From: Stanislav Fomichev <sdf@google.com>
To: netdev@vger.kernel.org, bpf@vger.kernel.org
Cc: davem@davemloft.net, ast@kernel.org, daniel@iogearbox.net,
Stanislav Fomichev <sdf@google.com>
Subject: [PATCH bpf-next v2 4/4] selftests/bpf: test BPF_CGROUP_INET_SOCK_RELEASE
Date: Fri, 26 Jun 2020 09:52:31 -0700 [thread overview]
Message-ID: <20200626165231.672001-4-sdf@google.com> (raw)
In-Reply-To: <20200626165231.672001-1-sdf@google.com>
Simple test that enforces a single SOCK_DGRAM socker per cgroup.
Signed-off-by: Stanislav Fomichev <sdf@google.com>
---
.../selftests/bpf/prog_tests/udp_limit.c | 71 +++++++++++++++++++
tools/testing/selftests/bpf/progs/udp_limit.c | 42 +++++++++++
2 files changed, 113 insertions(+)
create mode 100644 tools/testing/selftests/bpf/prog_tests/udp_limit.c
create mode 100644 tools/testing/selftests/bpf/progs/udp_limit.c
diff --git a/tools/testing/selftests/bpf/prog_tests/udp_limit.c b/tools/testing/selftests/bpf/prog_tests/udp_limit.c
new file mode 100644
index 000000000000..fe359a927d92
--- /dev/null
+++ b/tools/testing/selftests/bpf/prog_tests/udp_limit.c
@@ -0,0 +1,71 @@
+// SPDX-License-Identifier: GPL-2.0
+#include <test_progs.h>
+#include "udp_limit.skel.h"
+
+#include <sys/types.h>
+#include <sys/socket.h>
+
+void test_udp_limit(void)
+{
+ struct udp_limit *skel;
+ int cgroup_fd;
+ int fd1, fd2;
+ int err;
+
+ cgroup_fd = test__join_cgroup("/udp_limit");
+ if (CHECK_FAIL(cgroup_fd < 0))
+ return;
+
+ skel = udp_limit__open_and_load();
+ if (CHECK_FAIL(!skel))
+ goto close_cgroup_fd;
+
+ err = bpf_prog_attach(bpf_program__fd(skel->progs.sock),
+ cgroup_fd, BPF_CGROUP_INET_SOCK_CREATE, 0);
+ if (CHECK_FAIL(err))
+ goto close_skeleton;
+
+ err = bpf_prog_attach(bpf_program__fd(skel->progs.sock_release),
+ cgroup_fd, BPF_CGROUP_INET_SOCK_RELEASE, 0);
+ if (CHECK_FAIL(err))
+ goto close_skeleton;
+
+ /* BPF program enforces a single UDP socket per cgroup,
+ * verify that.
+ */
+ fd1 = socket(AF_INET, SOCK_DGRAM, 0);
+ if (CHECK_FAIL(fd1 < 0))
+ goto close_skeleton;
+
+ fd2 = socket(AF_INET, SOCK_DGRAM, 0);
+ if (CHECK_FAIL(fd2 != -1))
+ goto close_fd1;
+
+ /* We can reopen again after close. */
+ close(fd1);
+
+ fd1 = socket(AF_INET, SOCK_DGRAM, 0);
+ if (CHECK_FAIL(fd1 < 0))
+ goto close_skeleton;
+
+ /* Make sure the program was invoked the expected
+ * number of times:
+ * - open fd1 - BPF_CGROUP_INET_SOCK_CREATE
+ * - attempt to openfd2 - BPF_CGROUP_INET_SOCK_CREATE
+ * - close fd1 - BPF_CGROUP_INET_SOCK_RELEASE
+ * - open fd1 again - BPF_CGROUP_INET_SOCK_CREATE
+ */
+ if (CHECK_FAIL(skel->bss->invocations != 4))
+ goto close_fd1;
+
+ /* We should still have a single socket in use */
+ if (CHECK_FAIL(skel->bss->in_use != 1))
+ goto close_fd1;
+
+close_fd1:
+ close(fd1);
+close_skeleton:
+ udp_limit__destroy(skel);
+close_cgroup_fd:
+ close(cgroup_fd);
+}
diff --git a/tools/testing/selftests/bpf/progs/udp_limit.c b/tools/testing/selftests/bpf/progs/udp_limit.c
new file mode 100644
index 000000000000..98fe294d9c21
--- /dev/null
+++ b/tools/testing/selftests/bpf/progs/udp_limit.c
@@ -0,0 +1,42 @@
+// SPDX-License-Identifier: GPL-2.0-only
+
+#include <sys/socket.h>
+#include <linux/bpf.h>
+#include <bpf/bpf_helpers.h>
+
+int invocations, in_use;
+
+SEC("cgroup/sock")
+int sock(struct bpf_sock *ctx)
+{
+ __u32 key;
+
+ if (ctx->type != SOCK_DGRAM)
+ return 1;
+
+ __sync_fetch_and_add(&invocations, 1);
+
+ if (&in_use > 0) {
+ /* BPF_CGROUP_INET_SOCK_RELEASE is _not_ called
+ * when we return an error from the BPF
+ * program!
+ */
+ return 0;
+ }
+
+ __sync_fetch_and_add(&in_use, 1);
+ return 1;
+}
+
+SEC("cgroup/sock_release")
+int sock_release(struct bpf_sock *ctx)
+{
+ __u32 key;
+
+ if (ctx->type != SOCK_DGRAM)
+ return 1;
+
+ __sync_fetch_and_add(&invocations, 1);
+ __sync_fetch_and_add(&in_use, -1);
+ return 1;
+}
--
2.27.0.212.ge8ba1cc988-goog
prev parent reply other threads:[~2020-06-26 16:52 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-26 16:52 [PATCH bpf-next v2 1/4] bpf: add BPF_CGROUP_INET_SOCK_RELEASE hook Stanislav Fomichev
2020-06-26 16:52 ` [PATCH bpf-next v2 2/4] libbpf: add support for BPF_CGROUP_INET_SOCK_RELEASE Stanislav Fomichev
2020-06-26 22:08 ` Andrii Nakryiko
2020-06-26 23:52 ` Stanislav Fomichev
2020-06-27 0:59 ` Andrii Nakryiko
2020-06-28 17:35 ` Alexei Starovoitov
2020-06-26 16:52 ` [PATCH bpf-next v2 3/4] bpftool: support BPF_CGROUP_INET_SOCK_RELEASE Stanislav Fomichev
2020-06-26 23:07 ` Daniel Borkmann
2020-06-26 23:52 ` Stanislav Fomichev
2020-06-26 16:52 ` Stanislav Fomichev [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200626165231.672001-4-sdf@google.com \
--to=sdf@google.com \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.