2016-12-02 18:42:32 +08:00
|
|
|
/* eBPF example program:
|
|
|
|
*
|
|
|
|
* - Creates arraymap in kernel with 4 bytes keys and 8 byte values
|
|
|
|
*
|
|
|
|
* - Loads eBPF program
|
|
|
|
*
|
|
|
|
* The eBPF program accesses the map passed in to store two pieces of
|
|
|
|
* information. The number of invocations of the program, which maps
|
|
|
|
* to the number of packets received, is stored to key 0. Key 1 is
|
|
|
|
* incremented on each iteration by the number of bytes stored in
|
2018-08-03 05:27:30 +08:00
|
|
|
* the skb. The program also stores the number of received bytes
|
|
|
|
* in the cgroup storage.
|
2016-12-02 18:42:32 +08:00
|
|
|
*
|
|
|
|
* - Attaches the new program to a cgroup using BPF_PROG_ATTACH
|
|
|
|
*
|
|
|
|
* - Every second, reads map[0] and map[1] to see how many bytes and
|
|
|
|
* packets were seen on any socket of tasks in the given cgroup.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#define _GNU_SOURCE
|
|
|
|
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <assert.h>
|
2018-08-03 05:27:30 +08:00
|
|
|
#include <sys/resource.h>
|
|
|
|
#include <sys/time.h>
|
2016-12-02 18:42:32 +08:00
|
|
|
#include <unistd.h>
|
|
|
|
|
|
|
|
#include <linux/bpf.h>
|
2018-05-15 13:35:03 +08:00
|
|
|
#include <bpf/bpf.h>
|
2016-12-02 18:42:32 +08:00
|
|
|
|
2018-05-15 13:35:03 +08:00
|
|
|
#include "bpf_insn.h"
|
2018-08-03 05:27:30 +08:00
|
|
|
#include "bpf_rlimit.h"
|
2016-12-02 18:42:32 +08:00
|
|
|
#include "cgroup_helpers.h"
|
|
|
|
|
|
|
|
#define FOO "/foo"
|
|
|
|
#define BAR "/foo/bar/"
|
samples/bpf: add multi-prog cgroup test case
create 5 cgroups, attach 6 progs and check that progs are executed as:
cgrp1 (MULTI progs A, B) ->
cgrp2 (OVERRIDE prog C) ->
cgrp3 (MULTI prog D) ->
cgrp4 (OVERRIDE prog E) ->
cgrp5 (NONE prog F)
the event in cgrp5 triggers execution of F,D,A,B in that order.
if prog F is detached, the execution is E,D,A,B
if prog F and D are detached, the execution is E,A,B
if prog F, E and D are detached, the execution is C,A,B
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-10-03 13:50:25 +08:00
|
|
|
#define PING_CMD "ping -c1 -w1 127.0.0.1 > /dev/null"
|
2016-12-02 18:42:32 +08:00
|
|
|
|
samples/bpf: Make samples more libbpf-centric
Switch all of the sample code to use the function names from
tools/lib/bpf so that they're consistent with that, and to declare their
own log buffers. This allow the next commit to be purely devoted to
getting rid of the duplicate library in samples/bpf.
Committer notes:
Testing it:
On a fedora rawhide container, with clang/llvm 3.9, sharing the host
linux kernel git tree:
# make O=/tmp/build/linux/ headers_install
# make O=/tmp/build/linux -C samples/bpf/
Since I forgot to make it privileged, just tested it outside the
container, using what it generated:
# uname -a
Linux jouet 4.9.0-rc8+ #1 SMP Mon Dec 12 11:20:49 BRT 2016 x86_64 x86_64 x86_64 GNU/Linux
# cd /var/lib/docker/devicemapper/mnt/c43e09a53ff56c86a07baf79847f00e2cc2a17a1e2220e1adbf8cbc62734feda/rootfs/tmp/build/linux/samples/bpf/
# ls -la offwaketime
-rwxr-xr-x. 1 root root 24200 Dec 15 12:19 offwaketime
# file offwaketime
offwaketime: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=c940d3f127d5e66cdd680e42d885cb0b64f8a0e4, not stripped
# readelf -SW offwaketime_kern.o | grep PROGBITS
[ 2] .text PROGBITS 0000000000000000 000040 000000 00 AX 0 0 4
[ 3] kprobe/try_to_wake_up PROGBITS 0000000000000000 000040 0000d8 00 AX 0 0 8
[ 5] tracepoint/sched/sched_switch PROGBITS 0000000000000000 000118 000318 00 AX 0 0 8
[ 7] maps PROGBITS 0000000000000000 000430 000050 00 WA 0 0 4
[ 8] license PROGBITS 0000000000000000 000480 000004 00 WA 0 0 1
[ 9] version PROGBITS 0000000000000000 000484 000004 00 WA 0 0 4
# ./offwaketime | head -5
swapper/1;start_secondary;cpu_startup_entry;schedule_preempt_disabled;schedule;__schedule;-;---;; 106
CPU 0/KVM;entry_SYSCALL_64_fastpath;sys_ioctl;do_vfs_ioctl;kvm_vcpu_ioctl;kvm_arch_vcpu_ioctl_run;kvm_vcpu_block;schedule;__schedule;-;try_to_wake_up;swake_up_locked;swake_up;apic_timer_expired;apic_timer_fn;__hrtimer_run_queues;hrtimer_interrupt;local_apic_timer_interrupt;smp_apic_timer_interrupt;__irqentry_text_start;cpuidle_enter;call_cpuidle;cpu_startup_entry;start_secondary;;swapper/3 2
Compositor;entry_SYSCALL_64_fastpath;sys_futex;do_futex;futex_wait;futex_wait_queue_me;schedule;__schedule;-;try_to_wake_up;futex_requeue;do_futex;sys_futex;entry_SYSCALL_64_fastpath;;SoftwareVsyncTh 5
firefox;entry_SYSCALL_64_fastpath;sys_poll;do_sys_poll;poll_schedule_timeout;schedule_hrtimeout_range;schedule_hrtimeout_range_clock;schedule;__schedule;-;try_to_wake_up;pollwake;__wake_up_common;__wake_up_sync_key;pipe_write;__vfs_write;vfs_write;sys_write;entry_SYSCALL_64_fastpath;;Timer 13
JS Helper;entry_SYSCALL_64_fastpath;sys_futex;do_futex;futex_wait;futex_wait_queue_me;schedule;__schedule;-;try_to_wake_up;do_futex;sys_futex;entry_SYSCALL_64_fastpath;;firefox 2
#
Signed-off-by: Joe Stringer <joe@ovn.org>
Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Alexei Starovoitov <ast@fb.com>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: Wang Nan <wangnan0@huawei.com>
Cc: netdev@vger.kernel.org
Link: http://lkml.kernel.org/r/20161214224342.12858-2-joe@ovn.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
2016-12-15 06:43:38 +08:00
|
|
|
char bpf_log_buf[BPF_LOG_BUF_SIZE];
|
|
|
|
|
2016-12-02 18:42:32 +08:00
|
|
|
static int prog_load(int verdict)
|
|
|
|
{
|
|
|
|
int ret;
|
|
|
|
struct bpf_insn prog[] = {
|
|
|
|
BPF_MOV64_IMM(BPF_REG_0, verdict), /* r0 = verdict */
|
|
|
|
BPF_EXIT_INSN(),
|
|
|
|
};
|
samples/bpf: Switch over to libbpf
Now that libbpf under tools/lib/bpf/* is synced with the version from
samples/bpf, we can get rid most of the libbpf library here.
