Received-SPF: pass (google.com: domain of linux-kernel+bounces-69069-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1;
Subject: Re: [PATCH] selftests/bpf: Move test_dev_cgroup to prog_tests
To: Muhammad Usama Anjum <usama.anjum@collabora.com>,
 Alexei Starovoitov <ast@kernel.org>, Andrii Nakryiko <andrii@kernel.org>,
 Martin KaFai Lau <martin.lau@linux.dev>, Eduard Zingerman
 <eddyz87@gmail.com>, Song Liu <song@kernel.org>,
 Yonghong Song <yonghong.song@linux.dev>,
 John Fastabend <john.fastabend@gmail.com>, KP Singh <kpsingh@kernel.org>,
 Stanislav Fomichev <sdf@google.com>, Hao Luo <haoluo@google.com>,
 Jiri Olsa <jolsa@kernel.org>, Mykola Lysenko <mykolal@fb.com>,
 Shuah Khan <shuah@kernel.org>
Cc: kernel@collabora.com, linux-kernel@vger.kernel.org, bpf@vger.kernel.org,
 linux-kselftest@vger.kernel.org
References: <20240215120233.308986-1-usama.anjum@collabora.com>
From: Daniel Borkmann <daniel@iogearbox.net>
Message-ID: <fa73d34f-e371-cc4b-afd1-c680a2edac56@iogearbox.net>
Date: Fri, 16 Feb 2024 18:25:43 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
 Thunderbird/60.7.2
Precedence: bulk
MIME-Version: 1.0
In-Reply-To: <20240215120233.308986-1-usama.anjum@collabora.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit

Hi Muhammad,

Small nit, pls use $subj: [PATCH bpf-next]

On 2/15/24 1:01 PM, Muhammad Usama Anjum wrote:
> Move test_dev_cgroup to prog_tests to be able to run it with test_progs.
> Replace dev_cgroup.bpf.o with skel header file, dev_cgroup.skel.h and
> load program from it accourdingly.
> 
>    ./test_progs -t test_dev_cgroup
>    mknod: /tmp/test_dev_cgroup_null: Operation not permitted
>    64+0 records in
>    64+0 records out
>    32768 bytes (33 kB, 32 KiB) copied, 0.000856684 s, 38.2 MB/s
>    dd: failed to open '/dev/full': Operation not permitted
>    dd: failed to open '/dev/random': Operation not permitted
>    #365     test_dev_cgroup:OK
>    Summary: 1/0 PASSED, 0 SKIPPED, 0 FAILED
> 
> Signed-off-by: Muhammad Usama Anjum <usama.anjum@collabora.com>

BPF CI currently fails this with :

https://github.com/kernel-patches/bpf/actions/runs/7924507406/job/21636353124

   [...]
   All error logs:
   test_test_dev_cgroup:PASS:skel_open_and_load 0 nsec
   test_test_dev_cgroup:PASS:cgroup_setup_and_join 0 nsec
   test_test_dev_cgroup:PASS:bpf_attach 0 nsec
   test_test_dev_cgroup:PASS:bpf_query 0 nsec
   test_test_dev_cgroup:PASS:rm 0 nsec
   test_test_dev_cgroup:PASS:mknod 0 nsec
   test_test_dev_cgroup:PASS:rm 0 nsec
   test_test_dev_cgroup:PASS:rm 0 nsec
   test_test_dev_cgroup:FAIL:mknod unexpected mknod on _zero
   test_test_dev_cgroup:PASS:rm 0 nsec
   test_test_dev_cgroup:PASS:dd 0 nsec
   test_test_dev_cgroup:PASS:dd 0 nsec
   test_test_dev_cgroup:PASS:dd 0 nsec
   (cgroup_helpers.c:353: errno: Device or resource busy) umount cgroup2
   #366     test_dev_cgroup:FAIL
   Summary: 517/3837 PASSED, 53 SKIPPED, 1 FAILED

You can also use vmtest.sh tool to check locally :

