24 5:34 AM, Muhammad Usama Anjum wrote: >>>>> Move test_dev_cgroup.c to prog_tests/dev_cgroup.c to be able to run it >>>>> with test_progs. Replace dev_cgroup.bpf.o with skel header file, >>>>> dev_cgroup.skel.h and load program from it accourdingly. >>>>> >>>>> ./test_progs -t dev_cgroup >>>>> mknod: /tmp/test_dev_cgroup_null: Operation not permitted >>>>> 64+0 records in >>>>> 64+0 records out >>>>> 32768 bytes (33 kB, 32 KiB) copied, 0.000856684 s, 38.2 MB/s >>>>> dd: failed to open '/dev/full': Operation not permitted >>>>> dd: failed to open '/dev/random': Operation not permitted >>>>> #72 test_dev_cgroup:OK >>>>> Summary: 1/0 PASSED, 0 SKIPPED, 0 FAILED >>>>> Signed-off-by: Muhammad Usama Anjum <usama.anjum@collabora.com> >>>>> --- >>>>> Changes since v2: >>>>> - Replace test_dev_cgroup with serial_test_dev_cgroup as there is >>>>> probability that the test is racing against another cgroup test >>>>> - Minor changes to the commit message above >>>>> >>>>> I've tested the patch with vmtest.sh on bpf-next/for-next and linux >>>>> next. It is passing on both. Not sure why it was failed on BPFCI. >>>>> Test run with vmtest.h: >>>>> sudo LDLIBS=-static PKG_CONFIG='pkg-config --static' ./vmtest.sh >>>>> ./test_progs -t dev_cgroup >>>>> ./test_progs -t dev_cgroup >>>>> mknod: /tmp/test_dev_cgroup_null: Operation not permitted >>>>> 64+0 records in >>>>> 64+0 records out >>>>> 32768 bytes (33 kB, 32 KiB) copied, 0.000403432 s, 81.2 MB/s >>>>> dd: failed to open '/dev/full': Operation not permitted >>>>> dd: failed to open '/dev/random': Operation not permitted >>>>> #69 dev_cgroup:OK >>>>> Summary: 1/0 PASSED, 0 SKIPPED, 0 FAILED >>>> The CI failure: >>>> >>>> >>>> Error: #72 dev_cgroup >>>> serial_test_dev_cgroup:PASS:skel_open_and_load 0 nsec >>>> serial_test_dev_cgroup:PASS:cgroup_setup_and_join 0 nsec >>>> serial_test_dev_cgroup:PASS:bpf_attach 0 nsec >>>> serial_test_dev_cgroup:PASS:bpf_query 0 nsec >>>> serial_test_dev_cgroup:PASS:bpf_query 0 nsec >>>> serial_test_dev_cgroup:PASS:rm 0 nsec >>>> serial_test_dev_cgroup:PASS:mknod 0 nsec >>>> serial_test_dev_cgroup:PASS:rm 0 nsec >>>> serial_test_dev_cgroup:PASS:rm 0 nsec >>>> serial_test_dev_cgroup:FAIL:mknod unexpected mknod: actual 256 != >>>> expected 0 >>>> serial_test_dev_cgroup:PASS:rm 0 nsec >>>> serial_test_dev_cgroup:PASS:dd 0 nsec >>>> serial_test_dev_cgroup:PASS:dd 0 nsec >>>> serial_test_dev_cgroup:PASS:dd 0 nsec >>>> >>>> (cgroup_helpers.c:353: errno: Device or resource busy) umount cgroup2 >>>> >>>> The error code 256 means mknod execution has some issues. Maybe you need to >>>> find specific errno to find out what is going on. I think you can do ci >>>> on-demanding test to debug. >>> errno is 2 --> No such file or directory >>> >>> Locally I'm unable to reproduce it until I don't remove >>> rm -f /tmp/test_dev_cgroup_zero such that the /tmp/test_dev_cgroup_zero >>> node is present before test execution. The error code is 256 with errno 2. >>> I'm debugging by placing system("ls /tmp 1>&2"); to find out which files >>> are already present in /tmp. But ls's output doesn't appear on the CI logs. >> errno 2 means ENOENT. >> From mknod man page (https://linux.die.net/man/2/mknod), it means >> A directory component in/pathname/ does not exist or is a dangling >> symbolic link. >> >> It means /tmp does not exist or