From patchwork Thu Aug 31 22:05:44 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Ahern X-Patchwork-Id: 808437 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="abZGF1Xd"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3xjxKS146Pz9s8J for ; Fri, 1 Sep 2017 08:06:20 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751618AbdHaWGN (ORCPT ); Thu, 31 Aug 2017 18:06:13 -0400 Received: from mail-pf0-f193.google.com ([209.85.192.193]:36316 "EHLO mail-pf0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751205AbdHaWGK (ORCPT ); Thu, 31 Aug 2017 18:06:10 -0400 Received: by mail-pf0-f193.google.com with SMTP id k3so530060pfc.3 for ; Thu, 31 Aug 2017 15:06:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=VjFxVof2IgrFcNrCbA0jxzEi1xSH3nHX44SD1b/EWT0=; b=abZGF1Xd3KAA2jc0lS6QUlZIok+4fPbYIMCmFA5UtvxH9gflEeCtNuR/6U17kxR0/Z h/7reWjJrztpFsabysa4RzbLqMUvSoxyh9+eUgxXSjFmfLGxaiuSS02e3W9QgeDAkRcx JxP/xGSXRQfon5kB/BL0yLQUiXIJDFq/hVyzKAQW5PjT8n8oU692qajQ7+SA6DIQFOUZ 9Jckka7oRrz7x6ukVn6FR+nIanB6bZP4lfXauGxJu43nuEYMjwEXDdS6rqxyrmVP5rhb NuQkwmvKcw5m6m0tRiKkiNBJcI8Q79qK+YH8bK50aWqqTHz2DiaWwcsIP9IE4HasYxSP H7Dw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=VjFxVof2IgrFcNrCbA0jxzEi1xSH3nHX44SD1b/EWT0=; b=bDLO1HqCSz75gVaze9Jmgr61Q74R9eDyefNQxGVKhI6vfxzrtm/m1mSl7uVtQc8JM8 6k6LDWcgiNh4UoovkxU+ruxEN0eP3IuzNUNYLwNN5idIAibj2oSoZKHoJ+TApry+UgCR PiAtKcN1jjQuTHKI8dLSnr9a0y7YmmhvYVNCSwpS6VWZSQOdw4+Y/knouPNx/+ZiY2fO o+dYf/x/ZrhFpf0wFs/MtV0rb8U+O4MQhFPr0UBQJHoAHHNjnXexbDbW9Vba+LvxTaMa THZ6jyrCSVhkL9QEfWH/RtvDO1thmJzMGXFBU0H42Zj9PqpGAbHCONrQ2gYmGd1NJijZ BRDQ== X-Gm-Message-State: AHYfb5j0u8UIqSvJokuSNzyGNOhgzS6YNhLoJn5Mk8N1fZ2YvMkNdKF1 YOgiti4fclusYLcK X-Google-Smtp-Source: ADKCNb4nZ7wRN+bP1SChOenLZwpm/JqJPtwr0XrtkrLuN7l4sFi0E1k60iHA/Y9Y4w2Y9hnWgMbKTQ== X-Received: by 10.84.133.14 with SMTP id 14mr4231076plf.44.1504217169653; Thu, 31 Aug 2017 15:06:09 -0700 (PDT) Received: from kenny.it.cumulusnetworks.com. (fw.cumulusnetworks.com. [216.129.126.126]) by smtp.googlemail.com with ESMTPSA id x12sm845336pfk.42.2017.08.31.15.06.08 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 31 Aug 2017 15:06:09 -0700 (PDT) From: David Ahern To: netdev@vger.kernel.org, daniel@iogearbox.net, ast@kernel.org Cc: David Ahern Subject: [PATCH v3 net-next 1/7] bpf: Add mark and priority to sock options that can be set Date: Thu, 31 Aug 2017 15:05:44 -0700 Message-Id: <1504217150-16151-2-git-send-email-dsahern@gmail.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1504217150-16151-1-git-send-email-dsahern@gmail.com> References: <1504217150-16151-1-git-send-email-dsahern@gmail.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Add socket mark and priority to fields that can be set by ebpf program when a socket is created. Signed-off-by: David Ahern Acked-by: Alexei Starovoitov Acked-by: Daniel Borkmann --- include/uapi/linux/bpf.h | 2 ++ net/core/filter.c | 26 ++++++++++++++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h index d46cf326b95f..e9c89e20adff 100644 --- a/include/uapi/linux/bpf.h +++ b/include/uapi/linux/bpf.h @@ -758,6 +758,8 @@ struct bpf_sock { __u32 family; __u32 type; __u32 protocol; + __u32 mark; + __u32 priority; }; #define XDP_PACKET_HEADROOM 256 diff --git a/net/core/filter.c b/net/core/filter.c index c6a37fe0285b..f51b9690adf3 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -3455,6 +3455,10 @@ static bool sock_filter_is_valid_access(int off, int size, switch (off) { case offsetof(struct bpf_sock, bound_dev_if): break; + case offsetof(struct bpf_sock, mark): + break; + case offsetof(struct bpf_sock, priority): + break; default: return false; } @@ -3958,6 +3962,28 @@ static u32 sock_filter_convert_ctx_access(enum bpf_access_type type, offsetof(struct sock, sk_bound_dev_if)); break; + case offsetof(struct bpf_sock, mark): + BUILD_BUG_ON(FIELD_SIZEOF(struct sock, sk_mark) != 4); + + if (type == BPF_WRITE) + *insn++ = BPF_STX_MEM(BPF_W, si->dst_reg, si->src_reg, + offsetof(struct sock, sk_mark)); + else + *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->src_reg, + offsetof(struct sock, sk_mark)); + break; + + case offsetof(struct bpf_sock, priority): + BUILD_BUG_ON(FIELD_SIZEOF(struct sock, sk_priority) != 4); + + if (type == BPF_WRITE) + *insn++ = BPF_STX_MEM(BPF_W, si->dst_reg, si->src_reg, + offsetof(struct sock, sk_priority)); + else + *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->src_reg, + offsetof(struct sock, sk_priority)); + break; + case offsetof(struct bpf_sock, family): BUILD_BUG_ON(FIELD_SIZEOF(struct sock, sk_family) != 2); From patchwork Thu Aug 31 22:05:45 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Ahern X-Patchwork-Id: 808441 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="RVAi1Vbw"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3xjxKm0JXlz9s8J for ; Fri, 1 Sep 2017 08:06:36 