1257c8855SAndrey Ignatov // SPDX-License-Identifier: GPL-2.0
2257c8855SAndrey Ignatov
3257c8855SAndrey Ignatov #include <test_progs.h>
4257c8855SAndrey Ignatov
5257c8855SAndrey Ignatov #include "cgroup_helpers.h"
6257c8855SAndrey Ignatov
7257c8855SAndrey Ignatov #define FOO "/foo"
8257c8855SAndrey Ignatov #define BAR "/foo/bar/"
9257c8855SAndrey Ignatov #define PING_CMD "ping -q -c1 -w1 127.0.0.1 > /dev/null"
10257c8855SAndrey Ignatov
11775a2be5SToke Høiland-Jørgensen static char bpf_log_buf[BPF_LOG_BUF_SIZE];
12257c8855SAndrey Ignatov
prog_load(int verdict)13257c8855SAndrey Ignatov static int prog_load(int verdict)
14257c8855SAndrey Ignatov {
15257c8855SAndrey Ignatov struct bpf_insn prog[] = {
16257c8855SAndrey Ignatov BPF_MOV64_IMM(BPF_REG_0, verdict), /* r0 = verdict */
17257c8855SAndrey Ignatov BPF_EXIT_INSN(),
18257c8855SAndrey Ignatov };
19*f98d6dd1SGuo Zhengkui size_t insns_cnt = ARRAY_SIZE(prog);
20257c8855SAndrey Ignatov
21f19ddfe0SAndrii Nakryiko return bpf_test_load_program(BPF_PROG_TYPE_CGROUP_SKB,
22257c8855SAndrey Ignatov prog, insns_cnt, "GPL", 0,
23257c8855SAndrey Ignatov bpf_log_buf, BPF_LOG_BUF_SIZE);
24257c8855SAndrey Ignatov }
25257c8855SAndrey Ignatov
serial_test_cgroup_attach_override(void)26d3f7b166SYucong Sun void serial_test_cgroup_attach_override(void)
27257c8855SAndrey Ignatov {
28257c8855SAndrey Ignatov int drop_prog = -1, allow_prog = -1, foo = -1, bar = -1;
29257c8855SAndrey Ignatov __u32 duration = 0;
30257c8855SAndrey Ignatov
31257c8855SAndrey Ignatov allow_prog = prog_load(1);
32257c8855SAndrey Ignatov if (CHECK(allow_prog < 0, "prog_load_allow",
33257c8855SAndrey Ignatov "verifier output:\n%s\n-------\n", bpf_log_buf))
34257c8855SAndrey Ignatov goto err;
35257c8855SAndrey Ignatov
36257c8855SAndrey Ignatov drop_prog = prog_load(0);
37257c8855SAndrey Ignatov if (CHECK(drop_prog < 0, "prog_load_drop",
38257c8855SAndrey Ignatov "verifier output:\n%s\n-------\n", bpf_log_buf))
39257c8855SAndrey Ignatov goto err;
40257c8855SAndrey Ignatov
41257c8855SAndrey Ignatov foo = test__join_cgroup(FOO);
42257c8855SAndrey Ignatov if (CHECK(foo < 0, "cgroup_join_foo", "cgroup setup failed\n"))
43257c8855SAndrey Ignatov goto err;
44257c8855SAndrey Ignatov
45257c8855SAndrey Ignatov if (CHECK(bpf_prog_attach(drop_prog, foo, BPF_CGROUP_INET_EGRESS,
46257c8855SAndrey Ignatov BPF_F_ALLOW_OVERRIDE),
47257c8855SAndrey Ignatov "prog_attach_drop_foo_override",
48257c8855SAndrey Ignatov "attach prog to %s failed, errno=%d\n", FOO, errno))
49257c8855SAndrey Ignatov goto err;
50257c8855SAndrey Ignatov
51257c8855SAndrey Ignatov if (CHECK(!system(PING_CMD), "ping_fail",