Committer notes:
Built it in a docker fedora rawhide container and ran it in the f25 host, seems
to work just like it did before this patch, i.e. the switch to tools/lib/bpf/
doesn't seem to have introduced problems and Joe said he tested it with
all the entries in samples/bpf/ and other code he found:
[root@f5065a7d6272 linux]# make -j4 O=/tmp/build/linux headers_install
<SNIP>
[root@f5065a7d6272 linux]# rm -rf /tmp/build/linux/samples/bpf/
[root@f5065a7d6272 linux]# make -j4 O=/tmp/build/linux samples/bpf/
make[1]: Entering directory '/tmp/build/linux'
CHK include/config/kernel.release
HOSTCC scripts/basic/fixdep
GEN ./Makefile
CHK include/generated/uapi/linux/version.h
Using /git/linux as source for kernel
CHK include/generated/utsrelease.h
HOSTCC scripts/basic/bin2c
HOSTCC arch/x86/tools/relocs_32.o
HOSTCC arch/x86/tools/relocs_64.o
LD samples/bpf/built-in.o
<SNIP>
HOSTCC samples/bpf/fds_example.o
HOSTCC samples/bpf/sockex1_user.o
/git/linux/samples/bpf/fds_example.c: In function 'bpf_prog_create':
/git/linux/samples/bpf/fds_example.c:63:6: warning: passing argument 2 of 'bpf_load_program' discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
insns, insns_cnt, "GPL", 0,
^~~~~
In file included from /git/linux/samples/bpf/libbpf.h:5:0,
from /git/linux/samples/bpf/bpf_load.h:4,
from /git/linux/samples/bpf/fds_example.c:15:
/git/linux/tools/lib/bpf/bpf.h:31:5: note: expected 'struct bpf_insn *' but argument is of type 'const struct bpf_insn *'
int bpf_load_program(enum bpf_prog_type type, struct bpf_insn *insns,
^~~~~~~~~~~~~~~~
HOSTCC samples/bpf/sockex2_user.o
<SNIP>
HOSTCC samples/bpf/xdp_tx_iptunnel_user.o
clang -nostdinc -isystem /usr/lib/gcc/x86_64-redhat-linux/6.2.1/include -I/git/linux/arch/x86/include -I./arch/x86/include/generated/uapi -I./arch/x86/include/generated -I/git/linux/include -I./include -I/git/linux/arch/x86/include/uapi -I/git/linux/include/uapi -I./include/generated/uapi -include /git/linux/include/linux/kconfig.h \
-D__KERNEL__ -D__ASM_SYSREG_H -Wno-unused-value -Wno-pointer-sign \
-Wno-compare-distinct-pointer-types \
-Wno-gnu-variable-sized-type-not-at-end \
-Wno-address-of-packed-member -Wno-tautological-compare \
-O2 -emit-llvm -c /git/linux/samples/bpf/sockex1_kern.c -o -| llc -march=bpf -filetype=obj -o samples/bpf/sockex1_kern.o
HOSTLD samples/bpf/tc_l2_redirect
<SNIP>
HOSTLD samples/bpf/lwt_len_hist
HOSTLD samples/bpf/xdp_tx_iptunnel
make[1]: Leaving directory '/tmp/build/linux'
[root@f5065a7d6272 linux]#
And then, in the host:
[root@jouet bpf]# mount | grep "docker.*devicemapper\/"
/dev/mapper/docker-253:0-1705076-9bd8aa1e0af33adce89ff42090847868ca676932878942be53941a06ec5923f9 on /var/lib/docker/devicemapper/mnt/9bd8aa1e0af33adce89ff42090847868ca676932878942be53941a06ec5923f9 type xfs (rw,relatime,context="system_u:object_r:container_file_t:s0:c73,c276",nouuid,attr2,inode64,sunit=1024,swidth=1024,noquota)
[root@jouet bpf]# cd /var/lib/docker/devicemapper/mnt/9bd8aa1e0af33adce89ff42090847868ca676932878942be53941a06ec5923f9/rootfs/tmp/build/linux/samples/bpf/
[root@jouet bpf]# file offwaketime
offwaketime: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=f423d171e0487b2f802b6a792657f0f3c8f6d155, not stripped
[root@jouet bpf]# readelf -SW offwaketime
offwaketime offwaketime_kern.o offwaketime_user.o
[root@jouet bpf]# readelf -SW offwaketime_kern.o
There are 11 section headers, starting at offset 0x700:
Section Headers:
[Nr] Name Type Address Off Size ES Flg Lk Inf Al
[ 0] NULL 0000000000000000 000000 000000 00 0 0 0
[ 1] .strtab STRTAB 0000000000000000 000658 0000a8 00 0 0 1
[ 2] .text PROGBITS 0000000000000000 000040 000000 00 AX 0 0 4
[ 3] kprobe/try_to_wake_up PROGBITS 0000000000000000 000040 0000d8 00 AX 0 0 8
[ 4] .relkprobe/try_to_wake_up REL 0000000000000000 0005a8 000020 10 10 3 8
[ 5] tracepoint/sched/sched_switch PROGBITS 0000000000000000 000118 000318 00 AX 0 0 8
[ 6] .reltracepoint/sched/sched_switch REL 0000000000000000 0005c8 000090 10 10 5 8
[ 7] maps PROGBITS 0000000000000000 000430 000050 00 WA 0 0 4
[ 8] license PROGBITS 0000000000000000 000480 000004 00 WA 0 0 1
[ 9] version PROGBITS 0000000000000000 000484 000004 00 WA 0 0 4
[10] .symtab SYMTAB 0000000000000000 000488 000120 18 1 4 8
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings)
I (info), L (link order), G (group), T (TLS), E (exclude), x (unknown)
O (extra OS processing required) o (OS specific), p (processor specific)
[root@jouet bpf]# ./offwaketime | head -3