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751537AbdHaWGM (ORCPT ); Thu, 31 Aug 2017 18:06:12 -0400 Received: from mail-pf0-f195.google.com ([209.85.192.195]:35639 "EHLO mail-pf0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751001AbdHaWGL (ORCPT ); Thu, 31 Aug 2017 18:06:11 -0400 Received: by mail-pf0-f195.google.com with SMTP id g13so532849pfm.2 for ; Thu, 31 Aug 2017 15:06:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=dOM0PlPLyKevorfLDpiFIF9JjUKDx1xzEAyK5l+umqQ=; b=RVAi1VbwXWyVZ0blUf727Wzyphhc2WRHP+tRfQtcRaLyGmnQuJKQccjC2ocQQwTpz9 kPjUba90uDyEUHWGMBBCSoVe9qR5rY361WjXnnzcQyL+nb8VVXZoH+qdBRgqNo8kAHlu jNoS2Hzc8NNPjb6kf89NZCDm1r3UPHGaMfS5/ars3E+5j7O6pE/FJ4yybGfyw4MkcXfW vLvn9FOCWxqIaAGsJhbzL+Zva9U/7Xvx8qMDp9pkdby1uPz4X/yLYPfZRpnleE02HYCu bLF5htf9HAU6brV8SrWyGeKcs606c07nB+dXPgFPzaC8C0Jp45sivtRhK1jL3iioWkwp pmMQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=dOM0PlPLyKevorfLDpiFIF9JjUKDx1xzEAyK5l+umqQ=; b=fLLxQmEWtZ8+DriO/iC29q1GbcxY4Dja7ssuC4pwv9TP77q95/sdivsBYqVnPaxuUw OrQcFPiEEo+Hl0oTKv9HAu4ZrhQszNKatohAcEY0eVLSrSAsKNyfqXNYDp1HrX/0aa67 w2MxeJtkZTDB70dlFfG9jnN9IadLzhOvzds2LK3BwfYXWHM9O1fne4FFx+hVFZj5qD6q qHI/FoTs+dMXAQ8ECRaaeCyeDv+/2swm34QYo/vwaoQS12wYLgIIEh0ptgtKcvHGoXtD XIW9IzJbIuzM1iMslUS3Xf0lgsPZZfVZCDnIoAB1mTPzD7VNq9IY0nH1PvnlV0HHiHzZ CkQA== X-Gm-Message-State: AHYfb5hn66Q9mGECJPIp9WEStUH7eQU6bwIohKXpfO/jt+91guRvRwG2 01gyM9gA1Wb2OGGS X-Google-Smtp-Source: ADKCNb56wi/5/CKV0KGuB6UP3VgbPw2mRkdgLLp6QHJ2Ruc+4IVKVmfOONUq7TeZtq/zZ3gokoACcA== X-Received: by 10.99.112.71 with SMTP id a7mr4123963pgn.187.1504217170519; Thu, 31 Aug 2017 15:06:10 -0700 (PDT) Received: from kenny.it.cumulusnetworks.com. (fw.cumulusnetworks.com. [216.129.126.126]) by smtp.googlemail.com with ESMTPSA id x12sm845336pfk.42.2017.08.31.15.06.09 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 31 Aug 2017 15:06:10 -0700 (PDT) From: David Ahern To: netdev@vger.kernel.org, daniel@iogearbox.net, ast@kernel.org Cc: David Ahern Subject: [PATCH v3 net-next 2/7] bpf: Allow cgroup sock filters to use get_current_uid_gid helper Date: Thu, 31 Aug 2017 15:05:45 -0700 Message-Id: <1504217150-16151-3-git-send-email-dsahern@gmail.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1504217150-16151-1-git-send-email-dsahern@gmail.com> References: <1504217150-16151-1-git-send-email-dsahern@gmail.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Allow BPF programs run on sock create to use the get_current_uid_gid helper. IPv4 and IPv6 sockets are created in a process context so there is always a valid uid/gid Signed-off-by: David Ahern Acked-by: Alexei Starovoitov Acked-by: Daniel Borkmann --- net/core/filter.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/net/core/filter.c b/net/core/filter.c index f51b9690adf3..9dad3e7e2e10 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -3150,6 +3150,20 @@ bpf_base_func_proto(enum bpf_func_id func_id) } static const struct bpf_func_proto * +sock_filter_func_proto(enum bpf_func_id func_id) +{ + switch (func_id) { + /* inet and inet6 sockets are created in a process + * context so there is always a valid uid/gid + */ + case BPF_FUNC_get_current_uid_gid: + return &bpf_get_current_uid_gid_proto; + default: + return bpf_base_func_proto(func_id); + } +} + +static const struct bpf_func_proto * sk_filter_func_proto(enum bpf_func_id func_id) { switch (func_id) { @@ -4233,7 +4247,7 @@ const struct bpf_verifier_ops lwt_xmit_prog_ops = { }; const struct bpf_verifier_ops cg_sock_prog_ops = { - .get_func_proto = bpf_base_func_proto, + .get_func_proto = sock_filter_func_proto, .is_valid_access = sock_filter_is_valid_access, .convert_ctx_access = sock_filter_convert_ctx_access, }; From patchwork Thu Aug 31 22:05:46 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Ahern X-Patchwork-Id: 808443 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="u/gGiFcO"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3xjxLh5d1rz9s81 for ; Fri, 1 Sep 2017 08:07:24 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751844AbdHaWGp (ORCPT ); Thu, 31 Aug 2017 18:06:45 -0400 Received: from mail-pf0-f196.google.com ([209.85.192.196]:37803 "EHLO mail-pf0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751363AbdHaWGM (ORCPT ); Thu, 31 Aug 2017 18:06:12 -0400 Received: by mail-pf0-f196.google.com with SMTP id a2so523380pfj.4 for ; Thu, 31 Aug 2017 15:06:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=+zxmPv4LJWAXJr+gUFjo/IcFfYGv+trCVW0+HGJ+6N0=; b=u/gGiFcOZ4V5+DcILIJF2XfuDnRyb+4YEurioVL4UrWXviCm0eFf0pcwKD8qa87/yN fOsFzI1LEjaM1PzJRj60djwjMptFtjkLMddg3cVQwk7GaqXl+YH/w4LHspis7NdYDkU1 h2068UjUNi6ZQVZ+l0ZckLAr0LpsuRQJxZZSCJXdDBurtEATVqkIT36PJTMlwzX5UghX sVw1+tbw6h1ne2YJ8Fj6PQkzuiA6dVq3Ea9KkYO/w+rujSDFJNT+CY1yOIKxRV7whCFG 02EnKfYAshRGOwkvvNeioBupRSBoI4oZke0eZdagDHKIM1OZhyrDRUVaVdeLxFX7jMsZ 3GqQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=+zxmPv4LJWAXJr+gUFjo/IcFfYGv+trCVW0+HGJ+6N0=; b=Tf/dxIw+2Hrv2cOJxpp/l3fVOAqFujfIkxbTaDl9FEaPHYU4ozjH/AVSNFZtWUXkWE JY0Nv/vafji7OyKYqwTcA3b5YnnhAkSufU30L+hNjcGHkCgpAqFDqRmSqBqAGa9CKpCL MJrRS86AvJYBmnv4J/YWipkqY4Qb8UiLDlhtRE2LAPv50epN/HZxdArx2/ZriJwJeHUQ hjwt1SwruXCEeW8jiRz8oLQlVixUGkjvHoyy72mKqVqupZpMCKI/myTJ0hJxcdPXSZCf hQn9GaxkyCYlEMZofsDyySOiXwaK6PqwdVHLOSn6IHcbUKlmc3/250zl1kUV2ZMaAkgD CN8A== X-Gm-Message-State: AHYfb5i8uAuRZHosaKUUPZHEPOawcEGm3iiB/gepV1r8FgTRCKFc3st6 POvY12A5u/NPhqZD X-Google-Smtp-Source: ADKCNb73TooKHV9wLPPfG7by25EX0KHvPh2uABE8rtYBQN0EUyeWHzU+ZImRbyVdxZcraHN0q12Y9A== X-Received: by 10.99.43.129 with SMTP id r123mr4077695pgr.153.1504217171337; Thu, 31 Aug 2017 15:06:11 -0700 (PDT) Received: from kenny.it.cumulusnetworks.com. (fw.cumulusnetworks.com. [216.129.126.126]) by smtp.googlemail.com with ESMTPSA id x12sm845336pfk.42.2017.08.31.15.06.10 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 31 Aug 2017 15:06:10 -0700 (PDT) From: David Ahern To: netdev@vger.kernel.org, daniel@iogearbox.net, ast@kernel.org Cc: David Ahern Subject: [PATCH v3 net-next 3/7] samples/bpf: Update sock test to allow setting mark and priority Date: Thu, 31 Aug 2017 15:05:46 -0700 Message-Id: <1504217150-16151-4-git-send-email-dsahern@gmail.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1504217150-16151-1-git-send-email-dsahern@gmail.com> References: <1504217150-16151-1-git-send-email-dsahern@gmail.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Update sock test to set mark and priority on socket create. Signed-off-by: David Ahern Acked-by: Alexei Starovoitov --- samples/bpf/test_cgrp2_sock.c | 134 ++++++++++++++++++++++++++++++++++++----- samples/bpf/test_cgrp2_sock.sh | 2 +- 2 files changed, 119 insertions(+), 17 deletions(-) diff --git a/samples/bpf/test_cgrp2_sock.c b/samples/bpf/test_cgrp2_sock.c index c3cfb23e23b5..681abbe6c85e 100644 --- a/samples/bpf/test_cgrp2_sock.c +++ b/samples/bpf/test_cgrp2_sock.c @@ -19,59 +19,161 @@ #include #include #include +#include #include #include "libbpf.h" char bpf_log_buf[BPF_LOG_BUF_SIZE]; -static int prog_load(int idx) +static int prog_load(__u32 idx, __u32 mark, __u32 prio) { - struct bpf_insn prog[] = { + /* save pointer to context */ + struct bpf_insn prog_start[] = { BPF_MOV64_REG(BPF_REG_6, BPF_REG_1), + }; + struct bpf_insn prog_end[] = { + BPF_MOV64_IMM(BPF_REG_0, 1), /* r0 = verdict */ + BPF_EXIT_INSN(), + }; + + /* set sk_bound_dev_if on socket */ + struct bpf_insn prog_dev[] = { BPF_MOV64_IMM(BPF_REG_3, idx), BPF_MOV64_IMM(BPF_REG_2, offsetof(struct bpf_sock, bound_dev_if)), BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_3, offsetof(struct bpf_sock, bound_dev_if)), - BPF_MOV64_IMM(BPF_REG_0, 1), /* r0 = verdict */ - BPF_EXIT_INSN(), }; - size_t insns_cnt = sizeof(prog) / sizeof(struct bpf_insn); - return bpf_load_program(BPF_PROG_TYPE_CGROUP_SOCK, prog, insns_cnt, + /* set mark on socket */ + struct bpf_insn prog_mark[] = { + BPF_MOV64_REG(BPF_REG_1, BPF_REG_6), + BPF_MOV64_IMM(BPF_REG_3, mark), + BPF_MOV64_IMM(BPF_REG_2, offsetof(struct bpf_sock, mark)), + BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_3, offsetof(struct bpf_sock, mark)), + }; + + /* set priority on socket */ + struct bpf_insn prog_prio[] = { + BPF_MOV64_REG(BPF_REG_1, BPF_REG_6), + BPF_MOV64_IMM(BPF_REG_3, prio), + BPF_MOV64_IMM(BPF_REG_2, offsetof(struct bpf_sock, priority)), + BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_3, offsetof(struct bpf_sock, priority)), + }; + + struct bpf_insn *prog; + size_t insns_cnt; + void *p; + int ret; + + insns_cnt = sizeof(prog_start) + sizeof(prog_end); + if (idx) + insns_cnt += sizeof(prog_dev); + + if (mark) + insns_cnt += sizeof(prog_mark); + + if (prio) + insns_cnt += sizeof(prog_prio); + + p = prog = malloc(insns_cnt); + if (!prog) { + fprintf(stderr, "Failed to allocate memory for instructions\n"); + return EXIT_FAILURE; + } + + memcpy(p, prog_start, sizeof(prog_start)); + p += sizeof(prog_start); + + if (idx) { + memcpy(p, prog_dev, sizeof(prog_dev)); + p += sizeof(prog_dev); + } + + if (mark) { + memcpy(p, prog_mark, sizeof(prog_mark)); + p += sizeof(prog_mark); + } + + if (prio) { + memcpy(p, prog_prio, sizeof(prog_prio)); + p += sizeof(prog_prio); + } + + memcpy(p, prog_end, sizeof(prog_end)); + p += sizeof(prog_end); + + insns_cnt /= sizeof(struct bpf_insn); + + ret = bpf_load_program(BPF_PROG_TYPE_CGROUP_SOCK, prog, insns_cnt, "GPL", 0, bpf_log_buf, BPF_LOG_BUF_SIZE); + + free(prog); + + return ret; } static int usage(const char *argv0) { - printf("Usage: %s cg-path device-index\n", argv0); + printf("Usage: %s -b bind-to-dev -m mark -p prio cg-path\n", argv0); return EXIT_FAILURE; } int main(int argc, char **argv) { + __u32 idx = 0, mark = 0, prio = 0; + const char *cgrp_path = NULL; int cg_fd, prog_fd, ret; - unsigned