   # ./vmtest.sh -- ./test_progs -t test_dev_cgroup

> diff --git a/tools/testing/selftests/bpf/prog_tests/test_dev_cgroup.c b/tools/testing/selftests/bpf/prog_tests/test_dev_cgroup.c
> new file mode 100644
> index 0000000000000..ee37ce52dec9f
> --- /dev/null
> +++ b/tools/testing/selftests/bpf/prog_tests/test_dev_cgroup.c
> @@ -0,0 +1,67 @@
> +// SPDX-License-Identifier: GPL-2.0-only
> +/* Copyright (c) 2017 Facebook
> + */
> +
> +#include <test_progs.h>
> +#include <time.h>
> +#include "cgroup_helpers.h"
> +#include "dev_cgroup.skel.h"
> +
> +#define TEST_CGROUP "/test-bpf-based-device-cgroup/"
> +
> +void test_test_dev_cgroup(void)

nit: test_dev_cgroup ?

> +{
> +	int cgroup_fd, err, duration = 0;
> +	struct dev_cgroup *skel;
> +	__u32 prog_cnt;
> +
> +	skel = dev_cgroup__open_and_load();
> +	if (CHECK(!skel, "skel_open_and_load", "failed\n"))
> +		goto cleanup;

Nit: please use ASSERT_* macros everywhere, the CHECK() is deprecated.

> +	cgroup_fd = cgroup_setup_and_join(TEST_CGROUP);
> +	if (CHECK(cgroup_fd < 0, "cgroup_setup_and_join", "failed: %d\n", cgroup_fd))
> +		goto cleanup;
> +
> +	err = bpf_prog_attach(bpf_program__fd(skel->progs.bpf_prog1), cgroup_fd,
> +			      BPF_CGROUP_DEVICE, 0);
> +	if (CHECK(err, "bpf_attach", "failed: %d\n", err))
> +		goto cleanup;
> +
> +	err = bpf_prog_query(cgroup_fd, BPF_CGROUP_DEVICE, 0, NULL, NULL, &prog_cnt);
> +	if (CHECK(err || prog_cnt != 1, "bpf_query", "failed: %d %d\n", err, prog_cnt))
> +		goto cleanup;
> +
> +	/* All operations with /dev/zero and /dev/urandom are allowed,
> +	 * everything else is forbidden.
> +	 */
> +	CHECK(system("rm -f /tmp/test_dev_cgroup_null"), "rm",
> +	      "unexpected rm on _null\n");
> +	CHECK(!system("mknod /tmp/test_dev_cgroup_null c 1 3"),
> +	      "mknod", "unexpected mknod on _null\n");
> +	CHECK(system("rm -f /tmp/test_dev_cgroup_null"), "rm",
> +	      "unexpected rm on _null\n");
> +
> +	/* /dev/zero is whitelisted */
> +	CHECK(system("rm -f /tmp/test_dev_cgroup_zero"), "rm",
> +	      "unexpected rm on _zero\n");
> +	CHECK(system("mknod /tmp/test_dev_cgroup_zero c 1 5"),
> +	      "mknod", "unexpected mknod on _zero\n");
> +	CHECK(system("rm -f /tmp/test_dev_cgroup_zero"), "rm",
> +	      "unexpected rm on _zero\n");
> +
> +	CHECK(system("dd if=/dev/urandom of=/dev/zero count=64"), "dd",
> +	      "unexpected dd on /dev/zero\n");
> +
> +	/* src is allowed, target is forbidden */
> +	CHECK(!system("dd if=/dev/urandom of=/dev/full count=64"), "dd",
> +	      "unexpected dd on /dev/full\n");
> +
> +	/* src is forbidden, target is allowed */
> +	CHECK(!system("dd if=/dev/random of=/dev/zero count=64"), "dd",
> +	      "unexpected dd on /dev/zero\n");
> +
> +cleanup:
> +	cleanup_cgroup_environment();
> +	dev_cgroup__destroy(skel);
> +}

Thanks,
Daniel