qemu-system-x86;entry_SYSCALL_64_fastpath;sys_ppoll;do_sys_poll;poll_schedule_timeout;schedule_hrtimeout_range;schedule_hrtimeout_range_clock;schedule;__schedule;-;try_to_wake_up;hrtimer_wakeup;__hrtimer_run_queues;hrtimer_interrupt;local_apic_timer_interrupt;smp_apic_timer_interrupt;__irqentry_text_start;cpuidle_enter_state;cpuidle_enter;call_cpuidle;cpu_startup_entry;rest_init;start_kernel;x86_64_start_reservations;x86_64_start_kernel;start_cpu;;swapper/0 4
firefox;entry_SYSCALL_64_fastpath;sys_poll;do_sys_poll;poll_schedule_timeout;schedule_hrtimeout_range;schedule_hrtimeout_range_clock;schedule;__schedule;-;try_to_wake_up;pollwake;__wake_up_common;__wake_up_sync_key;pipe_write;__vfs_write;vfs_write;sys_write;entry_SYSCALL_64_fastpath;;Timer 1
swapper/2;start_cpu;start_secondary;cpu_startup_entry;schedule_preempt_disabled;schedule;__schedule;-;---;; 61
[root@jouet bpf]#
Signed-off-by: Joe Stringer <joe@ovn.org>
Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Alexei Starovoitov <ast@fb.com>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: Wang Nan <wangnan0@huawei.com>
Cc: netdev@vger.kernel.org
Link: https://github.com/joestringer/linux/commit/5c40f54a52b1f437123c81e21873f4b4b1f9bd55.patch
Link: http://lkml.kernel.org/n/tip-xr8twtx7sjh5821g8qw47yxk@git.kernel.org
[ Use -I$(srctree)/tools/lib/ to support out of source code tree builds, as noticed by Wang Nan ]
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
2016-12-15 06:43:39 +08:00
|
|
|
size_t insns_cnt = sizeof(prog) / sizeof(struct bpf_insn);
|
2016-12-02 18:42:32 +08:00
|
|
|
|
samples/bpf: Make samples more libbpf-centric
Switch all of the sample code to use the function names from
tools/lib/bpf so that they're consistent with that, and to declare their
own log buffers. This allow the next commit to be purely devoted to
getting rid of the duplicate library in samples/bpf.
Committer notes:
Testing it:
On a fedora rawhide container, with clang/llvm 3.9, sharing the host
linux kernel git tree:
# make O=/tmp/build/linux/ headers_install
# make O=/tmp/build/linux -C samples/bpf/
Since I forgot to make it privileged, just tested it outside the
container, using what it generated:
# uname -a
Linux jouet 4.9.0-rc8+ #1 SMP Mon Dec 12 11:20:49 BRT 2016 x86_64 x86_64 x86_64 GNU/Linux
# cd /var/lib/docker/devicemapper/mnt/c43e09a53ff56c86a07baf79847f00e2cc2a17a1e2220e1adbf8cbc62734feda/rootfs/tmp/build/linux/samples/bpf/
# ls -la offwaketime
-rwxr-xr-x. 1 root root 24200 Dec 15 12:19 offwaketime
# file offwaketime
offwaketime: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=c940d3f127d5e66cdd680e42d885cb0b64f8a0e4, not stripped
# readelf -SW offwaketime_kern.o | grep PROGBITS
[ 2] .text PROGBITS 0000000000000000 000040 000000 00 AX 0 0 4
[ 3] kprobe/try_to_wake_up PROGBITS 0000000000000000 000040 0000d8 00 AX 0 0 8
[ 5] tracepoint/sched/sched_switch PROGBITS 0000000000000000 000118 000318 00 AX 0 0 8
[ 7] maps PROGBITS 0000000000000000 000430 000050 00 WA 0 0 4
[ 8] license PROGBITS 0000000000000000 000480 000004 00 WA 0 0 1
[ 9] version PROGBITS 0000000000000000 000484 000004 00 WA 0 0 4
# ./offwaketime | head -5
swapper/1;start_secondary;cpu_startup_entry;schedule_preempt_disabled;schedule;__schedule;-;---;; 106
CPU 0/KVM;entry_SYSCALL_64_fastpath;sys_ioctl;do_vfs_ioctl;kvm_vcpu_ioctl;kvm_arch_vcpu_ioctl_run;kvm_vcpu_block;schedule;__schedule;-;try_to_wake_up;swake_up_locked;swake_up;apic_timer_expired;apic_timer_fn;__hrtimer_run_queues;hrtimer_interrupt;local_apic_timer_interrupt;smp_apic_timer_interrupt;__irqentry_text_start;cpuidle_enter;call_cpuidle;cpu_startup_entry;start_secondary;;swapper/3 2
Compositor;entry_SYSCALL_64_fastpath;sys_futex;do_futex;futex_wait;futex_wait_queue_me;schedule;__schedule;-;try_to_wake_up;futex_requeue;do_futex;sys_futex;entry_SYSCALL_64_fastpath;;SoftwareVsyncTh 5
firefox;entry_SYSCALL_64_fastpath;sys_poll;do_sys_poll;poll_schedule_timeout;schedule_hrtimeout_range;schedule_hrtimeout_range_clock;schedule;__schedule;-;try_to_wake_up;pollwake;__wake_up_common;__wake_up_sync_key;pipe_write;__vfs_write;vfs_write;sys_write;entry_SYSCALL_64_fastpath;;Timer 13
JS Helper;entry_SYSCALL_64_fastpath;sys_futex;do_futex;futex_wait;futex_wait_queue_me;schedule;__schedule;-;try_to_wake_up;do_futex;sys_futex;entry_SYSCALL_64_fastpath;;firefox 2
#
Signed-off-by: Joe Stringer <joe@ovn.org>
Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Alexei Starovoitov <ast@fb.com>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: Wang Nan <wangnan0@huawei.com>
Cc: netdev@vger.kernel.org
Link: http://lkml.kernel.org/r/20161214224342.12858-2-joe@ovn.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
2016-12-15 06:43:38 +08:00
|
|
|
ret = bpf_load_program(BPF_PROG_TYPE_CGROUP_SKB,
|
samples/bpf: Switch over to libbpf
Now that libbpf under tools/lib/bpf/* is synced with the version from
samples/bpf, we can get rid most of the libbpf library here.
