162306a36Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0-only 262306a36Sopenharmony_ci/* Copyright (c) 2017 Facebook 362306a36Sopenharmony_ci */ 462306a36Sopenharmony_ci 562306a36Sopenharmony_ci#include <stdio.h> 662306a36Sopenharmony_ci#include <stdlib.h> 762306a36Sopenharmony_ci#include <string.h> 862306a36Sopenharmony_ci#include <errno.h> 962306a36Sopenharmony_ci#include <assert.h> 1062306a36Sopenharmony_ci#include <sys/time.h> 1162306a36Sopenharmony_ci 1262306a36Sopenharmony_ci#include <linux/bpf.h> 1362306a36Sopenharmony_ci#include <bpf/bpf.h> 1462306a36Sopenharmony_ci#include <bpf/libbpf.h> 1562306a36Sopenharmony_ci 1662306a36Sopenharmony_ci#include "cgroup_helpers.h" 1762306a36Sopenharmony_ci#include "testing_helpers.h" 1862306a36Sopenharmony_ci 1962306a36Sopenharmony_ci#define DEV_CGROUP_PROG "./dev_cgroup.bpf.o" 2062306a36Sopenharmony_ci 2162306a36Sopenharmony_ci#define TEST_CGROUP "/test-bpf-based-device-cgroup/" 2262306a36Sopenharmony_ci 2362306a36Sopenharmony_ciint main(int argc, char **argv) 2462306a36Sopenharmony_ci{ 2562306a36Sopenharmony_ci struct bpf_object *obj; 2662306a36Sopenharmony_ci int error = EXIT_FAILURE; 2762306a36Sopenharmony_ci int prog_fd, cgroup_fd; 2862306a36Sopenharmony_ci __u32 prog_cnt; 2962306a36Sopenharmony_ci 3062306a36Sopenharmony_ci /* Use libbpf 1.0 API mode */ 3162306a36Sopenharmony_ci libbpf_set_strict_mode(LIBBPF_STRICT_ALL); 3262306a36Sopenharmony_ci 3362306a36Sopenharmony_ci if (bpf_prog_test_load(DEV_CGROUP_PROG, BPF_PROG_TYPE_CGROUP_DEVICE, 3462306a36Sopenharmony_ci &obj, &prog_fd)) { 3562306a36Sopenharmony_ci printf("Failed to load DEV_CGROUP program\n"); 3662306a36Sopenharmony_ci goto out; 3762306a36Sopenharmony_ci } 3862306a36Sopenharmony_ci 3962306a36Sopenharmony_ci cgroup_fd = cgroup_setup_and_join(TEST_CGROUP); 4062306a36Sopenharmony_ci if (cgroup_fd < 0) { 4162306a36Sopenharmony_ci printf("Failed to create test cgroup\n"); 4262306a36Sopenharmony_ci goto out; 4362306a36Sopenharmony_ci } 4462306a36Sopenharmony_ci 4562306a36Sopenharmony_ci /* Attach bpf program */ 4662306a36Sopenharmony_ci if (bpf_prog_attach(prog_fd, cgroup_fd, BPF_CGROUP_DEVICE, 0)) { 4762306a36Sopenharmony_ci printf("Failed to attach DEV_CGROUP program"); 4862306a36Sopenharmony_ci goto err; 4962306a36Sopenharmony_ci } 5062306a36Sopenharmony_ci 5162306a36Sopenharmony_ci if (bpf_prog_query(cgroup_fd, BPF_CGROUP_DEVICE, 0, NULL, NULL, 5262306a36Sopenharmony_ci &prog_cnt)) { 5362306a36Sopenharmony_ci printf("Failed to query attached programs"); 5462306a36Sopenharmony_ci goto err; 5562306a36Sopenharmony_ci } 5662306a36Sopenharmony_ci 5762306a36Sopenharmony_ci /* All operations with /dev/zero and and /dev/urandom are allowed, 5862306a36Sopenharmony_ci * everything else is forbidden. 5962306a36Sopenharmony_ci */ 6062306a36Sopenharmony_ci assert(system("rm -f /tmp/test_dev_cgroup_null") == 0); 6162306a36Sopenharmony_ci assert(system("mknod /tmp/test_dev_cgroup_null c 1 3")); 6262306a36Sopenharmony_ci assert(system("rm -f /tmp/test_dev_cgroup_null") == 0); 6362306a36Sopenharmony_ci 6462306a36Sopenharmony_ci /* /dev/zero is whitelisted */ 6562306a36Sopenharmony_ci assert(system("rm -f /tmp/test_dev_cgroup_zero") == 0); 6662306a36Sopenharmony_ci assert(system("mknod /tmp/test_dev_cgroup_zero c 1 5") == 0); 6762306a36Sopenharmony_ci assert(system("rm -f /tmp/test_dev_cgroup_zero") == 0); 6862306a36Sopenharmony_ci 6962306a36Sopenharmony_ci assert(system("dd if=/dev/urandom of=/dev/zero count=64") == 0); 7062306a36Sopenharmony_ci 7162306a36Sopenharmony_ci /* src is allowed, target is forbidden */ 7262306a36Sopenharmony_ci assert(system("dd if=/dev/urandom of=/dev/full count=64")); 7362306a36Sopenharmony_ci 7462306a36Sopenharmony_ci /* src is forbidden, target is allowed */ 7562306a36Sopenharmony_ci assert(system("dd if=/dev/random of=/dev/zero count=64")); 7662306a36Sopenharmony_ci 7762306a36Sopenharmony_ci error = 0; 7862306a36Sopenharmony_ci printf("test_dev_cgroup:PASS\n"); 7962306a36Sopenharmony_ci 8062306a36Sopenharmony_cierr: 8162306a36Sopenharmony_ci cleanup_cgroup_environment(); 8262306a36Sopenharmony_ci 8362306a36Sopenharmony_ciout: 8462306a36Sopenharmony_ci return error; 8562306a36Sopenharmony_ci} 86