a dangling symbolic link. >> It is indeed very strange. To make the test robust, maybe creating a temp >> directory with mkdtemp and use it as the path? The temp directory >> creation should be done before bpf prog attach. > I've tried following but still no luck: > * /tmp is already present. Then I thought maybe the desired file is already > present. I've verified that there isn't file of same name is present inside > /tmp. > * I thought maybe mknod isn't present in the system. But mknod --help succeeds. > * I switched from /tmp to current directory to create the mknod. But the > result is same error. > * I've tried to use the same kernel config as the BPF CI is using. I'm not > able to reproduce it. > > Not sure which edge case or what's going on. The problem is appearing > because of some limitation in the rootfs. Maybe you could collect /tmp mount options to see whether anything is suspicious? In my vm, I have tmpfs on /tmp type tmpfs (rw,nosuid,nodev,size=3501540k,nr_inodes=1048576) and the test works fine.
On 4/5/24 1:06 AM, Yonghong Song wrote: > > On 4/3/24 5:03 AM, Muhammad Usama Anjum wrote: >> On 4/3/24 7:36 AM, Yonghong Song wrote: >>> On 4/2/24 8:16 AM, Muhammad Usama Anjum wrote: >>>> Yonghong Song, >>>> >>>> Thank you so much for replying. I was missing how to run pipeline >>>> manually. >>>> Thanks a ton. >>>> >>>> On 4/1/24 11:53 PM, Yonghong Song wrote: >>>>> On 4/1/24 5:34 AM, Muhammad Usama Anjum wrote: >>>>>> Move test_dev_cgroup.c to prog_tests/dev_cgroup.c to be able to run it >>>>>> with test_progs. Replace dev_cgroup.bpf.o with skel header file, >>>>>> dev_cgroup.skel.h and load program from it accourdingly. >>>>>> >>>>>> ./test_progs -t dev_cgroup >>>>>> mknod: /tmp/test_dev_cgroup_null: Operation not permitted >>>>>> 64+0 records in >>>>>> 64+0 records out >>>>>> 32768 bytes (33 kB, 32 KiB) copied, 0.000856684 s, 38.2 MB/s >>>>>> dd: failed to open '/dev/full': Operation not permitted >>>>>> dd: failed to open '/dev/random': Operation not permitted >>>>>> #72 test_dev_cgroup:OK >>>>>> Summary: 1/0 PASSED, 0 SKIPPED, 0 FAILED >>>>>> Signed-off-by: Muhammad Usama Anjum <usama.anjum@collabora.com> >>>>>> --- >>>>>> Changes since v2: >>>>>> - Replace test_dev_cgroup with serial_test_dev_cgroup as there is >>>>>> probability that the test is racing against another cgroup test >>>>>> - Minor changes to the commit message above >>>>>> >>>>>> I've tested the patch with vmtest.sh on bpf-next/for-next and linux >>>>>> next. It is passing on both. Not sure why it was failed on BPFCI. >>>>>> Test run with vmtest.h: >>>>>> sudo LDLIBS=-static PKG_CONFIG='pkg-config --static' ./vmtest.sh >>>>>> ./test_progs -t dev_cgroup >>>>>> ./test_progs -t dev_cgroup >>>>>> mknod: /tmp/test_dev_cgroup_null: Operation not permitted >>>>>> 64+0 records in >>>>>> 64+0 records out >>>>>> 32768 bytes (33 kB, 32 KiB) copied, 0.000403432 s, 81.2 MB/s >>>>>> dd: failed to open '/dev/full': Operation not permitted >>>>>> dd: failed to open '/dev/random': Operation not permitted >>>>>> #69 dev_cgroup:OK >>>>>> Summary: 1/0 PASSED, 0 SKIPPED, 0 FAILED >>>>> The CI failure: >>>>> >>>>> >>>>> Error: #72 dev_cgroup >>>>> serial_test_dev_cgroup:PASS:skel_open_and_load 0 nsec >>>>> serial_test_dev_cgroup:PASS:cgroup_setup_and_join 0 nsec >>>>> serial_test_dev_cgroup:PASS:bpf_attach 0 nsec >>>>> serial_test_dev_cgroup:PASS:bpf_query 0 nsec >>>>> serial_test_dev_cgroup:PASS:bpf_query 0 nsec >>>>> serial_test_dev_cgroup:PASS:rm 0 nsec >>>>> serial_test_dev_cgroup:PASS:mknod 0 nsec >>>>> serial_test_dev_cgroup:PASS:rm 0 nsec >>>>> serial_test_dev_cgroup:PASS:rm 0 nsec >>>>> serial_test_dev_cgroup:FAIL:mknod unexpected mknod: actual 256 != >>>>> expected 0 >>>>> serial_test_dev_cgroup:PASS:rm 0 nsec >>>>> serial_test_dev_cgroup:PASS:dd 0 nsec >>>>> serial_test_dev_cgroup:PASS:dd 0 nsec >>>>> serial_test_dev_cgroup:PASS:dd 0 nsec >>>>> >>>>> (cgroup_helpers.c:353: errno: Device or resource busy) umount cgroup2 >>>>> >>>>> The error code 256 means mknod execution has some issues. Maybe you >>>>> need to >>>>> find specific errno to find out what is going on. I think you can do ci >>>>> on-demanding test to debug. >>>> errno is 2 --> No such file or directory >>>> >>>> Locally I'm unable to reproduce it until I don't remove >>>> rm -f /tmp/test_dev_cgroup_zero such that the /tmp/test_dev_cgroup_zero >>>> node is present before test execution. The error code is 256 with errno 2. >>>> I'm debugging by placing system("ls /tmp 1>&2"); to find out which files >>>> are already present in /tmp. But ls's output doesn't appear on the CI >>>> logs. >>> errno 2 means ENOENT. >>> From mknod man page (https://linux.die.net/man/2/mknod), it means >>> A directory component in/pathname/ does not exist or is a dangling >>> symbolic link. >>> >>> It means /tmp does not exist or a dangling symbolic link. >>> It is indeed very strange. To make the test robust, maybe creating a temp >>> directory with mkdtemp and use it as the path? The temp directory >>> creation should be done before bpf prog attach. >> I've tried following but still no luck: >> * /tmp is already present. Then I thought maybe the desired file is already >> present. I've verified that there isn't file of same name is present inside >> /tmp. >> * I thought maybe mknod isn't present in the system. But mknod --help >> succeeds. >> * I switched from /tmp to current directory to create the mknod. But the >> result is same error. >> * I've tried to use the same kernel config as the BPF CI is using. I'm not >> able to reproduce it. >> >> Not sure which edge case or what's going on. The problem is appearing >> because of some limitation in the rootfs. > > Maybe you could collect /tmp mount options to see whether anything is > suspicious? In my vm, I have > tmpfs on /tmp type tmpfs (rw,nosuid,nodev,size=3501540k,nr_inodes=1048576) > and the test works fine. > > My test system: tmpfs /tmp tmpfs rw,relatime 0 0 On the CI, /tmp is present. But it isn't tmpfs. Following shows the logs from /proc/mounts On CI: /dev/root / 9p rw,relatime,cache=f,access=client,msize=512000,trans=virtio 0 0 devtmpfs /dev devtmpfs rw,relatime,size=1998612k,nr_inodes=499653,mode=755 0 0 tmpfs /dev/shm tmpfs rw,nosuid,nodev,relatime 0 0 proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0 tmpfs /run tmpfs rw,nosuid,nodev,relatime 0 0 tmpfs /run/netns tmpfs rw,nosuid,nodev,relatime 0 0 sys /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0 debugfs /sys/kernel/debug debugfs rw,relatime 0 0 tracefs /sys/kernel/debug/tracing tracefs rw,relatime 0 0 cgroup2 /sys/fs/cgroup cgroup2 rw,nosuid,nodev,noexec,relatime 0 0 tmpfs /sys/fs/cgroup tmpfs rw,relatime 0 