Committer notes:
Built it in a docker fedora rawhide container and ran it in the f25 host, seems
to work just like it did before this patch, i.e. the switch to tools/lib/bpf/
doesn't seem to have introduced problems and Joe said he tested it with
all the entries in samples/bpf/ and other code he found:
[root@f5065a7d6272 linux]# make -j4 O=/tmp/build/linux headers_install
<SNIP>
[root@f5065a7d6272 linux]# rm -rf /tmp/build/linux/samples/bpf/
[root@f5065a7d6272 linux]# make -j4 O=/tmp/build/linux samples/bpf/
make[1]: Entering directory '/tmp/build/linux'
CHK include/config/kernel.release
HOSTCC scripts/basic/fixdep
GEN ./Makefile
CHK include/generated/uapi/linux/version.h
Using /git/linux as source for kernel
CHK include/generated/utsrelease.h
HOSTCC scripts/basic/bin2c
HOSTCC arch/x86/tools/relocs_32.o
HOSTCC arch/x86/tools/relocs_64.o
LD samples/bpf/built-in.o
<SNIP>
HOSTCC samples/bpf/fds_example.o
HOSTCC samples/bpf/sockex1_user.o
/git/linux/samples/bpf/fds_example.c: In function 'bpf_prog_create':
/git/linux/samples/bpf/fds_example.c:63:6: warning: passing argument 2 of 'bpf_load_program' discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
insns, insns_cnt, "GPL", 0,
^~~~~
In file included from /git/linux/samples/bpf/libbpf.h:5:0,
from /git/linux/samples/bpf/bpf_load.h:4,
from /git/linux/samples/bpf/fds_example.c:15:
/git/linux/tools/lib/bpf/bpf.h:31:5: note: expected 'struct bpf_insn *' but argument is of type 'const struct bpf_insn *'
int bpf_load_program(enum bpf_prog_type type, struct bpf_insn *insns,
^~~~~~~~~~~~~~~~
HOSTCC samples/bpf/sockex2_user.o
<SNIP>
HOSTCC samples/bpf/xdp_tx_iptunnel_user.o
clang -nostdinc -isystem /usr/lib/gcc/x86_64-redhat-linux/6.2.1/include -I/git/linux/arch/x86/include -I./arch/x86/include/generated/uapi -I./arch/x86/include/generated -I/git/linux/include -I./include -I/git/linux/arch/x86/include/uapi -I/git/linux/include/uapi -I./include/generated/uapi -include /git/linux/include/linux/kconfig.h \
-D__KERNEL__ -D__ASM_SYSREG_H -Wno-unused-value -Wno-pointer-sign \
-Wno-compare-distinct-pointer-types \
-Wno-gnu-variable-sized-type-not-at-end \
-Wno-address-of-packed-member -Wno-tautological-compare \
-O2 -emit-llvm -c /git/linux/samples/bpf/sockex1_kern.c -o -| llc -march=bpf -filetype=obj -o samples/bpf/sockex1_kern.o
HOSTLD samples/bpf/tc_l2_redirect
<SNIP>
HOSTLD samples/bpf/lwt_len_hist
HOSTLD samples/bpf/xdp_tx_iptunnel
make[1]: Leaving directory '/tmp/build/linux'
[root@f5065a7d6272 linux]#
And then, in the host:
[root@jouet bpf]# mount | grep "docker.*devicemapper\/"
/dev/mapper/docker-253:0-1705076-9bd8aa1e0af33adce89ff42090847868ca676932878942be53941a06ec5923f9 on /var/lib/docker/devicemapper/mnt/9bd8aa1e0af33adce89ff42090847868ca676932878942be53941a06ec5923f9 type xfs (rw,relatime,context="system_u:object_r:container_file_t:s0:c73,c276",nouuid,attr2,inode64,sunit=1024,swidth=1024,noquota)
[root@jouet bpf]# cd /var/lib/docker/devicemapper/mnt/9bd8aa1e0af33adce89ff42090847868ca676932878942be53941a06ec5923f9/rootfs/tmp/build/linux/samples/bpf/
[root@jouet bpf]# file offwaketime
offwaketime: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=f423d171e0487b2f802b6a792657f0f3c8f6d155, not stripped
[root@jouet bpf]# readelf -SW offwaketime
offwaketime offwaketime_kern.o offwaketime_user.o
[root@jouet bpf]# readelf -SW offwaketime_kern.o
There are 11 section headers, starting at offset 0x700:
Section Headers:
[Nr] Name Type Address Off Size ES Flg Lk Inf Al
[ 0] NULL 0000000000000000 000000 000000 00 0 0 0
[ 1] .strtab STRTAB 0000000000000000 000658 0000a8 00 0 0 1
[ 2] .text PROGBITS 0000000000000000 000040 000000 00 AX 0 0 4
[ 3] kprobe/try_to_wake_up PROGBITS 0000000000000000 000040 0000d8 00 AX 0 0 8
[ 4] .relkprobe/try_to_wake_up REL 0000000000000000 0005a8 000020 10 10 3 8
[ 5] tracepoint/sched/sched_switch PROGBITS 0000000000000000 000118 000318 00 AX 0 0 8
[ 6] .reltracepoint/sched/sched_switch REL 0000000000000000 0005c8 000090 10 10 5 8
[ 7] maps PROGBITS 0000000000000000 000430 000050 00 WA 0 0 4
[ 8] license PROGBITS 0000000000000000 000480 000004 00 WA 0 0 1
[ 9] version PROGBITS 0000000000000000 000484 000004 00 WA 0 0 4
[10] .symtab SYMTAB 0000000000000000 000488 000120 18 1 4 8
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings)
I (info), L (link order), G (group), T (TLS), E (exclude), x (unknown)
O (extra OS processing required) o (OS specific), p (processor specific)
[root@jouet bpf]# ./offwaketime | head -3
qemu-system-x86;entry_SYSCALL_64_fastpath;sys_ppoll;do_sys_poll;poll_schedule_timeout;schedule_hrtimeout_range;schedule_hrtimeout_range_clock;schedule;__schedule;-;try_to_wake_up;hrtimer_wakeup;__hrtimer_run_queues;hrtimer_interrupt;local_apic_timer_interrupt;smp_apic_timer_interrupt;__irqentry_text_start;cpuidle_enter_state;cpuidle_enter;call_cpuidle;cpu_startup_entry;rest_init;start_kernel;x86_64_start_reservations;x86_64_start_kernel;start_cpu;;swapper/0 4