int idx; + int rc; + + while ((rc = getopt(argc, argv, "b:m:p:")) != -1) { + switch (rc) { + case 'b': + idx = if_nametoindex(optarg); + if (!idx) { + idx = strtoumax(optarg, NULL, 0); + if (!idx) { + printf("Invalid device name\n"); + return EXIT_FAILURE; + } + } + break; + case 'm': + mark = strtoumax(optarg, NULL, 0); + break; + case 'p': + prio = strtoumax(optarg, NULL, 0); + break; + default: + return usage(argv[0]); + } + } - if (argc < 2) + if (optind == argc) return usage(argv[0]); - idx = if_nametoindex(argv[2]); - if (!idx) { - printf("Invalid device name\n"); + cgrp_path = argv[optind]; + if (!cgrp_path) { + fprintf(stderr, "cgroup path not given\n"); return EXIT_FAILURE; } - cg_fd = open(argv[1], O_DIRECTORY | O_RDONLY); + if (!idx && !mark && !prio) { + fprintf(stderr, + "One of device, mark or priority must be given\n"); + return EXIT_FAILURE; + } + + cg_fd = open(cgrp_path, O_DIRECTORY | O_RDONLY); if (cg_fd < 0) { printf("Failed to open cgroup path: '%s'\n", strerror(errno)); return EXIT_FAILURE; } - prog_fd = prog_load(idx); - printf("Output from kernel verifier:\n%s\n-------\n", bpf_log_buf); - + prog_fd = prog_load(idx, mark, prio); if (prog_fd < 0) { printf("Failed to load prog: '%s'\n", strerror(errno)); + printf("Output from kernel verifier:\n%s\n-------\n", + bpf_log_buf); return EXIT_FAILURE; } diff --git a/samples/bpf/test_cgrp2_sock.sh b/samples/bpf/test_cgrp2_sock.sh index 925fd467c7cc..1153c33e8964 100755 --- a/samples/bpf/test_cgrp2_sock.sh +++ b/samples/bpf/test_cgrp2_sock.sh @@ -20,7 +20,7 @@ function attach_bpf { mkdir -p /tmp/cgroupv2 mount -t cgroup2 none /tmp/cgroupv2 mkdir -p /tmp/cgroupv2/foo - test_cgrp2_sock /tmp/cgroupv2/foo foo + test_cgrp2_sock -b foo /tmp/cgroupv2/foo echo $$ >> /tmp/cgroupv2/foo/cgroup.procs } From patchwork Thu Aug 31 22:05:47 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Ahern X-Patchwork-Id: 808442 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="gxYcM0I+"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3xjxKn4MlDz9s81 for ; Fri, 1 Sep 2017 08:06:37 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751805AbdHaWGf (ORCPT ); Thu, 31 Aug 2017 18:06:35 -0400 Received: from mail-pf0-f196.google.com ([209.85.192.196]:36323 "EHLO mail-pf0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751409AbdHaWGM (ORCPT ); Thu, 31 Aug 2017 18:06:12 -0400 Received: by mail-pf0-f196.google.com with SMTP id k3so530106pfc.3 for ; Thu, 31 Aug 2017 15:06:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=0Kfva43P4Vab8Uor+Nh2s0M5qWDBWPi+fjR0yz4GR2I=; b=gxYcM0I+Sv0Wio3vFLdISMcBibEXluwXDYPZJOY+0imFpJ2A9rnBD08AaLpccbTQ7x x0lghpctGH08L3wPLuR1lW7TW3Xu9uPsZDlCJ5qpbPEWrPbckDNqCTPyQn1lTosfCXco cU7Vw2nFDgg/V0ey6K0GENFGJwrRA4bVayX7db8U7AIaZpIQyhyFb6AEbLsMuWxHi0zb NJWndQlEcGUBUe+w5vCVu2zTq+UoQicaD1KlTEyM0L3hAmm2JalmzAWA8OPW9nQARJkl W7/po0tJyECYRqRa5EDIT2k3PyPJzM5/RtG6QzyIFxTNcV3o8HcxcL8VbX4N+Po4SRs1 lGEg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=0Kfva43P4Vab8Uor+Nh2s0M5qWDBWPi+fjR0yz4GR2I=; b=Sg6B1tCPs1MzwYl4TqJ4mst9PRHVM9QhbYk6YXXrnlyTtHnlkoVKCgISbaHCLrkNKs rA9+EKL4zZZs5ym7dFlDIrvdPwXJCuqFjUCHUBKMqGqfewu4WZwi91V8W6Q9JDVoUznp wfBuujTmnNHTZ6aHgaa6sYzMlV6ZVAY1LJx6X+FB54lePvB4RjEtDONjn9Sv685lhwco jx6ib+obMmFwjYQkm4DLJQOjxvCtPQQwoku+hTS1/kYmvHjhZMK3GWk2r3Vzpk8Debm8 Hjetz5XDQ6H/p9AZu8z4W8XfVXPTVqpL5VpYZeXY2i2tD6Sd+ZlZExVTAyrK+ICaqvDf G/gw== X-Gm-Message-State: AHYfb5h03QabpowCBJfx31iDvm19DDlfzZ6wh6irlgPwOHVLz+nmMgqe Y8Qbz+NmvVRBJPFK X-Google-Smtp-Source: ADKCNb5DBRWE6VpKWTUjU7ljlxgcCumvchGxzdO2KQvOTC7gkUJ2L31W7SVvskg416d5ilCf8/ClWw== X-Received: by 10.99.2.83 with SMTP id 80mr4040710pgc.170.1504217172185; Thu, 31 Aug 2017 15:06:12 -0700 (PDT) Received: from kenny.it.cumulusnetworks.com. (fw.cumulusnetworks.com. [216.129.126.126]) by smtp.googlemail.com with ESMTPSA id x12sm845336pfk.42.2017.08.31.15.06.11 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 31 Aug 2017 15:06:11 -0700 (PDT) From: David Ahern To: netdev@vger.kernel.org, daniel@iogearbox.net, ast@kernel.org Cc: David Ahern Subject: [PATCH v3 net-next 4/7] samples/bpf: Add detach option to test_cgrp2_sock Date: Thu, 31 Aug 2017 15:05:47 -0700 Message-Id: <1504217150-16151-5-git-send-email-dsahern@gmail.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1504217150-16151-1-git-send-email-dsahern@gmail.com> References: <1504217150-16151-1-git-send-email-dsahern@gmail.