0 net_cls /sys/fs/cgroup/net_cls cgroup rw,relatime,net_cls 0 0 tmpfs /sys/fs/cgroup tmpfs rw,relatime 0 0 net_cls /sys/fs/cgroup/net_cls cgroup rw,relatime,net_cls 0 0 tmpfs /sys/fs/cgroup tmpfs rw,relatime 0 0 net_cls /sys/fs/cgroup/net_cls cgroup rw,relatime,net_cls 0 0 bpffs /sys/fs/bpf bpf rw,relatime 0 0 bpf /sys/fs/bpf bpf rw,relatime 0 0 tmpfs /mnt tmpfs rw,nosuid,nodev,relatime 0 0 vmtest-shared /mnt/vmtest 9p rw,relatime,cache=f,access=client,msize=512000,trans=virtio 0 0 none /mnt cgroup2 rw,relatime 0 0
On 5/3/24 6:55 AM, Muhammad Usama Anjum wrote: > On 4/5/24 1:06 AM, Yonghong Song wrote: >> On 4/3/24 5:03 AM, Muhammad Usama Anjum wrote: >>> On 4/3/24 7:36 AM, Yonghong Song wrote: >>>> On 4/2/24 8:16 AM, Muhammad Usama Anjum wrote: >>>>> Yonghong Song, >>>>> >>>>> Thank you so much for replying. I was missing how to run pipeline >>>>> manually. >>>>> Thanks a ton. >>>>> >>>>> On 4/1/24 11:53 PM, Yonghong Song wrote: >>>>>> On 4/1/24 5:34 AM, Muhammad Usama Anjum wrote: >>>>>>> Move test_dev_cgroup.c to prog_tests/dev_cgroup.c to be able to run it >>>>>>> with test_progs. Replace dev_cgroup.bpf.o with skel header file, >>>>>>> dev_cgroup.skel.h and load program from it accourdingly. >>>>>>> >>>>>>> ./test_progs -t dev_cgroup >>>>>>> mknod: /tmp/test_dev_cgroup_null: Operation not permitted >>>>>>> 64+0 records in >>>>>>> 64+0 records out >>>>>>> 32768 bytes (33 kB, 32 KiB) copied, 0.000856684 s, 38.2 MB/s >>>>>>> dd: failed to open '/dev/full': Operation not permitted >>>>>>> dd: failed to open '/dev/random': Operation not permitted >>>>>>> #72 test_dev_cgroup:OK >>>>>>> Summary: 1/0 PASSED, 0 SKIPPED, 0 FAILED >>>>>>> Signed-off-by: Muhammad Usama Anjum <usama.anjum@collabora.com> >>>>>>> --- >>>>>>> Changes since v2: >>>>>>> - Replace test_dev_cgroup with serial_test_dev_cgroup as there is >>>>>>> probability that the test is racing against another cgroup test >>>>>>> - Minor changes to the commit message above >>>>>>> >>>>>>> I've tested the patch with vmtest.sh on bpf-next/for-next and linux >>>>>>> next. It is passing on both. Not sure why it was failed on BPFCI. >>>>>>> Test run with vmtest.h: >>>>>>> sudo LDLIBS=-static PKG_CONFIG='pkg-config --static' ./vmtest.sh >>>>>>> ./test_progs -t dev_cgroup >>>>>>> ./test_progs -t dev_cgroup >>>>>>> mknod: /tmp/test_dev_cgroup_null: Operation not permitted >>>>>>> 64+0 records in >>>>>>> 64+0 records out >>>>>>> 32768 bytes (33 kB, 32 KiB) copied, 0.000403432 s, 81.2 MB/s >>>>>>> dd: failed to open '/dev/full': Operation not permitted >>>>>>> dd: failed to open '/dev/random': Operation not permitted >>>>>>> #69 dev_cgroup:OK >>>>>>> Summary: 1/0 PASSED, 0 SKIPPED, 0 FAILED >>>>>> The CI failure: >>>>>> >>>>>> >>>>>> Error: #72 dev_cgroup >>>>>> serial_test_dev_cgroup:PASS:skel_open_and_load 0 nsec >>>>>> serial_test_dev_cgroup:PASS:cgroup_setup_and_join 0 nsec >>>>>> serial_test_dev_cgroup:PASS:bpf_attach 0 nsec >>>>>> serial_test_dev_cgroup:PASS:bpf_query 0 nsec >>>>>> serial_test_dev_cgroup:PASS:bpf_query 0 nsec >>>>>> serial_test_dev_cgroup:PASS:rm 0 nsec >>>>>> serial_test_dev_cgroup:PASS:mknod 0 nsec >>>>>> serial_test_dev_cgroup:PASS:rm 0 nsec >>>>>> serial_test_dev_cgroup:PASS:rm 0 nsec >>>>>> serial_test_dev_cgroup:FAIL:mknod unexpected mknod: actual 256 != >>>>>> expected 0 >>>>>> serial_test_dev_cgroup:PASS:rm 