From: Martin KaFai Lau <martin.lau@linux.dev>
To: "Alexis Lothoré (eBPF Foundation)" <alexis.lothore@bootlin.com>
Cc: Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Andrii Nakryiko <andrii@kernel.org>,
Eduard Zingerman <eddyz87@gmail.com>, Song Liu <song@kernel.org>,
Yonghong Song <yonghong.song@linux.dev>,
John Fastabend <john.fastabend@gmail.com>,
KP Singh <kpsingh@kernel.org>,
Stanislav Fomichev <sdf@fomichev.me>, Hao Luo <haoluo@google.com>,
Jiri Olsa <jolsa@kernel.org>, Mykola Lysenko <mykolal@fb.com>,
Shuah Khan <shuah@kernel.org>,
ebpf@linuxfoundation.org,
Thomas Petazzoni <thomas.petazzoni@bootlin.com>,
Alan Maguire <alan.maguire@oracle.com>,
bpf@vger.kernel.org, linux-kselftest@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH bpf-next v3 2/3] selftests/bpf: convert test_dev_cgroup to test_progs
Date: Tue, 30 Jul 2024 17:34:10 -0700 [thread overview]
Message-ID: <06f7a546-aec8-4804-8f80-1b7000229120@linux.dev> (raw)
In-Reply-To: <20240730-convert_dev_cgroup-v3-2-93e573b74357@bootlin.com>
On 7/30/24 4:59 AM, Alexis Lothoré (eBPF Foundation) wrote:
> +static void test_read(const char *path, char *buf, int buf_size,
> + int expected_ret)
> +{
> + int ret, fd;
> +
> + fd = open(path, O_RDONLY);
> +
> + /* A bare open on unauthorized device should fail */
> + if (expected_ret < 0) {
> + ASSERT_EQ(fd, expected_ret, "open file for read");
One nit. expected_ret is actually expected_errno. It just happens -EPERM is -1,
so testing fd against expected_errno works here but is confusing to read. How
about separating the fd and errno test in the access rejected case. First test
for fd == -1 and then test for errno == expected_errno.
Please also carry Stanislav's Ack in patch 1 and 3 in the next respin.
Thanks for helping to move this test to test_progs.
pw-bot: cr
> + if (fd >= 0)
> + close(fd);
> + return;
> + }
> +
> + if (!ASSERT_OK_FD(fd, "open file for read"))
> + return;
> +
> + ret = read(fd, buf, buf_size);
> + ASSERT_EQ(ret, expected_ret, "read");
> +
> + close(fd);
> +}
> +
> +static void test_write(const char *path, char *buf, int buf_size,
> + int expected_ret)
> +{
> + int ret, fd;
> +
> + fd = open(path, O_WRONLY);
> +
> + /* A bare open on unauthorized device should fail */
> + if (expected_ret < 0) {
> + ASSERT_EQ(fd, expected_ret, "open file for write");
> + if (fd >= 0)
> + close(fd);
> + return;
> + }
> +
> + if (!ASSERT_OK_FD(fd, "open file for write"))
> + return;
> +
> + ret = write(fd, buf, buf_size);
> + ASSERT_EQ(ret, expected_ret, "write");
> +
> + close(fd);
> +}
> +
> +void test_cgroup_dev(void)
> +{
> + char buf[TEST_BUFFER_SIZE] = "some random test data";
> + struct dev_cgroup *skel;
> + int cgroup_fd;
> +
> + cgroup_fd = cgroup_setup_and_join(TEST_CGROUP);
> + if (!ASSERT_OK_FD(cgroup_fd, "cgroup switch"))
> + return;
> +
> + skel = dev_cgroup__open_and_load();
> + if (!ASSERT_OK_PTR(skel, "load program"))
> + goto cleanup_cgroup;
> +
> + skel->links.bpf_prog1 =
> + bpf_program__attach_cgroup(skel->progs.bpf_prog1, cgroup_fd);
> + if (!ASSERT_OK_PTR(skel->links.bpf_prog1, "attach_program"))
> + goto cleanup_progs;
> +
> + if (test__start_subtest("allow-mknod"))
> + test_mknod("/dev/test_dev_cgroup_null", S_IFCHR, 1, 3, 0);
> +
> + if (test__start_subtest("allow-read"))
> + test_read("/dev/urandom", buf, TEST_BUFFER_SIZE,
> + TEST_BUFFER_SIZE);
> +
> + if (test__start_subtest("allow-write"))
> + test_write("/dev/null", buf, TEST_BUFFER_SIZE,
> + TEST_BUFFER_SIZE);
> +
> + if (test__start_subtest("deny-mknod"))
> + test_mknod("/dev/test_dev_cgroup_zero", S_IFCHR, 1, 5, -EPERM);
> +
> + if (test__start_subtest("deny-read"))
> + test_read("/dev/random", buf, TEST_BUFFER_SIZE, -EPERM);
> +
> + if (test__start_subtest("deny-write"))
> + test_write("/dev/zero", buf, TEST_BUFFER_SIZE, -EPERM);
> +
> +cleanup_progs:
> + dev_cgroup__destroy(skel);
> +cleanup_cgroup:
> + cleanup_cgroup_environment();
> +}
next prev parent reply other threads:[~2024-07-31 0:34 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-30 11:59 [PATCH bpf-next v3 0/3] selftests/bpf: convert test_dev_cgroup to test_progs Alexis Lothoré (eBPF Foundation)
2024-07-30 11:59 ` [PATCH bpf-next v3 1/3] selftests/bpf: do not disable /dev/null device access in cgroup dev test Alexis Lothoré (eBPF Foundation)
2024-07-30 17:32 ` Alan Maguire
2024-07-30 11:59 ` [PATCH bpf-next v3 2/3] selftests/bpf: convert test_dev_cgroup to test_progs Alexis Lothoré (eBPF Foundation)
2024-07-31 0:34 ` Martin KaFai Lau [this message]
2024-07-31 5:47 ` Alexis Lothoré
2024-07-30 11:59 ` [PATCH bpf-next v3 3/3] selftests/bpf: add wrong type test to cgroup dev Alexis Lothoré (eBPF Foundation)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=06f7a546-aec8-4804-8f80-1b7000229120@linux.dev \
--to=martin.lau@linux.dev \
--cc=alan.maguire@oracle.com \
--cc=alexis.lothore@bootlin.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=ebpf@linuxfoundation.org \
--cc=eddyz87@gmail.com \
--cc=haoluo@google.com \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kpsingh@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=mykolal@fb.com \
--cc=sdf@fomichev.me \
--cc=shuah@kernel.org \
--cc=song@kernel.org \
--cc=thomas.petazzoni@bootlin.com \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox