Inter-revision diff: patch 7

Comparing v3 (message) to v2 (message) 

--- v3
+++ v2
@@ -1,50 +1,176 @@
 Signed-off-by: David Ahern <dsahern@gmail.com>
 ---
- samples/bpf/sock_flags_kern.c |  5 +++++
- samples/bpf/test_cgrp2_sock.c | 12 +++++++++++-
- 2 files changed, 16 insertions(+), 1 deletion(-)
+ samples/bpf/test_cgrp2_sock3.sh | 162 ++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 162 insertions(+)
+ create mode 100755 samples/bpf/test_cgrp2_sock3.sh
 
-diff --git a/samples/bpf/sock_flags_kern.c b/samples/bpf/sock_flags_kern.c
-index 533dd11a6baa..05dcdf8a4baa 100644
---- a/samples/bpf/sock_flags_kern.c
-+++ b/samples/bpf/sock_flags_kern.c
-@@ -9,8 +9,13 @@ SEC("cgroup/sock1")
- int bpf_prog1(struct bpf_sock *sk)
- {
- 	char fmt[] = "socket: family %d type %d protocol %d\n";
-+	char fmt2[] = "socket: uid %u gid %u\n";
-+	__u64 gid_uid = bpf_get_current_uid_gid();
-+	__u32 uid = gid_uid & 0xffffffff;
-+	__u32 gid = gid_uid >> 32;
- 
- 	bpf_trace_printk(fmt, sizeof(fmt), sk->family, sk->type, sk->protocol);
-+	bpf_trace_printk(fmt2, sizeof(fmt2), uid, gid);
- 
- 	/* block PF_INET6, SOCK_RAW, IPPROTO_ICMPV6 sockets
- 	 * ie., make ping6 fail
-diff --git a/samples/bpf/test_cgrp2_sock.c b/samples/bpf/test_cgrp2_sock.c
-index 5a688837720c..e79594dd629b 100644
---- a/samples/bpf/test_cgrp2_sock.c
-+++ b/samples/bpf/test_cgrp2_sock.c
-@@ -46,8 +46,18 @@ static int prog_load(__u32 idx, __u32 mark, __u32 prio)
- 
- 	/* set mark on socket */
- 	struct bpf_insn prog_mark[] = {
--		BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
-+		/* get uid of process */
-+		BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0,
-+			     BPF_FUNC_get_current_uid_gid),
-+		BPF_ALU64_IMM(BPF_AND, BPF_REG_0, 0xffffffff),
+diff --git a/samples/bpf/test_cgrp2_sock3.sh b/samples/bpf/test_cgrp2_sock3.sh
+new file mode 100755
+index 000000000000..9bfed035963f
+--- /dev/null
++++ b/samples/bpf/test_cgrp2_sock3.sh
+@@ -0,0 +1,162 @@
++#!/bin/sh
 +
-+		/* if uid is 0, use given mark, else use the uid as the mark */
-+		BPF_MOV64_REG(BPF_REG_3, BPF_REG_0),
-+		BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
- 		BPF_MOV64_IMM(BPF_REG_3, mark),
++# Verify socket options inherited by bpf programs attached
++# to a cgroup.
 +
-+		/* set the mark on the new socket */
-+		BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
- 		BPF_MOV64_IMM(BPF_REG_2, offsetof(struct bpf_sock, mark)),
- 		BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_3, offsetof(struct bpf_sock, mark)),
- 	};
++CGRP_MNT="/tmp/cgroupv2-test_cgrp2_sock"
++
++################################################################################
++#
++print_result()
++{
++	printf "%-50s    [%4s]\n" "$1" "$2"
++}
++
++check_sock()
++{
++	out=$(test_cgrp2_sock)
++	echo $out | grep -q "$1"
++	if [ $? -ne 0 ]; then
++		print_result "IPv4: $2" "FAIL"
++		echo "    expected: $1"
++		echo "        have: $out"
++		rc=1
++	else
++		print_result "IPv4: $2" " OK "
++	fi
++}
++
++check_sock6()
++{
++	out=$(test_cgrp2_sock -6)
++	echo $out | grep -q "$1"
++	if [ $? -ne 0 ]; then
++		print_result "IPv6: $2" "FAIL"
++		echo "    expected: $1"
++		echo "        have: $out"
++		rc=1
++	else
++		print_result "IPv6: $2" " OK "
++	fi
++}
++
++################################################################################
++#
++setup()
++{
++	cleanup 2>/dev/null
++
++	mkdir -p ${CGRP_MNT}/cgrp_sock_test/prio/mark/dev
++	[ $? -ne 0 ] && cleanup_and_exit 1 "Failed to create cgroup hierarchy"
++