0 nsec >>>>>> serial_test_dev_cgroup:PASS:dd 0 nsec >>>>>> serial_test_dev_cgroup:PASS:dd 0 nsec >>>>>> serial_test_dev_cgroup:PASS:dd 0 nsec >>>>>> >>>>>> (cgroup_helpers.c:353: errno: Device or resource busy) umount cgroup2 >>>>>> >>>>>> The error code 256 means mknod execution has some issues. Maybe you >>>>>> need to >>>>>> find specific errno to find out what is going on. I think you can do ci >>>>>> on-demanding test to debug. >>>>> errno is 2 --> No such file or directory >>>>> >>>>> Locally I'm unable to reproduce it until I don't remove >>>>> rm -f /tmp/test_dev_cgroup_zero such that the /tmp/test_dev_cgroup_zero >>>>> node is present before test execution. The error code is 256 with errno 2. >>>>> I'm debugging by placing system("ls /tmp 1>&2"); to find out which files >>>>> are already present in /tmp. But ls's output doesn't appear on the CI >>>>> logs. >>>> errno 2 means ENOENT. >>>> From mknod man page (https://linux.die.net/man/2/mknod), it means >>>> A directory component in/pathname/ does not exist or is a dangling >>>> symbolic link. >>>> >>>> It means /tmp does not exist or a dangling symbolic link. >>>> It is indeed very strange. To make the test robust, maybe creating a temp >>>> directory with mkdtemp and use it as the path? The temp directory >>>> creation should be done before bpf prog attach. >>> I've tried following but still no luck: >>> * /tmp is already present. Then I thought maybe the desired file is already >>> present. I've verified that there isn't file of same name is present inside >>> /tmp. >>> * I thought maybe mknod isn't present in the system. But mknod --help >>> succeeds. >>> * I switched from /tmp to current directory to create the mknod. But the >>> result is same error. >>> * I've tried to use the same kernel config as the BPF CI is using. I'm not >>> able to reproduce it. >>> >>> Not sure which edge case or what's going on. The problem is appearing >>> because of some limitation in the rootfs. >> Maybe you could collect /tmp mount options to see whether anything is >> suspicious? In my vm, I have >> tmpfs on /tmp type tmpfs (rw,nosuid,nodev,size=3501540k,nr_inodes=1048576) >> and the test works fine. >> >> > My test system: > tmpfs /tmp tmpfs rw,relatime 0 0 > > On the CI, /tmp is present. But it isn't tmpfs. Following shows the logs > from /proc/mounts > > On CI: > /dev/root / 9p > rw,relatime,cache=f,access=client,msize=512000,trans=virtio 0 0 > devtmpfs /dev devtmpfs > rw,relatime,size=1998612k,nr_inodes=499653,mode=755 0 0 > tmpfs /dev/shm tmpfs rw,nosuid,nodev,relatime 0 0 > proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0 > tmpfs /run tmpfs rw,nosuid,nodev,relatime 0 0 > tmpfs /run/netns tmpfs rw,nosuid,nodev,relatime 0 0 > sys /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0 > debugfs /sys/kernel/debug debugfs rw,relatime 0 0 > tracefs /sys/kernel/debug/tracing tracefs rw,relatime 0 0 > cgroup2 /sys/fs/cgroup cgroup2 rw,nosuid,nodev,noexec,relatime 0 0 > tmpfs /sys/fs/cgroup tmpfs rw,relatime 0 0 somthing wrong here. /sys/fs/cgroup cannot be both cgroup2 and tmpfs types. > net_cls /sys/fs/cgroup/net_cls cgroup rw,relatime,net_cls 0 0 > tmpfs /sys/fs/cgroup tmpfs rw,relatime 0 0 > net_cls /sys/fs/cgroup/net_cls cgroup rw,relatime,net_cls 0 0 > tmpfs /sys/fs/cgroup tmpfs rw,relatime 0 0 > net_cls /sys/fs/cgroup/net_cls cgroup rw,relatime,net_cls 0 0 > bpffs /sys/fs/bpf bpf rw,relatime 0 0 > bpf /sys/fs/bpf bpf rw,relatime 0 0 > tmpfs /mnt tmpfs rw,nosuid,nodev,relatime 0 0 > vmtest-shared /mnt/vmtest 9p > rw,relatime,cache=f,access=client,msize=512000,trans=virtio 0 0 > none /mnt cgroup2 rw,relatime 0 0 >