firefox;entry_SYSCALL_64_fastpath;sys_poll;do_sys_poll;poll_schedule_timeout;schedule_hrtimeout_range;schedule_hrtimeout_range_clock;schedule;__schedule;-;try_to_wake_up;pollwake;__wake_up_common;__wake_up_sync_key;pipe_write;__vfs_write;vfs_write;sys_write;entry_SYSCALL_64_fastpath;;Timer 1
swapper/2;start_cpu;start_secondary;cpu_startup_entry;schedule_preempt_disabled;schedule;__schedule;-;---;; 61
[root@jouet bpf]#
Signed-off-by: Joe Stringer <joe@ovn.org>
Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Alexei Starovoitov <ast@fb.com>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: Wang Nan <wangnan0@huawei.com>
Cc: netdev@vger.kernel.org
Link: https://github.com/joestringer/linux/commit/5c40f54a52b1f437123c81e21873f4b4b1f9bd55.patch
Link: http://lkml.kernel.org/n/tip-xr8twtx7sjh5821g8qw47yxk@git.kernel.org
[ Use -I$(srctree)/tools/lib/ to support out of source code tree builds, as noticed by Wang Nan ]
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
2016-12-15 06:43:39 +08:00
|
|
|
prog, insns_cnt, "GPL", 0,
|
samples/bpf: Make samples more libbpf-centric
Switch all of the sample code to use the function names from
tools/lib/bpf so that they're consistent with that, and to declare their
own log buffers. This allow the next commit to be purely devoted to
getting rid of the duplicate library in samples/bpf.
Committer notes:
Testing it:
On a fedora rawhide container, with clang/llvm 3.9, sharing the host
linux kernel git tree:
# make O=/tmp/build/linux/ headers_install
# make O=/tmp/build/linux -C samples/bpf/
Since I forgot to make it privileged, just tested it outside the
container, using what it generated:
# uname -a
Linux jouet 4.9.0-rc8+ #1 SMP Mon Dec 12 11:20:49 BRT 2016 x86_64 x86_64 x86_64 GNU/Linux
# cd /var/lib/docker/devicemapper/mnt/c43e09a53ff56c86a07baf79847f00e2cc2a17a1e2220e1adbf8cbc62734feda/rootfs/tmp/build/linux/samples/bpf/
# ls -la offwaketime
-rwxr-xr-x. 1 root root 24200 Dec 15 12:19 offwaketime
# file offwaketime
offwaketime: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=c940d3f127d5e66cdd680e42d885cb0b64f8a0e4, not stripped
# readelf -SW offwaketime_kern.o | grep PROGBITS
[ 2] .text PROGBITS 0000000000000000 000040 000000 00 AX 0 0 4
[ 3] kprobe/try_to_wake_up PROGBITS 0000000000000000 000040 0000d8 00 AX 0 0 8
[ 5] tracepoint/sched/sched_switch PROGBITS 0000000000000000 000118 000318 00 AX 0 0 8
[ 7] maps PROGBITS 0000000000000000 000430 000050 00 WA 0 0 4
[ 8] license PROGBITS 0000000000000000 000480 000004 00 WA 0 0 1
[ 9] version PROGBITS 0000000000000000 000484 000004 00 WA 0 0 4
# ./offwaketime | head -5
swapper/1;start_secondary;cpu_startup_entry;schedule_preempt_disabled;schedule;__schedule;-;---;; 106
CPU 0/KVM;entry_SYSCALL_64_fastpath;sys_ioctl;do_vfs_ioctl;kvm_vcpu_ioctl;kvm_arch_vcpu_ioctl_run;kvm_vcpu_block;schedule;__schedule;-;try_to_wake_up;swake_up_locked;swake_up;apic_timer_expired;apic_timer_fn;__hrtimer_run_queues;hrtimer_interrupt;local_apic_timer_interrupt;smp_apic_timer_interrupt;__irqentry_text_start;cpuidle_enter;call_cpuidle;cpu_startup_entry;start_secondary;;swapper/3 2
Compositor;entry_SYSCALL_64_fastpath;sys_futex;do_futex;futex_wait;futex_wait_queue_me;schedule;__schedule;-;try_to_wake_up;futex_requeue;do_futex;sys_futex;entry_SYSCALL_64_fastpath;;SoftwareVsyncTh 5
firefox;entry_SYSCALL_64_fastpath;sys_poll;do_sys_poll;poll_schedule_timeout;schedule_hrtimeout_range;schedule_hrtimeout_range_clock;schedule;__schedule;-;try_to_wake_up;pollwake;__wake_up_common;__wake_up_sync_key;pipe_write;__vfs_write;vfs_write;sys_write;entry_SYSCALL_64_fastpath;;Timer 13
JS Helper;entry_SYSCALL_64_fastpath;sys_futex;do_futex;futex_wait;futex_wait_queue_me;schedule;__schedule;-;try_to_wake_up;do_futex;sys_futex;entry_SYSCALL_64_fastpath;;firefox 2
#
Signed-off-by: Joe Stringer <joe@ovn.org>
Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Alexei Starovoitov <ast@fb.com>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: Wang Nan <wangnan0@huawei.com>
Cc: netdev@vger.kernel.org
Link: http://lkml.kernel.org/r/20161214224342.12858-2-joe@ovn.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
2016-12-15 06:43:38 +08:00
|
|
|
bpf_log_buf, BPF_LOG_BUF_SIZE);
|
2016-12-02 18:42:32 +08:00
|
|
|
|
|
|
|
if (ret < 0) {
|
|
|
|
log_err("Loading program");
|
|
|
|
printf("Output from verifier:\n%s\n-------\n", bpf_log_buf);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
samples/bpf: add multi-prog cgroup test case
create 5 cgroups, attach 6 progs and check that progs are executed as:
cgrp1 (MULTI progs A, B) ->
cgrp2 (OVERRIDE prog C) ->
cgrp3 (MULTI prog D) ->
cgrp4 (OVERRIDE prog E) ->
cgrp5 (NONE prog F)
the event in cgrp5 triggers execution of F,D,A,B in that order.