52257c8855SAndrey Ignatov "ping unexpectedly succeeded\n"))
53257c8855SAndrey Ignatov goto err;
54257c8855SAndrey Ignatov
55257c8855SAndrey Ignatov bar = test__join_cgroup(BAR);
56257c8855SAndrey Ignatov if (CHECK(bar < 0, "cgroup_join_bar", "cgroup setup failed\n"))
57257c8855SAndrey Ignatov goto err;
58257c8855SAndrey Ignatov
59257c8855SAndrey Ignatov if (CHECK(!system(PING_CMD), "ping_fail",
60257c8855SAndrey Ignatov "ping unexpectedly succeeded\n"))
61257c8855SAndrey Ignatov goto err;
62257c8855SAndrey Ignatov
63257c8855SAndrey Ignatov if (CHECK(bpf_prog_attach(allow_prog, bar, BPF_CGROUP_INET_EGRESS,
64257c8855SAndrey Ignatov BPF_F_ALLOW_OVERRIDE),
65257c8855SAndrey Ignatov "prog_attach_allow_bar_override",
66257c8855SAndrey Ignatov "attach prog to %s failed, errno=%d\n", BAR, errno))
67257c8855SAndrey Ignatov goto err;
68257c8855SAndrey Ignatov
69257c8855SAndrey Ignatov if (CHECK(system(PING_CMD), "ping_ok", "ping failed\n"))
70257c8855SAndrey Ignatov goto err;
71257c8855SAndrey Ignatov
72257c8855SAndrey Ignatov if (CHECK(bpf_prog_detach(bar, BPF_CGROUP_INET_EGRESS),
73257c8855SAndrey Ignatov "prog_detach_bar",
74257c8855SAndrey Ignatov "detach prog from %s failed, errno=%d\n", BAR, errno))
75257c8855SAndrey Ignatov goto err;
76257c8855SAndrey Ignatov
77257c8855SAndrey Ignatov if (CHECK(!system(PING_CMD), "ping_fail",
78257c8855SAndrey Ignatov "ping unexpectedly succeeded\n"))
79257c8855SAndrey Ignatov goto err;
80257c8855SAndrey Ignatov
81257c8855SAndrey Ignatov if (CHECK(bpf_prog_attach(allow_prog, bar, BPF_CGROUP_INET_EGRESS,
82257c8855SAndrey Ignatov BPF_F_ALLOW_OVERRIDE),
83257c8855SAndrey Ignatov "prog_attach_allow_bar_override",
84257c8855SAndrey Ignatov "attach prog to %s failed, errno=%d\n", BAR, errno))
85257c8855SAndrey Ignatov goto err;
86257c8855SAndrey Ignatov
87257c8855SAndrey Ignatov if (CHECK(bpf_prog_detach(foo, BPF_CGROUP_INET_EGRESS),
88257c8855SAndrey Ignatov "prog_detach_foo",
89257c8855SAndrey Ignatov "detach prog from %s failed, errno=%d\n", FOO, errno))
90257c8855SAndrey Ignatov goto err;
91257c8855SAndrey Ignatov
92257c8855SAndrey Ignatov if (CHECK(system(PING_CMD), "ping_ok", "ping failed\n"))
93257c8855SAndrey Ignatov goto err;
94257c8855SAndrey Ignatov
95257c8855SAndrey Ignatov if (CHECK(bpf_prog_attach(allow_prog, bar, BPF_CGROUP_INET_EGRESS,
96257c8855SAndrey Ignatov BPF_F_ALLOW_OVERRIDE),
97257c8855SAndrey Ignatov "prog_attach_allow_bar_override",
98257c8855SAndrey Ignatov "attach prog to %s failed, errno=%d\n", BAR, errno))
99257c8855SAndrey Ignatov goto err;
100257c8855SAndrey Ignatov
101257c8855SAndrey Ignatov if (CHECK(!bpf_prog_attach(allow_prog, bar, BPF_CGROUP_INET_EGRESS, 0),