diff --git a/tools/testing/selftests/bpf/prog_tests/dev_cgroup.c b/tools/testing/selftests/bpf/prog_tests/dev_cgroup.c new file mode 100644 index 0000000000000..da0bc209d6a21 --- /dev/null +++ b/tools/testing/selftests/bpf/prog_tests/dev_cgroup.c @@ -0,0 +1,58 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* Copyright (c) 2017 Facebook + */ + +#include <test_progs.h> +#include <time.h> +#include "cgroup_helpers.h" +#include "dev_cgroup.skel.h" + +#define TEST_CGROUP "/test-bpf-based-device-cgroup/" + +void serial_test_dev_cgroup(void) +{ + struct dev_cgroup *skel; + int cgroup_fd, err; + __u32 prog_cnt; + + skel = dev_cgroup__open_and_load(); + if (!ASSERT_OK_PTR(skel, "skel_open_and_load")) + goto cleanup; + + cgroup_fd = cgroup_setup_and_join(TEST_CGROUP); + if (!ASSERT_GT(cgroup_fd, 0, "cgroup_setup_and_join")) + goto cleanup; + + err = bpf_prog_attach(bpf_program__fd(skel->progs.bpf_prog1), cgroup_fd, + BPF_CGROUP_DEVICE, 0); + if (!ASSERT_EQ(err, 0, "bpf_attach")) + goto cleanup; + + err = bpf_prog_query(cgroup_fd, BPF_CGROUP_DEVICE, 0, NULL, NULL, &prog_cnt); + if (!ASSERT_EQ(err, 0, "bpf_query") || (!ASSERT_EQ(prog_cnt, 1, "bpf_query"))) + goto cleanup; + + /* All operations with /dev/zero and /dev/urandom are allowed, + * everything else is forbidden. + */ + ASSERT_EQ(system("rm -f /tmp/test_dev_cgroup_null"), 0, "rm"); + ASSERT_NEQ(system("mknod /tmp/test_dev_cgroup_null c 1 3"), 0, "mknod"); + ASSERT_EQ(system("rm -f /tmp/test_dev_cgroup_null"), 0, "rm"); + + /* /dev/zero is whitelisted */ + ASSERT_EQ(system("rm -f /tmp/test_dev_cgroup_zero"), 0, "rm"); + ASSERT_EQ(system("mknod /tmp/test_dev_cgroup_zero c 1 5"), 0, "mknod"); + ASSERT_EQ(system("rm -f /tmp/test_dev_cgroup_zero"), 0, "rm"); + + ASSERT_EQ(system("dd if=/dev/urandom of=/dev/zero count=64"), 0, "dd"); + + /* src is allowed, target is forbidden */ + ASSERT_NEQ(system("dd if=/dev/urandom of=/dev/full count=64"), 0, "dd"); + + /* src is forbidden, target is allowed */ + ASSERT_NEQ(system("dd if=/dev/random of=/dev/zero count=64"), 0, "dd"); + +cleanup: + cleanup_cgroup_environment(); + dev_cgroup__destroy(skel); +} diff --git a/tools/testing/selftests/bpf/test_dev_cgroup.c b/tools/testing/selftests/bpf/test_dev_cgroup.c deleted file mode 100644 index adeaf63cb6fa3..0000000000000 --- a/tools/testing/selftests/bpf/test_dev_cgroup.c +++ /dev/null @@ -1,85 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0-only -/* Copyright (c) 2017 Facebook - */ - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <errno.h> -#include <assert.h> -#include <sys/time.h> - -#include <linux/bpf.h> -#include <bpf/bpf.h> -#include <bpf/libbpf.h> - -#include "cgroup_helpers.h" -#include "testing_helpers.h" - -#define DEV_CGROUP_PROG "./dev_cgroup.bpf.o" - -#define TEST_CGROUP "/test-bpf-based-device-cgroup/" - -int main(int argc, char **argv) -{ - struct bpf_object *obj; - int error = EXIT_FAILURE; - int prog_fd, cgroup_fd; - __u32 prog_cnt; - - /* Use libbpf 1.0 API mode */ - libbpf_set_strict_mode(LIBBPF_STRICT_ALL); - - if (bpf_prog_test_load(DEV_CGROUP_PROG, BPF_PROG_TYPE_CGROUP_DEVICE, - &obj, &prog_fd)) { - printf("Failed to load DEV_CGROUP program\n"); - goto out; - } - - cgroup_fd = cgroup_setup_and_join(TEST_CGROUP); - if (cgroup_fd < 0) { - printf("Failed to create test cgroup\n"); - goto out; - } - - /* Attach bpf program */ - if (bpf_prog_attach(prog_fd, cgroup_fd, BPF_CGROUP_DEVICE, 0)) { - printf("Failed to attach DEV_CGROUP program"); - goto err; - } - - if (bpf_prog_query(cgroup_fd, BPF_CGROUP_DEVICE, 0, NULL, NULL, - &prog_cnt)) { - printf("Failed to query attached programs"); - goto err; - } - - /* All operations with /dev/zero and and /dev/urandom are allowed, - * everything else is forbidden. - */ - assert(system("rm -f /tmp/test_dev_cgroup_null") == 0); - assert(system("mknod /tmp/test_dev_cgroup_null c 1 3")); - assert(system("rm -f /tmp/test_dev_cgroup_null") == 0); - - /* /dev/zero is whitelisted */ - assert(system("rm -f /tmp/test_dev_cgroup_zero") == 0); - assert(system("mknod /tmp/test_dev_cgroup_zero c 1 5") == 0); - assert(system("rm -f /tmp/test_dev_cgroup_zero") == 0); - - assert(system("dd if=/dev/urandom of=/dev/zero count=64") == 0); - - /* src is allowed, target is forbidden */ - assert(system("dd if=/dev/urandom of=/dev/full count=64")); - - /* src is forbidden, target is allowed */ - assert(system("dd if=/dev/random of=/dev/zero count=64")); - - error = 0; - printf("test_dev_cgroup:PASS\n"); - -err: - cleanup_cgroup_environment(); - -out: - return error; -}
Move test_dev_cgroup.c to prog_tests/dev_cgroup.c to be able to run it with test_progs. Replace dev_cgroup.bpf.o with skel header file, dev_cgroup.skel.h and load program from it accourdingly. ./test_progs -t dev_cgroup mknod: /tmp/test_dev_cgroup_null: Operation not permitted 64+0 records in 64+0 records out 32768 bytes (33 kB, 32 KiB) copied, 0.000856684 s, 38.2 MB/s dd: failed to open '/dev/full': Operation not permitted dd: failed to open '/dev/random': Operation not permitted #72 test_dev_cgroup:OK Summary: 1/0 PASSED, 0 SKIPPED, 0 FAILED Signed-off-by: Muhammad Usama Anjum <usama.anjum@collabora.com> --- Changes since v2: - Replace test_dev_cgroup with serial_test_dev_cgroup as there is probability that the test is racing against another cgroup test - Minor changes to the commit message above I've tested the patch with vmtest.sh on bpf-next/for-next and linux next. It is passing on both. Not sure why it was failed on BPFCI. Test run with vmtest.h: sudo LDLIBS=-static PKG_CONFIG='pkg-config --static' ./vmtest.sh ./test_progs -t dev_cgroup ./test_progs -t dev_cgroup mknod: /tmp/test_dev_cgroup_null: Operation not permitted 64+0 records in 64+0 records out 32768 bytes (33 kB, 32 KiB) copied, 0.000403432 s, 81.2 MB/s dd: failed to open '/dev/full': Operation not permitted dd: failed to open '/dev/random': Operation not permitted #69 dev_cgroup:OK Summary: 1/0 PASSED, 0 SKIPPED, 0 FAILED Changes since v1: - Rename file from test_dev_cgroup.c to dev_cgroup.c - Use ASSERT_* in-place of CHECK --- .../selftests/bpf/prog_tests/dev_cgroup.c | 58 +++++++++++++ tools/testing/selftests/bpf/test_dev_cgroup.c | 85 ------------------- 2 files changed, 58 insertions(+), 85 deletions(-) create mode 100644 tools/testing/selftests/bpf/prog_tests/dev_cgroup.c delete mode 100644 tools/testing/selftests/bpf/test_dev_cgroup.c