if prog F is detached, the execution is E,D,A,B
if prog F and D are detached, the execution is E,A,B
if prog F, E and D are detached, the execution is C,A,B
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-10-03 13:50:25 +08:00
|
|
|
static int test_foo_bar(void)
|
2016-12-02 18:42:32 +08:00
|
|
|
{
|
|
|
|
int drop_prog, allow_prog, foo = 0, bar = 0, rc = 0;
|
|
|
|
|
|
|
|
allow_prog = prog_load(1);
|
|
|
|
if (!allow_prog)
|
|
|
|
goto err;
|
|
|
|
|
|
|
|
drop_prog = prog_load(0);
|
|
|
|
if (!drop_prog)
|
|
|
|
goto err;
|
|
|
|
|
|
|
|
if (setup_cgroup_environment())
|
|
|
|
goto err;
|
|
|
|
|
|
|
|
/* Create cgroup /foo, get fd, and join it */
|
|
|
|
foo = create_and_get_cgroup(FOO);
|
|
|
|
if (!foo)
|
|
|
|
goto err;
|
|
|
|
|
|
|
|
if (join_cgroup(FOO))
|
|
|
|
goto err;
|
|
|
|
|
2017-12-01 01:02:29 +08:00
|
|
|
if (bpf_prog_attach(drop_prog, foo, BPF_CGROUP_INET_EGRESS,
|
|
|
|
BPF_F_ALLOW_OVERRIDE)) {
|
2016-12-02 18:42:32 +08:00
|
|
|
log_err("Attaching prog to /foo");
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
2017-02-11 12:28:24 +08:00
|
|
|
printf("Attached DROP prog. This ping in cgroup /foo should fail...\n");
|
2016-12-02 18:42:32 +08:00
|
|
|
assert(system(PING_CMD) != 0);
|
|
|
|
|
|
|
|
/* Create cgroup /foo/bar, get fd, and join it */
|
|
|
|
bar = create_and_get_cgroup(BAR);
|
|
|
|
if (!bar)
|
|
|
|
goto err;
|
|
|
|
|
|
|
|
if (join_cgroup(BAR))
|
|
|
|
goto err;
|
|
|
|
|
2017-02-11 12:28:24 +08:00
|
|
|
printf("Attached DROP prog. This ping in cgroup /foo/bar should fail...\n");
|
2016-12-02 18:42:32 +08:00
|
|
|
assert(system(PING_CMD) != 0);
|
|
|
|
|
2017-12-01 01:02:29 +08:00
|
|
|
if (bpf_prog_attach(allow_prog, bar, BPF_CGROUP_INET_EGRESS,
|
|
|
|
BPF_F_ALLOW_OVERRIDE)) {
|
2016-12-02 18:42:32 +08:00
|
|
|
log_err("Attaching prog to /foo/bar");
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
2017-02-11 12:28:24 +08:00
|
|
|
printf("Attached PASS prog. This ping in cgroup /foo/bar should pass...\n");
|
2016-12-02 18:42:32 +08:00
|
|
|
assert(system(PING_CMD) == 0);
|
|
|
|
|
|
|
|
if (bpf_prog_detach(bar, BPF_CGROUP_INET_EGRESS)) {
|
|
|
|
log_err("Detaching program from /foo/bar");
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
2017-02-11 12:28:24 +08:00
|
|
|
printf("Detached PASS from /foo/bar while DROP is attached to /foo.\n"
|
|
|
|
"This ping in cgroup /foo/bar should fail...\n");
|
2016-12-02 18:42:32 +08:00
|
|
|
assert(system(PING_CMD) != 0);
|
|
|
|
|
2017-12-01 01:02:29 +08:00
|
|
|
if (bpf_prog_attach(allow_prog, bar, BPF_CGROUP_INET_EGRESS,
|
|
|
|
BPF_F_ALLOW_OVERRIDE)) {
|
2016-12-02 18:42:32 +08:00
|
|
|
log_err("Attaching prog to /foo/bar");
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (bpf_prog_detach(foo, BPF_CGROUP_INET_EGRESS)) {
|
|
|
|
log_err("Detaching program from /foo");
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
2017-02-11 12:28:24 +08:00
|
|
|
printf("Attached PASS from /foo/bar and detached DROP from /foo.\n"
|
|
|
|
"This ping in cgroup /foo/bar should pass...\n");
|
2016-12-02 18:42:32 +08:00
|
|
|
assert(system(PING_CMD) == 0);
|
|
|
|
|
2017-12-01 01:02:29 +08:00
|
|
|
if (bpf_prog_attach(allow_prog, bar, BPF_CGROUP_INET_EGRESS,
|
|
|
|
BPF_F_ALLOW_OVERRIDE)) {
|
2017-02-11 12:28:24 +08:00
|
|
|
log_err("Attaching prog to /foo/bar");
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!bpf_prog_attach(allow_prog, bar, BPF_CGROUP_INET_EGRESS, 0)) {
|
|
|
|
errno = 0;
|
|
|
|
log_err("Unexpected success attaching prog to /foo/bar");
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (bpf_prog_detach(bar, BPF_CGROUP_INET_EGRESS)) {
|
|
|
|
log_err("Detaching program from /foo/bar");
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!bpf_prog_detach(foo, BPF_CGROUP_INET_EGRESS)) {
|