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Add option to detach programs from a cgroup. Signed-off-by: David Ahern Acked-by: Alexei Starovoitov --- samples/bpf/test_cgrp2_sock.c | 50 ++++++++++++++++++++++++++++++------------- 1 file changed, 35 insertions(+), 15 deletions(-) diff --git a/samples/bpf/test_cgrp2_sock.c b/samples/bpf/test_cgrp2_sock.c index 681abbe6c85e..15396761c5cc 100644 --- a/samples/bpf/test_cgrp2_sock.c +++ b/samples/bpf/test_cgrp2_sock.c @@ -114,7 +114,12 @@ static int prog_load(__u32 idx, __u32 mark, __u32 prio) static int usage(const char *argv0) { - printf("Usage: %s -b bind-to-dev -m mark -p prio cg-path\n", argv0); + printf("Usage:\n"); + printf(" Attach a program\n"); + printf(" %s -b bind-to-dev -m mark -p prio cg-path\n", argv0); + printf("\n"); + printf(" Detach a program\n"); + printf(" %s -d cg-path\n", argv0); return EXIT_FAILURE; } @@ -123,10 +128,14 @@ int main(int argc, char **argv) __u32 idx = 0, mark = 0, prio = 0; const char *cgrp_path = NULL; int cg_fd, prog_fd, ret; + int do_attach = 1; int rc; - while ((rc = getopt(argc, argv, "b:m:p:")) != -1) { + while ((rc = getopt(argc, argv, "db:m:p:")) != -1) { switch (rc) { + case 'd': + do_attach = 0; + break; case 'b': idx = if_nametoindex(optarg); if (!idx) { @@ -157,7 +166,7 @@ int main(int argc, char **argv) return EXIT_FAILURE; } - if (!idx && !mark && !prio) { + if (do_attach && !idx && !mark && !prio) { fprintf(stderr, "One of device, mark or priority must be given\n"); return EXIT_FAILURE; @@ -169,20 +178,31 @@ int main(int argc, char **argv) return EXIT_FAILURE; } - prog_fd = prog_load(idx, mark, prio); - if (prog_fd < 0) { - printf("Failed to load prog: '%s'\n", strerror(errno)); - printf("Output from kernel verifier:\n%s\n-------\n", - bpf_log_buf); - return EXIT_FAILURE; - } + if (do_attach) { + prog_fd = prog_load(idx, mark, prio); + if (prog_fd < 0) { + printf("Failed to load prog: '%s'\n", strerror(errno)); + printf("Output from kernel verifier:\n%s\n-------\n", + bpf_log_buf); + return EXIT_FAILURE; + } - ret = bpf_prog_attach(prog_fd, cg_fd, BPF_CGROUP_INET_SOCK_CREATE, 0); - if (ret < 0) { - printf("Failed to attach prog to cgroup: '%s'\n", - strerror(errno)); - return EXIT_FAILURE; + ret = bpf_prog_attach(prog_fd, cg_fd, + BPF_CGROUP_INET_SOCK_CREATE, 0); + if (ret < 0) { + printf("Failed to attach prog to cgroup: '%s'\n", + strerror(errno)); + return EXIT_FAILURE; + } + } else { + ret = bpf_prog_detach(cg_fd, BPF_CGROUP_INET_SOCK_CREATE); + if (ret < 0) { + printf("Failed to detach prog from cgroup: '%s'\n", + strerror(errno)); + return EXIT_FAILURE; + } } + close(cg_fd); return EXIT_SUCCESS; } From patchwork Thu Aug 31 22:05:48 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Ahern X-Patchwork-Id: 808438 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="eIkkKw5g"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3xjxKS5qsHz9s81 for ; Fri, 1 Sep 2017 08:06:20 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751759AbdHaWGR (ORCPT ); Thu, 31 Aug 2017 18:06:17 -0400 Received: from mail-pf0-f196.google.com ([209.85.192.196]:35645 "EHLO mail-pf0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751001AbdHaWGN (ORCPT ); Thu, 31 Aug 2017 18:06:13 -0400 Received: by mail-pf0-f196.google.com with SMTP id g13so532898pfm.2 for ; Thu, 31 Aug 2017 15:06:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=84gOQRliaCEqW6/kI7OCGA5uhNpEl/D8paBEe0iTE00=; b=eIkkKw5gsGJKOU7x79yjDgA4J7fgeB3qX/WULSIzo1XxDbbgcylDRM+NPY3jhJPS85 FKbIm4+WVJ9lsnzb2yw5cBgRZR573B4VGFC1YvAqk3uR+DxXuLgYOZ6zNV+uuJnUMUhl 4fmdsW6zrxRyPFhzjUFibW+QXSRsWui89Qg9Q97Lw2yzk6xQ5whF0M/qUc00aHq7BUZ8 9YV6FFsZxJsredwmWX2EtE6fRKnXIEinHk5l1sfo0z4qFgrSQmv7dACOpGlLvGcALmbB EnATPVxNNTzR1CPyrrT7C4KiZuPB9/g4GPRrBrRFzAJWid3XxfgB2zLHIeNU13pbgSqz XMvQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=84gOQRliaCEqW6/kI7OCGA5uhNpEl/D8paBEe0iTE00=; b=Z725C8Rr6kkQw9XINZVLgJcCtx+a2L31zMQ0BISPal+9SxAqLSNlGHKohEKYFSOeOS zxyzd6TMj80rvhtpzyLNk2oG1qAYgU5rJqIxzrWzjCRuy+asEJKLxUyzmm/WYz15DylO zOey2+wY6J78xtndwhkVLg18HPDKdVecE/oTfNUdPDe63OpMPzKyA+Hi4+0pw1nuoBiV JFNsMIsNKYZbftx6Jt3QTvNT0kz3eFV8e0dyqN5LTxIVagJI1BjRV1H6T48NgCo1GD6L Dv0h+vqupOI+P91VBzgSAjeGVcFuNWsvK4HJDgWcTgTZoK5A4HJqImRA4v71EaceEzVc bbrA== X-Gm-Message-State: AHYfb5ic+Dznt/1X8SuPOhPspdgdj5+GHL1iaRZCjXZqV/Snn8fqqsUZ 4XdwtdqGCBaWAkL7 X-Google-Smtp-Source: ADKCNb7BFgUYtF2dpgMv+BvL8lH10CAr0spFJsHgtgix6H39nLu+ml+/U78MRi2pZ6cBkCbVR9EgKA== X-Received: by 10.99.114.76 with SMTP id c12mr4105185pgn.22.1504217173213; Thu, 31 Aug 2017 15:06:13 -0700 (PDT) Received: from kenny.it.cumulusnetworks.com. (fw.cumulusnetworks.com. [216.129.126.126]) by smtp.googlemail.com with ESMTPSA id x12sm845336pfk.42.2017.08.31.15.06.12 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 31 Aug 2017 15:06:12 -0700 (PDT) From: David Ahern To: netdev@vger.kernel.org, daniel@iogearbox.net, ast@kernel.org Cc: David Ahern Subject: [PATCH v3 net-next 5/7] samples/bpf: Add option to dump socket settings Date: Thu, 31 Aug 2017 15:05:48 -0700 Message-Id: <1504217150-16151-6-git-send-email-dsahern@gmail.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1504217150-16151-1-git-send-email-dsahern@gmail.com> References: <1504217150-16151-1-git-send-email-dsahern@gmail.