++	test_cgrp2_sock -p 123 ${CGRP_MNT}/cgrp_sock_test/prio
++	[ $? -ne 0 ] && cleanup_and_exit 1 "Failed to install program to set priority"
++
++	test_cgrp2_sock -m 666 -r ${CGRP_MNT}/cgrp_sock_test/prio/mark
++	[ $? -ne 0 ] && cleanup_and_exit 1 "Failed to install program to set mark"
++
++	test_cgrp2_sock -b cgrp2_sock -r ${CGRP_MNT}/cgrp_sock_test/prio/mark/dev
++	[ $? -ne 0 ] && cleanup_and_exit 1 "Failed to install program to set device"
++}
++
++cleanup()
++{
++	echo $$ >> ${CGRP_MNT}/cgroup.procs
++	rmdir ${CGRP_MNT}/cgrp_sock_test/prio/mark/dev
++	rmdir ${CGRP_MNT}/cgrp_sock_test/prio/mark
++	rmdir ${CGRP_MNT}/cgrp_sock_test/prio
++	rmdir ${CGRP_MNT}/cgrp_sock_test
++}
++
++cleanup_and_exit()
++{
++	local rc=$1
++	local msg="$2"
++
++	[ -n "$msg" ] && echo "ERROR: $msg"
++
++	ip li del cgrp2_sock
++	umount ${CGRP_MNT}
++
++	exit $rc
++}
++
++################################################################################
++#
++
++run_tests()
++{
++	# set pid into first cgroup. socket should show it
++	# has a priority but not a mark or device bind
++	echo $$ > ${CGRP_MNT}/cgrp_sock_test/prio/cgroup.procs
++	check_sock "dev , mark 0, priority 123" "Priority only"
++
++	# set pid into second group. socket should show it
++	# has a priority and mark but not a device bind
++	echo $$ > ${CGRP_MNT}/cgrp_sock_test/prio/mark/cgroup.procs
++	check_sock "dev , mark 666, priority 123" "Priority + mark"
++
++	# set pid into inner group. socket should show it
++	# has a priority, mark and a device bind
++	echo $$ > ${CGRP_MNT}/cgrp_sock_test/prio/mark/dev/cgroup.procs
++	check_sock "dev cgrp2_sock, mark 666, priority 123" "Priority + mark + dev"
++
++	echo
++
++	# set pid into first cgroup. socket should show it
++	# has a priority but not a mark or device bind
++	echo $$ > ${CGRP_MNT}/cgrp_sock_test/prio/cgroup.procs
++	check_sock6 "dev , mark 0, priority 123" "Priority only"
++
++	# set pid into second group. socket should show it
++	# has a priority and mark but not a device bind
++	echo $$ > ${CGRP_MNT}/cgrp_sock_test/prio/mark/cgroup.procs
++	check_sock6 "dev , mark 666, priority 123" "Priority + mark"
++
++	# set pid into inner group. socket should show it
++	# has a priority, mark and a device bind
++	echo $$ > ${CGRP_MNT}/cgrp_sock_test/prio/mark/dev/cgroup.procs
++	check_sock6 "dev cgrp2_sock, mark 666, priority 123" "Priority + mark + dev"
++}
++
++################################################################################
++# verify expected invalid setups are invalid
++
++invalid_setup()
++{
++	echo
++
++	mkdir -p ${CGRP_MNT}/cgrp_sock_test/prio/mark/dev
++	[ $? -ne 0 ] && cleanup_and_exit 1 "Failed to create cgroup hierarchy"
++
++	test_cgrp2_sock -p 123 -r ${CGRP_MNT}/cgrp_sock_test/prio
++	[ $? -ne 0 ] && cleanup_and_exit 1 "Failed to install program to set priority"
++
++	# recursive - followed by non-recursive is not allowed
++	test_cgrp2_sock -m 666 ${CGRP_MNT}/cgrp_sock_test/prio/mark >/dev/null 2>&1
++	if [ $? -eq 0 ]; then
++		print_result "recursive setting followed by non-recursive" "FAIL"
++	else
++		print_result "recursive setting followed by non-recursive" " OK "
++	fi
++}
++
++################################################################################
++# main
++
++rc=0
++
++ip li add cgrp2_sock type dummy 2>/dev/null
++
++set -e
++mkdir -p ${CGRP_MNT}
++mount -t cgroup2 none ${CGRP_MNT}
++set +e
++
++setup
++run_tests
++cleanup
++
++invalid_setup
++
++cleanup_and_exit $rc
 -- 
 2.1.4
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help