|
|
|
errno = 0;
|
|
|
|
log_err("Unexpected success in double detach from /foo");
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (bpf_prog_attach(allow_prog, foo, BPF_CGROUP_INET_EGRESS, 0)) {
|
|
|
|
log_err("Attaching non-overridable prog to /foo");
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!bpf_prog_attach(allow_prog, bar, BPF_CGROUP_INET_EGRESS, 0)) {
|
|
|
|
errno = 0;
|
|
|
|
log_err("Unexpected success attaching non-overridable prog to /foo/bar");
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
2017-12-01 01:02:29 +08:00
|
|
|
if (!bpf_prog_attach(allow_prog, bar, BPF_CGROUP_INET_EGRESS,
|
|
|
|
BPF_F_ALLOW_OVERRIDE)) {
|
2017-02-11 12:28:24 +08:00
|
|
|
errno = 0;
|
|
|
|
log_err("Unexpected success attaching overridable prog to /foo/bar");
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
2017-12-01 01:02:29 +08:00
|
|
|
if (!bpf_prog_attach(allow_prog, foo, BPF_CGROUP_INET_EGRESS,
|
|
|
|
BPF_F_ALLOW_OVERRIDE)) {
|
2017-02-11 12:28:24 +08:00
|
|
|
errno = 0;
|
|
|
|
log_err("Unexpected success attaching overridable prog to /foo");
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (bpf_prog_attach(drop_prog, foo, BPF_CGROUP_INET_EGRESS, 0)) {
|
|
|
|
log_err("Attaching different non-overridable prog to /foo");
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
2016-12-02 18:42:32 +08:00
|
|
|
goto out;
|
|
|
|
|
|
|
|
err:
|
|
|
|
rc = 1;
|
|
|
|
|
|
|
|
out:
|
|
|
|
close(foo);
|
|
|
|
close(bar);
|
|
|
|
cleanup_cgroup_environment();
|
2017-02-11 12:28:24 +08:00
|
|
|
if (!rc)
|
samples/bpf: add multi-prog cgroup test case
create 5 cgroups, attach 6 progs and check that progs are executed as:
cgrp1 (MULTI progs A, B) ->
cgrp2 (OVERRIDE prog C) ->
cgrp3 (MULTI prog D) ->
cgrp4 (OVERRIDE prog E) ->
cgrp5 (NONE prog F)
the event in cgrp5 triggers execution of F,D,A,B in that order.
if prog F is detached, the execution is E,D,A,B
if prog F and D are detached, the execution is E,A,B
if prog F, E and D are detached, the execution is C,A,B
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-10-03 13:50:25 +08:00
|
|
|
printf("### override:PASS\n");
|
|
|
|
else
|
|
|
|
printf("### override:FAIL\n");
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int map_fd = -1;
|
|
|
|
|
|
|
|
static int prog_load_cnt(int verdict, int val)
|
|
|
|
{
|
2018-08-03 05:27:30 +08:00
|
|
|
int cgroup_storage_fd;
|
|
|
|
|
samples/bpf: add multi-prog cgroup test case
create 5 cgroups, attach 6 progs and check that progs are executed as:
cgrp1 (MULTI progs A, B) ->
cgrp2 (OVERRIDE prog C) ->
cgrp3 (MULTI prog D) ->
cgrp4 (OVERRIDE prog E) ->
cgrp5 (NONE prog F)
the event in cgrp5 triggers execution of F,D,A,B in that order.
if prog F is detached, the execution is E,D,A,B
if prog F and D are detached, the execution is E,A,B
if prog F, E and D are detached, the execution is C,A,B
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-10-03 13:50:25 +08:00
|
|
|
if (map_fd < 0)
|
|
|
|
map_fd = bpf_create_map(BPF_MAP_TYPE_ARRAY, 4, 8, 1, 0);
|
|
|
|
if (map_fd < 0) {
|
|
|
|
printf("failed to create map '%s'\n", strerror(errno));
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2018-08-03 05:27:30 +08:00
|
|
|
cgroup_storage_fd = bpf_create_map(BPF_MAP_TYPE_CGROUP_STORAGE,
|
|
|
|
sizeof(struct bpf_cgroup_storage_key), 8, 0, 0);
|
|
|
|
if (cgroup_storage_fd < 0) {
|
|
|
|
printf("failed to create map '%s'\n", strerror(errno));
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
samples/bpf: add multi-prog cgroup test case
create 5 cgroups, attach 6 progs and check that progs are executed as:
cgrp1 (MULTI progs A, B) ->
cgrp2 (OVERRIDE prog C) ->
cgrp3 (MULTI prog D) ->
cgrp4 (OVERRIDE prog E) ->
cgrp5 (NONE prog F)
the event in cgrp5 triggers execution of F,D,A,B in that order.