102257c8855SAndrey Ignatov "fail_prog_attach_allow_bar_none",
103257c8855SAndrey Ignatov "attach prog to %s unexpectedly succeeded\n", BAR))
104257c8855SAndrey Ignatov goto err;
105257c8855SAndrey Ignatov
106257c8855SAndrey Ignatov if (CHECK(bpf_prog_detach(bar, BPF_CGROUP_INET_EGRESS),
107257c8855SAndrey Ignatov "prog_detach_bar",
108257c8855SAndrey Ignatov "detach prog from %s failed, errno=%d\n", BAR, errno))
109257c8855SAndrey Ignatov goto err;
110257c8855SAndrey Ignatov
111257c8855SAndrey Ignatov if (CHECK(!bpf_prog_detach(foo, BPF_CGROUP_INET_EGRESS),
112257c8855SAndrey Ignatov "fail_prog_detach_foo",
113257c8855SAndrey Ignatov "double detach from %s unexpectedly succeeded\n", FOO))
114257c8855SAndrey Ignatov goto err;
115257c8855SAndrey Ignatov
116257c8855SAndrey Ignatov if (CHECK(bpf_prog_attach(allow_prog, foo, BPF_CGROUP_INET_EGRESS, 0),
117257c8855SAndrey Ignatov "prog_attach_allow_foo_none",
118257c8855SAndrey Ignatov "attach prog to %s failed, errno=%d\n", FOO, errno))
119257c8855SAndrey Ignatov goto err;
120257c8855SAndrey Ignatov
121257c8855SAndrey Ignatov if (CHECK(!bpf_prog_attach(allow_prog, bar, BPF_CGROUP_INET_EGRESS, 0),
122257c8855SAndrey Ignatov "fail_prog_attach_allow_bar_none",
123257c8855SAndrey Ignatov "attach prog to %s unexpectedly succeeded\n", BAR))
124257c8855SAndrey Ignatov goto err;
125257c8855SAndrey Ignatov
126257c8855SAndrey Ignatov if (CHECK(!bpf_prog_attach(allow_prog, bar, BPF_CGROUP_INET_EGRESS,
127257c8855SAndrey Ignatov BPF_F_ALLOW_OVERRIDE),
128257c8855SAndrey Ignatov "fail_prog_attach_allow_bar_override",
129257c8855SAndrey Ignatov "attach prog to %s unexpectedly succeeded\n", BAR))
130257c8855SAndrey Ignatov goto err;
131257c8855SAndrey Ignatov
132257c8855SAndrey Ignatov if (CHECK(!bpf_prog_attach(allow_prog, foo, BPF_CGROUP_INET_EGRESS,
133257c8855SAndrey Ignatov BPF_F_ALLOW_OVERRIDE),
134257c8855SAndrey Ignatov "fail_prog_attach_allow_foo_override",
135257c8855SAndrey Ignatov "attach prog to %s unexpectedly succeeded\n", FOO))
136257c8855SAndrey Ignatov goto err;
137257c8855SAndrey Ignatov
138257c8855SAndrey Ignatov if (CHECK(bpf_prog_attach(drop_prog, foo, BPF_CGROUP_INET_EGRESS, 0),
139257c8855SAndrey Ignatov "prog_attach_drop_foo_none",
140257c8855SAndrey Ignatov "attach prog to %s failed, errno=%d\n", FOO, errno))
141257c8855SAndrey Ignatov goto err;
142257c8855SAndrey Ignatov
143257c8855SAndrey Ignatov err:
144257c8855SAndrey Ignatov close(foo);
145257c8855SAndrey Ignatov close(bar);
146257c8855SAndrey Ignatov close(allow_prog);
147257c8855SAndrey Ignatov close(drop_prog);
148257c8855SAndrey Ignatov }
149