125763b3cSThomas Gleixner // SPDX-License-Identifier: GPL-2.0-only 237f1ba09SRoman Gushchin /* Copyright (c) 2017 Facebook 337f1ba09SRoman Gushchin */ 437f1ba09SRoman Gushchin 537f1ba09SRoman Gushchin #include <stdio.h> 637f1ba09SRoman Gushchin #include <stdlib.h> 737f1ba09SRoman Gushchin #include <string.h> 837f1ba09SRoman Gushchin #include <errno.h> 937f1ba09SRoman Gushchin #include <assert.h> 10c475ffadSYonghong Song #include <sys/time.h> 1137f1ba09SRoman Gushchin 1237f1ba09SRoman Gushchin #include <linux/bpf.h> 1337f1ba09SRoman Gushchin #include <bpf/bpf.h> 1437f1ba09SRoman Gushchin #include <bpf/libbpf.h> 1537f1ba09SRoman Gushchin 1637f1ba09SRoman Gushchin #include "cgroup_helpers.h" 17cbdb1461SAndrii Nakryiko #include "testing_helpers.h" 1837f1ba09SRoman Gushchin 1937f1ba09SRoman Gushchin #define DEV_CGROUP_PROG "./dev_cgroup.o" 2037f1ba09SRoman Gushchin 218e687525SAlexei Starovoitov #define TEST_CGROUP "/test-bpf-based-device-cgroup/" 2237f1ba09SRoman Gushchin 2337f1ba09SRoman Gushchin int main(int argc, char **argv) 2437f1ba09SRoman Gushchin { 2537f1ba09SRoman Gushchin struct bpf_object *obj; 2637f1ba09SRoman Gushchin int error = EXIT_FAILURE; 2737f1ba09SRoman Gushchin int prog_fd, cgroup_fd; 2837f1ba09SRoman Gushchin __u32 prog_cnt; 2937f1ba09SRoman Gushchin 30*b858ba8cSYafang Shao /* Use libbpf 1.0 API mode */ 31*b858ba8cSYafang Shao libbpf_set_strict_mode(LIBBPF_STRICT_ALL); 32*b858ba8cSYafang Shao 33cbdb1461SAndrii Nakryiko if (bpf_prog_test_load(DEV_CGROUP_PROG, BPF_PROG_TYPE_CGROUP_DEVICE, 3437f1ba09SRoman Gushchin &obj, &prog_fd)) { 3537f1ba09SRoman Gushchin printf("Failed to load DEV_CGROUP program\n"); 36c475ffadSYonghong Song goto out; 3737f1ba09SRoman Gushchin } 3837f1ba09SRoman Gushchin 394939b284SJohn Fastabend cgroup_fd = cgroup_setup_and_join(TEST_CGROUP); 40a8911d6dSStanislav Fomichev if (cgroup_fd < 0) { 4137f1ba09SRoman Gushchin printf("Failed to create test cgroup\n"); 424939b284SJohn Fastabend goto out; 4337f1ba09SRoman Gushchin } 4437f1ba09SRoman Gushchin 4537f1ba09SRoman Gushchin /* Attach bpf program */ 4637f1ba09SRoman Gushchin if (bpf_prog_attach(prog_fd, cgroup_fd, BPF_CGROUP_DEVICE, 0)) { 4737f1ba09SRoman Gushchin printf("Failed to attach DEV_CGROUP program"); 4837f1ba09SRoman Gushchin goto err; 4937f1ba09SRoman Gushchin } 5037f1ba09SRoman Gushchin 5137f1ba09SRoman Gushchin if (bpf_prog_query(cgroup_fd, BPF_CGROUP_DEVICE, 0, NULL, NULL, 5237f1ba09SRoman Gushchin &prog_cnt)) { 5337f1ba09SRoman Gushchin printf("Failed to query attached programs"); 5437f1ba09SRoman Gushchin goto err; 5537f1ba09SRoman Gushchin } 5637f1ba09SRoman Gushchin 5737f1ba09SRoman Gushchin /* All operations with /dev/zero and and /dev/urandom are allowed, 5837f1ba09SRoman Gushchin * everything else is forbidden. 5937f1ba09SRoman Gushchin */ 6037f1ba09SRoman Gushchin assert(system("rm -f /tmp/test_dev_cgroup_null") == 0); 6137f1ba09SRoman Gushchin assert(system("mknod /tmp/test_dev_cgroup_null c 1 3")); 6237f1ba09SRoman Gushchin assert(system("rm -f /tmp/test_dev_cgroup_null") == 0); 6337f1ba09SRoman Gushchin 6437f1ba09SRoman Gushchin /* /dev/zero is whitelisted */ 6537f1ba09SRoman Gushchin assert(system("rm -f /tmp/test_dev_cgroup_zero") == 0); 6637f1ba09SRoman Gushchin assert(system("mknod /tmp/test_dev_cgroup_zero c 1 5") == 0); 6737f1ba09SRoman Gushchin assert(system("rm -f /tmp/test_dev_cgroup_zero") == 0); 6837f1ba09SRoman Gushchin 6937f1ba09SRoman Gushchin assert(system("dd if=/dev/urandom of=/dev/zero count=64") == 0); 7037f1ba09SRoman Gushchin 7137f1ba09SRoman Gushchin /* src is allowed, target is forbidden */ 7237f1ba09SRoman Gushchin assert(system("dd if=/dev/urandom of=/dev/full count=64")); 7337f1ba09SRoman Gushchin 7437f1ba09SRoman Gushchin /* src is forbidden, target is allowed */ 7537f1ba09SRoman Gushchin assert(system("dd if=/dev/random of=/dev/zero count=64")); 7637f1ba09SRoman Gushchin 7737f1ba09SRoman Gushchin error = 0; 7837f1ba09SRoman Gushchin printf("test_dev_cgroup:PASS\n"); 7937f1ba09SRoman Gushchin 8037f1ba09SRoman Gushchin err: 8137f1ba09SRoman Gushchin cleanup_cgroup_environment(); 8237f1ba09SRoman Gushchin 83c475ffadSYonghong Song out: 8437f1ba09SRoman Gushchin return error; 8537f1ba09SRoman Gushchin } 86