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Add option to dump socket settings. Will be used in the next patch to verify bpf programs are correctly setting mark, priority and device based on the cgroup attachment for the program run. Signed-off-by: David Ahern Acked-by: Alexei Starovoitov --- samples/bpf/test_cgrp2_sock.c | 75 +++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 73 insertions(+), 2 deletions(-) diff --git a/samples/bpf/test_cgrp2_sock.c b/samples/bpf/test_cgrp2_sock.c index 15396761c5cc..5a688837720c 100644 --- a/samples/bpf/test_cgrp2_sock.c +++ b/samples/bpf/test_cgrp2_sock.c @@ -112,6 +112,70 @@ static int prog_load(__u32 idx, __u32 mark, __u32 prio) return ret; } +static int get_bind_to_device(int sd, char *name, size_t len) +{ + socklen_t optlen = len; + int rc; + + name[0] = '\0'; + rc = getsockopt(sd, SOL_SOCKET, SO_BINDTODEVICE, name, &optlen); + if (rc < 0) + perror("setsockopt(SO_BINDTODEVICE)"); + + return rc; +} + +static unsigned int get_somark(int sd) +{ + unsigned int mark = 0; + socklen_t optlen = sizeof(mark); + int rc; + + rc = getsockopt(sd, SOL_SOCKET, SO_MARK, &mark, &optlen); + if (rc < 0) + perror("getsockopt(SO_MARK)"); + + return mark; +} + +static unsigned int get_priority(int sd) +{ + unsigned int prio = 0; + socklen_t optlen = sizeof(prio); + int rc; + + rc = getsockopt(sd, SOL_SOCKET, SO_PRIORITY, &prio, &optlen); + if (rc < 0) + perror("getsockopt(SO_PRIORITY)"); + + return prio; +} + +static int show_sockopts(int family) +{ + unsigned int mark, prio; + char name[16]; + int sd; + + sd = socket(family, SOCK_DGRAM, 17); + if (sd < 0) { + perror("socket"); + return 1; + } + + if (get_bind_to_device(sd, name, sizeof(name)) < 0) + return 1; + + mark = get_somark(sd); + prio = get_priority(sd); + + close(sd); + + printf("sd %d: dev %s, mark %u, priority %u\n", sd, name, mark, prio); + + return 0; +} + static int usage(const char *argv0) { printf("Usage:\n"); @@ -120,6 +184,9 @@ static int usage(const char *argv0) printf("\n"); printf(" Detach a program\n"); printf(" %s -d cg-path\n", argv0); + printf("\n"); + printf(" Show inherited socket settings (mark, priority, and device)\n"); + printf(" %s [-6]\n", argv0); return EXIT_FAILURE; } @@ -128,10 +195,11 @@ int main(int argc, char **argv) __u32 idx = 0, mark = 0, prio = 0; const char *cgrp_path = NULL; int cg_fd, prog_fd, ret; + int family = PF_INET; int do_attach = 1; int rc; - while ((rc = getopt(argc, argv, "db:m:p:")) != -1) { + while ((rc = getopt(argc, argv, "db:m:p:6")) != -1) { switch (rc) { case 'd': do_attach = 0; @@ -152,13 +220,16 @@ int main(int argc, char **argv) case 'p': prio = strtoumax(optarg, NULL, 0); break; + case '6': + family = PF_INET6; + break; default: return usage(argv[0]); } } if (optind == argc) - return usage(argv[0]); + return show_sockopts(family); cgrp_path = argv[optind]; if (!cgrp_path) { From patchwork Thu Aug 31 22:05:49 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Ahern X-Patchwork-Id: 808440 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="pAA0gc0I"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3xjxKj3n3Pz9s8J for ; Fri, 1 Sep 2017 08:06:33 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751792AbdHaWGY (ORCPT ); Thu, 31 Aug 2017 18:06:24 -0400 Received: from mail-pf0-f169.google.com ([209.85.192.169]:33346 "EHLO mail-pf0-f169.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751205AbdHaWGP (ORCPT ); Thu, 31 Aug 2017 18:06:15 -0400 Received: by mail-pf0-f169.google.com with SMTP id n73so2711417pfj.0 for ; Thu, 31 Aug 2017 15:06:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=bCqCikMluhfsZKsDQbhhqB/XB71kdY8RgBG0Y3ompwc=; b=pAA0gc0INTdkoo87IjgGU1NPnuB/dDN1EA5gPPtE9DFfbK8jt36M8yrPBWPDxMnV63 obLA3ki4P68rMy2b9VbsQlRyOMeFeN3gqmhV6w29DL3xuQ5Ef2O2RXJS/KD6X3LdlAwt 1I4mRnRVvbEdE3+otrUI6YsKCOQN7ZFy2jv1aaMqL6Ysq1CNxIEjuMeoL/+kRW2yA6c2 ObROmB3r4ez0vEff87kPuNpK1DcwFdtm9BRWsb95lovieu9LX8NVZJwANCTm3lwUEL8N cEOUaOm2fG3fOcCMkGJRsHpsqWvdDK0LwTdbcz+wV4qAmZcCe9Lc7LBBLBUhUhjjApnW C2Ng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=bCqCikMluhfsZKsDQbhhqB/XB71kdY8RgBG0Y3ompwc=; b=hkEEHqjeBCZmW3FxwyJNKAViW3z8jpy6PDiDnmvnPPVQ1SMAHQu6FnRpkXAhrS0tS6 aXFTQP03D75YpciyVgPSka9ce1ewgu+z/5i2Wmr825PvGwXqoBj6HZATfw4hHoP8B1yl T6mpGraDTgWtcm1ce+cdajpir3bkneIIoYYbinNMw4/H+2kqkStkRr6krXi3oWlIiusr wnRMSNBwTpjCYWIy/8ORJOI5IPHAs4yExgrOyicPSC/kvR1QKA4lAudctfDt7mN2PIzj LjAFhyK+6s8YCXoQ2kLhMM+n53XIacau6QCE0Uw1vEhESVO1HZ8/xowqmFzHcgt6yTkY LrVg== X-Gm-Message-State: AHYfb5iRjNQEbkq9EzB44rpEzZVpfJTI//oj8VBUpxWVhqxqRpPHghLp olKQE82PyzNoWFUb X-Google-Smtp-Source: ADKCNb5Qw1WodjVK0nVZUnJK050FGjraOzjMASNkDCvCRAr0Tcd9XDI+NNycPMqEbJv7Qiq+bbz4Xw== X-Received: by 10.99.168.72 with SMTP id i8mr4197053pgp.281.1504217174076; Thu, 31 Aug 2017 15:06:14 -0700 (PDT) Received: from kenny.it.cumulusnetworks.com. (fw.cumulusnetworks.com. [216.129.126.126]) by smtp.googlemail.com with ESMTPSA id x12sm845336pfk.42.2017.08.31.15.06.13 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 31 Aug 2017 15:06:13 -0700 (PDT) From: David Ahern To: netdev@vger.kernel.org, daniel@iogearbox.net, ast@kernel.org Cc: David Ahern Subject: [PATCH v3 net-next 6/7] samples/bpf: Update cgrp2 socket tests Date: Thu, 31 Aug 2017 15:05:49 -0700 Message-Id: <1504217150-16151-7-git-send-email-dsahern@gmail.