[PATCH v3 bpf-next 14/14] samples/bpf: extend test_cgrp2_attach2 test to use cgroup storage

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Roman Gushchin <guro@fb.com>
To: <netdev@vger.kernel.org>
Cc: <linux-kernel@vger.kernel.org>, <kernel-team@fb.com>,
	Roman Gushchin <guro@fb.com>, Alexei Starovoitov <ast@kernel.org>,
	Daniel Borkmann <daniel@iogearbox.net>
Subject: [PATCH v3 bpf-next 14/14] samples/bpf: extend test_cgrp2_attach2 test to use cgroup storage
Date: Fri, 20 Jul 2018 10:45:58 -0700	[thread overview]
Message-ID: <20180720174558.5829-15-guro@fb.com> (raw)
In-Reply-To: <20180720174558.5829-1-guro@fb.com>

The test_cgrp2_attach test covers bpf cgroup attachment code well,
so let's re-use it for testing allocation/releasing of cgroup storage.

The extension is pretty straightforward: the bpf program will use
the cgroup storage to save the number of transmitted bytes.

Expected output:
  $ ./test_cgrp2_attach2
  Attached DROP prog. This ping in cgroup /foo should fail...
  ping: sendmsg: Operation not permitted
  Attached DROP prog. This ping in cgroup /foo/bar should fail...
  ping: sendmsg: Operation not permitted
  Attached PASS prog. This ping in cgroup /foo/bar should pass...
  Detached PASS from /foo/bar while DROP is attached to /foo.
  This ping in cgroup /foo/bar should fail...
  ping: sendmsg: Operation not permitted
  Attached PASS from /foo/bar and detached DROP from /foo.
  This ping in cgroup /foo/bar should pass...
  ### override:PASS
  ### multi:PASS

Signed-off-by: Roman Gushchin <guro@fb.com>
Cc: Alexei Starovoitov <ast@kernel.org>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Martin KaFai Lau <kafai@fb.com>
---
 samples/bpf/test_cgrp2_attach2.c | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/samples/bpf/test_cgrp2_attach2.c b/samples/bpf/test_cgrp2_attach2.c
index b453e6a161be..180f9d813bca 100644
--- a/samples/bpf/test_cgrp2_attach2.c
+++ b/samples/bpf/test_cgrp2_attach2.c
@@ -8,7 +8,8 @@
  *   information. The number of invocations of the program, which maps
  *   to the number of packets received, is stored to key 0. Key 1 is
  *   incremented on each iteration by the number of bytes stored in
- *   the skb.
+ *   the skb. The program also stores the number of received bytes
+ *   in the cgroup storage.
  *
  * - Attaches the new program to a cgroup using BPF_PROG_ATTACH
  *
@@ -21,12 +22,15 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <assert.h>
+#include <sys/resource.h>
+#include <sys/time.h>
 #include <unistd.h>
 
 #include <linux/bpf.h>
 #include <bpf/bpf.h>
 
 #include "bpf_insn.h"
+#include "bpf_rlimit.h"
 #include "cgroup_helpers.h"
 
 #define FOO		"/foo"
@@ -205,6 +209,8 @@ static int map_fd = -1;
 
 static int prog_load_cnt(int verdict, int val)
 {
+	int cgroup_storage_fd;
+
 	if (map_fd < 0)
 		map_fd = bpf_create_map(BPF_MAP_TYPE_ARRAY, 4, 8, 1, 0);
 	if (map_fd < 0) {
@@ -212,6 +218,13 @@ static int prog_load_cnt(int verdict, int val)
 		return -1;
 	}
 