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1504217150-16151-1-git-send-email-dsahern@gmail.com> References: <1504217150-16151-1-git-send-email-dsahern@gmail.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Update cgrp2 bpf sock tests to check that device, mark and priority can all be set on a socket via bpf programs attached to a cgroup. Signed-off-by: David Ahern Acked-by: Alexei Starovoitov --- samples/bpf/test_cgrp2_sock.sh | 162 +++++++++++++++++++++++++++++++---------- 1 file changed, 124 insertions(+), 38 deletions(-) diff --git a/samples/bpf/test_cgrp2_sock.sh b/samples/bpf/test_cgrp2_sock.sh index 1153c33e8964..a81f38eef417 100755 --- a/samples/bpf/test_cgrp2_sock.sh +++ b/samples/bpf/test_cgrp2_sock.sh @@ -1,47 +1,133 @@ -#!/bin/bash - -function config_device { - ip netns add at_ns0 - ip link add veth0 type veth peer name veth0b - ip link set veth0b up - ip link set veth0 netns at_ns0 - ip netns exec at_ns0 ip addr add 172.16.1.100/24 dev veth0 - ip netns exec at_ns0 ip addr add 2401:db00::1/64 dev veth0 nodad - ip netns exec at_ns0 ip link set dev veth0 up - ip link add foo type vrf table 1234 - ip link set foo up - ip addr add 172.16.1.101/24 dev veth0b - ip addr add 2401:db00::2/64 dev veth0b nodad - ip link set veth0b master foo +#!/bin/sh + +# Test various socket options that can be set by attaching programs to cgroups. + +CGRP_MNT="/tmp/cgroupv2-test_cgrp2_sock" + +################################################################################ +# +print_result() +{ + local rc=$1 + local status=" OK " + + [ $rc -ne 0 ] && status="FAIL" + + printf "%-50s [%4s]\n" "$2" "$status" } -function attach_bpf { - rm -rf /tmp/cgroupv2 - mkdir -p /tmp/cgroupv2 - mount -t cgroup2 none /tmp/cgroupv2 - mkdir -p /tmp/cgroupv2/foo - test_cgrp2_sock -b foo /tmp/cgroupv2/foo - echo $$ >> /tmp/cgroupv2/foo/cgroup.procs +check_sock() +{ + out=$(test_cgrp2_sock) + echo $out | grep -q "$1" + if [ $? -ne 0 ]; then + print_result 1 "IPv4: $2" + echo " expected: $1" + echo " have: $out" + rc=1 + else + print_result 0 "IPv4: $2" + fi } -function cleanup { - set +ex - ip netns delete at_ns0 - ip link del veth0 - ip link del foo - umount /tmp/cgroupv2 - rm -rf /tmp/cgroupv2 - set -ex +check_sock6() +{ + out=$(test_cgrp2_sock -6) + echo $out | grep -q "$1" + if [ $? -ne 0 ]; then + print_result 1 "IPv6: $2" + echo " expected: $1" + echo " have: $out" + rc=1 + else + print_result 0 "IPv6: $2" + fi } -function do_test { - ping -c1 -w1 172.16.1.100 - ping6 -c1 -w1 2401:db00::1 +################################################################################ +# + +cleanup() +{ + echo $$ >> ${CGRP_MNT}/cgroup.procs + rmdir ${CGRP_MNT}/sockopts } +cleanup_and_exit() +{ + local rc=$1 + local msg="$2" + + [ -n "$msg" ] && echo "ERROR: $msg" + + ip li del cgrp2_sock + umount ${CGRP_MNT} + + exit $rc +} + + +################################################################################ +# main + +rc=0 + +ip li add cgrp2_sock type dummy 2>/dev/null + +set -e +mkdir -p ${CGRP_MNT} +mount -t cgroup2 none ${CGRP_MNT} +set +e + + +# make sure we have a known start point cleanup 2>/dev/null -config_device -attach_bpf -do_test -cleanup -echo "*** PASS ***" + +mkdir -p ${CGRP_MNT}/sockopts +[ $? -ne 0 ] && cleanup_and_exit 1 "Failed to create cgroup hierarchy" + + +# set pid into cgroup +echo $$ > ${CGRP_MNT}/sockopts/cgroup.procs + +# no bpf program attached, so socket should show no settings +check_sock "dev , mark 0, priority 0" "No programs attached" +check_sock6 "dev , mark 0, priority 0" "No programs attached" + +# verify device is set +# +test_cgrp2_sock -b cgrp2_sock ${CGRP_MNT}/sockopts +if [ $? -ne 0 ]; then + cleanup_and_exit 1 "Failed to install program to set device" +fi +check_sock "dev cgrp2_sock, mark 0, priority 0" "Device set" +check_sock6 "dev cgrp2_sock, mark 0, priority 0" "Device set" + +# verify mark is set +# +test_cgrp2_sock -m 666 ${CGRP_MNT}/sockopts +if [ $? -ne 0 ]; then + cleanup_and_exit 1 "Failed to install program to set mark" +fi +check_sock "dev , mark 666, priority 0" "Mark set" +check_sock6 "dev , mark 666, priority 0" "Mark set" + +# verify priority is set +# +test_cgrp2_sock -p 123 ${CGRP_MNT}/sockopts +if [ $? -ne 0 ]; then + cleanup_and_exit 1 "Failed to install program to set priority" +fi +check_sock "dev , mark 0, priority 123" "Priority set" +check_sock6 "dev , mark 0, priority 123" "Priority set" + +# all 3 at once +# +test_cgrp2_sock -b cgrp2_sock -m 666 -p 123 ${CGRP_MNT}/sockopts +if [ $? -ne 0 ]; then + cleanup_and_exit 1 "Failed to install program to set device, mark and priority" +fi +check_sock "dev cgrp2_sock, mark 666, priority 123" "Priority set" +check_sock6 "dev cgrp2_sock, mark 666, priority 123" "Priority set" + +cleanup_and_exit $rc From patchwork Thu Aug 31 22:05:50 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Ahern X-Patchwork-Id: 808439 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="CL44LtyS"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3xjxKd08Y3z9s81 for ; Fri, 1 Sep 2017 08:06:29 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751796AbdHaWGZ (ORCPT ); Thu, 31 Aug 2017 18:06:25 -0400 Received: from mail-pg0-f67.google.com ([74.125.83.67]:33285 "EHLO mail-pg0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751623AbdHaWGP (ORCPT ); Thu, 31 Aug 2017 18:06:15 -0400 Received: by mail-pg0-f67.google.com with SMTP id m15so571247pgc.0 for ; Thu, 31 Aug 2017 15:06:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=1mSgRaf+0pbxZOrxYOwKN6sg9BR5be3s9dUy0PTvBnE=; b=CL44LtySNjXaQuodsTQzsXCCT60w9eis4IyKZdlMPAezVtStG1MBur63fFLN/or29s ipIJeumZYcQCEqrMDuu/joMqiskDgpUgdvW0RHPS6+lLpzcAj6KNRnerB5ZSmeU0VhcW UuAUCdY3ckbB+uwGUGcXosRwQA/to9b79LEJtVLmwYjdkNPVY6B07N45VlmrBsIyw9n+ qwMGZsFVnugjO8fUv8EIvLfh3XXVqfU2OPb2I+knYoq8Z5EUwS0AkXEw0IDIHhk/RMOg hCfz/lc14sBBBtpDnMSpNlWiCHSxZpkJv3Pe14gTxxkH/aYxF/oJHMb1fHj8CQwaen4X BTNw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=1mSgRaf+0pbxZOrxYOwKN6sg9BR5be3s9dUy0PTvBnE=; b=h/pPhEcdoDdZrDXBG46D6w2vMbKBOEzFknqYR3rsWQLjsUzX6Lntm5+3cc16IJNRfI liWqbUbqNSDSGbdmvi2Emeq7vJWsA1s9D43oeyaBDj42sqlp3KvR6IgcLQzi2L5IhTXM Ji94VYVmqqnO3xUR4RGW3wnjgY2YiG2WOzawuYcOGdLm0wi8c1MDA1XEuUwBzhmJOU3G epzcjQFvN7RVKFf3IgJad2a0VL3pg5o7Vacd6IFLyo5+gfBmRjiGrQFRjC1J+zcPB8E/ UFXS53rrk+c0FHaGAd8xnyFNuyU7ez/4YpjM/1ZU6vMRIbPmJ9aaZdGsievRHefCShwR MaHw== X-Gm-Message-State: AHYfb5gLFMjthnTYjnHQM0oXCLc2oWXOo7OfBxwaB0wrnt3bhh2LjnnZ 8JhPyrK+/wz33OyA X-Google-Smtp-Source: ADKCNb6Bs5y/b+2M4/f5QThoRK1Kl7/VFYKVmUO2DcuYRjlCmcugdqyOFC5GcrR2+Bhh2vCjbo7glA== X-Received: by 10.101.86.68 with SMTP id m4mr4048246pgs.79.1504217174919; Thu, 31 Aug 2017 15:06:14 -0700 (PDT) Received: from kenny.it.cumulusnetworks.com. (fw.cumulusnetworks.com. [216.129.126.126]) by smtp.googlemail.com with ESMTPSA id x12sm845336pfk.42.2017.08.31.15.06.14 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 31 Aug 2017 15:06:14 -0700 (PDT) From: David Ahern To: netdev@vger.kernel.org, daniel@iogearbox.net, ast@kernel.org Cc: David Ahern Subject: [PATCH v3 net-next 7/7] samples/bpf: Update cgroup socket examples to use uid gid helper Date: Thu, 31 Aug 2017 15:05:50 -0700 Message-Id: <1504217150-16151-8-git-send-email-dsahern@gmail.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1504217150-16151-1-git-send-email-dsahern@gmail.com> References: <1504217150-16151-1-git-send-email-dsahern@gmail.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Signed-off-by: David Ahern Acked-by: Alexei Starovoitov --- samples/bpf/sock_flags_kern.c | 5 +++++ samples/bpf/test_cgrp2_sock.c | 12 +++++++++++- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/samples/bpf/sock_flags_kern.c b/samples/bpf/sock_flags_kern.c index 533dd11a6baa..05dcdf8a4baa 100644 --- a/samples/bpf/sock_flags_kern.c +++ b/samples/bpf/sock_flags_kern.c @@ -9,8 +9,13 @@ SEC("cgroup/sock1") int bpf_prog1(struct bpf_sock *sk) { char fmt[] = "socket: family %d type %d protocol %d\n"; + char fmt2[] = "socket: uid %u gid %u\n"; + __u64 gid_uid = bpf_get_current_uid_gid(); + __u32 uid = gid_uid & 0xffffffff; + __u32 gid = gid_uid >> 32; bpf_trace_printk(fmt, sizeof(fmt), sk->family, sk->type, sk->protocol); + bpf_trace_printk(fmt2, sizeof(fmt2), uid, gid); /* block PF_INET6, SOCK_RAW, IPPROTO_ICMPV6 sockets * ie., make ping6 fail diff --git a/samples/bpf/test_cgrp2_sock.c b/samples/bpf/test_cgrp2_sock.c index 5a688837720c..e79594dd629b 100644 --- a/samples/bpf/test_cgrp2_sock.c +++ b/samples/bpf/test_cgrp2_sock.c @@ -46,8 +46,18 @@ static int prog_load(__u32 idx, __u32 mark, __u32 prio) /* set mark on socket */ struct bpf_insn prog_mark[] = { - BPF_MOV64_REG(BPF_REG_1, BPF_REG_6), + /* get uid of process */ + BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, + BPF_FUNC_get_current_uid_gid), + BPF_ALU64_IMM(BPF_AND, BPF_REG_0, 0xffffffff), + + /* if uid is 0, use given mark, else use the uid as the mark */ + BPF_MOV64_REG(BPF_REG_3, BPF_REG_0), + BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), BPF_MOV64_IMM(BPF_REG_3, mark), + + /* set the mark on the new socket */ + BPF_MOV64_REG(BPF_REG_1, BPF_REG_6), BPF_MOV64_IMM(BPF_REG_2, offsetof(struct bpf_sock, mark)), BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_3, offsetof(struct bpf_sock, mark)), };