+	cgroup_storage_fd = bpf_create_map(BPF_MAP_TYPE_CGROUP_STORAGE,
+				sizeof(struct bpf_cgroup_storage_key), 8, 0, 0);
+	if (cgroup_storage_fd < 0) {
+		printf("failed to create map '%s'\n", strerror(errno));
+		return -1;
+	}
+
 	struct bpf_insn prog[] = {
 		BPF_MOV32_IMM(BPF_REG_0, 0),
 		BPF_STX_MEM(BPF_W, BPF_REG_10, BPF_REG_0, -4), /* *(u32 *)(fp - 4) = r0 */
@@ -222,6 +235,11 @@ static int prog_load_cnt(int verdict, int val)
 		BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 2),
 		BPF_MOV64_IMM(BPF_REG_1, val), /* r1 = 1 */
 		BPF_RAW_INSN(BPF_STX | BPF_XADD | BPF_DW, BPF_REG_0, BPF_REG_1, 0, 0), /* xadd r0 += r1 */
+		BPF_LD_MAP_FD(BPF_REG_1, cgroup_storage_fd),
+		BPF_MOV64_IMM(BPF_REG_2, 0),
+		BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_get_local_storage),
+		BPF_MOV64_IMM(BPF_REG_1, val),
+		BPF_RAW_INSN(BPF_STX | BPF_XADD | BPF_W, BPF_REG_0, BPF_REG_1, 0, 0),
 		BPF_MOV64_IMM(BPF_REG_0, verdict), /* r0 = verdict */
 		BPF_EXIT_INSN(),
 	};
@@ -237,6 +255,7 @@ static int prog_load_cnt(int verdict, int val)
 		printf("Output from verifier:\n%s\n-------\n", bpf_log_buf);
 		return 0;
 	}
+	close(cgroup_storage_fd);
 	return ret;
 }
 
-- 
2.14.4

     prev parent reply	other threads:[~2018-07-20 17:48 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-07-20 17:45 [PATCH v3 bpf-next 00/14] bpf: cgroup local storage Roman Gushchin
2018-07-20 17:45 ` Roman Gushchin
2018-07-20 17:45 ` [PATCH v3 bpf-next 01/14] bpf: add ability to charge bpf maps memory dynamically Roman Gushchin
2018-07-27 18:01   ` Daniel Borkmann
2018-07-20 17:45 ` [PATCH v3 bpf-next 02/14] bpf: introduce cgroup storage maps Roman Gushchin
2018-07-20 17:45   ` Roman Gushchin
2018-07-27  4:11   ` Daniel Borkmann
2018-07-27 17:12     ` Roman Gushchin
2018-07-20 17:45 ` [PATCH v3 bpf-next 03/14] bpf: pass a pointer to a cgroup storage using pcpu variable Roman Gushchin
2018-07-20 17:45 ` [PATCH v3 bpf-next 04/14] bpf: allocate cgroup storage entries on attaching bpf programs Roman Gushchin
2018-07-27  4:21   ` Daniel Borkmann
2018-07-20 17:45 ` [PATCH v3 bpf-next 05/14] bpf: extend bpf_prog_array to store pointers to the cgroup storage Roman Gushchin
2018-07-20 17:45 ` [PATCH v3 bpf-next 06/14] bpf/verifier: introduce BPF_PTR_TO_MAP_VALUE Roman Gushchin
2018-07-20 17:45 ` [PATCH v3 bpf-next 07/14] bpf: don't allow create maps of cgroup local storages Roman Gushchin
2018-07-20 17:45 ` [PATCH v3 bpf-next 08/14] bpf: introduce the bpf_get_local_storage() helper function Roman Gushchin
2018-07-20 17:45 ` [PATCH v3 bpf-next 09/14] bpf: sync bpf.h to tools/ Roman Gushchin
2018-07-20 17:45 ` [PATCH v3 bpf-next 10/14] bpftool: add support for CGROUP_STORAGE maps Roman Gushchin
2018-07-20 17:45 ` [PATCH v3 bpf-next 11/14] bpf/test_run: support cgroup local storage Roman Gushchin
2018-07-20 17:45 ` [PATCH v3 bpf-next 12/14] selftests/bpf: add verifier cgroup storage tests Roman Gushchin
2018-07-20 17:45 ` [PATCH v3 bpf-next 13/14] selftests/bpf: add a cgroup storage test Roman Gushchin
2018-07-20 17:45 ` Roman Gushchin [this message]

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:b453e6a161b dfblob:180f9d813bc )
 OR (
bs:"[PATCH v3 bpf-next 14/14] samples/bpf: extend test_cgrp2_attach2 test to use cgroup storage" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180720174558.5829-15-guro@fb.com \
    --to=guro@fb.com \
    --cc=ast@kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=kernel-team@fb.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.