if prog F is detached, the execution is E,D,A,B
if prog F and D are detached, the execution is E,A,B
if prog F, E and D are detached, the execution is C,A,B
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-10-03 13:50:25 +08:00
|
|
|
struct bpf_insn prog[] = {
|
|
|
|
BPF_MOV32_IMM(BPF_REG_0, 0),
|
|
|
|
BPF_STX_MEM(BPF_W, BPF_REG_10, BPF_REG_0, -4), /* *(u32 *)(fp - 4) = r0 */
|
|
|
|
BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
|
|
|
|
BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4), /* r2 = fp - 4 */
|
|
|
|
BPF_LD_MAP_FD(BPF_REG_1, map_fd),
|
|
|
|
BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
|
|
|
|
BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 2),
|
|
|
|
BPF_MOV64_IMM(BPF_REG_1, val), /* r1 = 1 */
|
|
|
|
BPF_RAW_INSN(BPF_STX | BPF_XADD | BPF_DW, BPF_REG_0, BPF_REG_1, 0, 0), /* xadd r0 += r1 */
|
2018-08-03 05:27:30 +08:00
|
|
|
BPF_LD_MAP_FD(BPF_REG_1, cgroup_storage_fd),
|
|
|
|
BPF_MOV64_IMM(BPF_REG_2, 0),
|
|
|
|
BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_get_local_storage),
|
|
|
|
BPF_MOV64_IMM(BPF_REG_1, val),
|
|
|
|
BPF_RAW_INSN(BPF_STX | BPF_XADD | BPF_W, BPF_REG_0, BPF_REG_1, 0, 0),
|
samples/bpf: add multi-prog cgroup test case
create 5 cgroups, attach 6 progs and check that progs are executed as:
cgrp1 (MULTI progs A, B) ->
cgrp2 (OVERRIDE prog C) ->
cgrp3 (MULTI prog D) ->
cgrp4 (OVERRIDE prog E) ->
cgrp5 (NONE prog F)
the event in cgrp5 triggers execution of F,D,A,B in that order.
if prog F is detached, the execution is E,D,A,B
if prog F and D are detached, the execution is E,A,B
if prog F, E and D are detached, the execution is C,A,B
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-10-03 13:50:25 +08:00
|
|
|
BPF_MOV64_IMM(BPF_REG_0, verdict), /* r0 = verdict */
|
|
|
|
BPF_EXIT_INSN(),
|
|
|
|
};
|
|
|
|
size_t insns_cnt = sizeof(prog) / sizeof(struct bpf_insn);
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
ret = bpf_load_program(BPF_PROG_TYPE_CGROUP_SKB,
|
|
|
|
prog, insns_cnt, "GPL", 0,
|
|
|
|
bpf_log_buf, BPF_LOG_BUF_SIZE);
|
|
|
|
|
|
|
|
if (ret < 0) {
|
|
|
|
log_err("Loading program");
|
|
|
|
printf("Output from verifier:\n%s\n-------\n", bpf_log_buf);
|
|
|
|
return 0;
|
|
|
|
}
|
2018-08-03 05:27:30 +08:00
|
|
|
close(cgroup_storage_fd);
|
samples/bpf: add multi-prog cgroup test case
create 5 cgroups, attach 6 progs and check that progs are executed as:
cgrp1 (MULTI progs A, B) ->
cgrp2 (OVERRIDE prog C) ->
cgrp3 (MULTI prog D) ->
cgrp4 (OVERRIDE prog E) ->
cgrp5 (NONE prog F)
the event in cgrp5 triggers execution of F,D,A,B in that order.
if prog F is detached, the execution is E,D,A,B
if prog F and D are detached, the execution is E,A,B
if prog F, E and D are detached, the execution is C,A,B
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-10-03 13:50:25 +08:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int test_multiprog(void)
|
|
|
|
{
|
2017-10-03 13:50:28 +08:00
|
|
|
__u32 prog_ids[4], prog_cnt = 0, attach_flags, saved_prog_id;
|
samples/bpf: add multi-prog cgroup test case
create 5 cgroups, attach 6 progs and check that progs are executed as:
cgrp1 (MULTI progs A, B) ->
cgrp2 (OVERRIDE prog C) ->
cgrp3 (MULTI prog D) ->
cgrp4 (OVERRIDE prog E) ->
cgrp5 (NONE prog F)
the event in cgrp5 triggers execution of F,D,A,B in that order.
if prog F is detached, the execution is E,D,A,B
if prog F and D are detached, the execution is E,A,B
if prog F, E and D are detached, the execution is C,A,B
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-10-03 13:50:25 +08:00
|
|
|
int cg1 = 0, cg2 = 0, cg3 = 0, cg4 = 0, cg5 = 0, key = 0;
|
|
|
|
int drop_prog, allow_prog[6] = {}, rc = 0;
|
|
|
|
unsigned long long value;
|
|
|
|
int i = 0;
|
|
|
|
|
|
|
|
for (i = 0; i < 6; i++) {
|
|
|
|
allow_prog[i] = prog_load_cnt(1, 1 << i);
|
|
|
|
if (!allow_prog[i])
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
drop_prog = prog_load_cnt(0, 1);
|
|
|
|
if (!drop_prog)
|
|
|
|
goto err;
|
|
|
|
|
|
|
|
if (setup_cgroup_environment())
|
|
|
|
goto err;
|
|
|
|
|
|
|
|
cg1 = create_and_get_cgroup("/cg1");
|
|
|
|
if (!cg1)
|
|
|
|
goto err;
|
|
|
|
cg2 = create_and_get_cgroup("/cg1/cg2");
|
|
|
|
if (!cg2)
|
|
|
|
goto err;
|
|
|
|
cg3 = create_and_get_cgroup("/cg1/cg2/cg3");
|
|
|
|
if (!cg3)
|
|
|
|
goto err;
|
|
|
|
cg4 = create_and_get_cgroup("/cg1/cg2/cg3/cg4");
|
|
|
|
if (!cg4)
|
|
|
|
goto err;
|
|
|
|
cg5 = create_and_get_cgroup("/cg1/cg2/cg3/cg4/cg5");
|
|
|
|
if (!cg5)
|
|
|
|
goto err;
|
|
|
|
|
|
|
|
if (join_cgroup("/cg1/cg2/cg3/cg4/cg5"))
|
|
|
|
goto err;
|
|
|
|
|
2017-12-01 01:02:29 +08:00
|
|
|
if (bpf_prog_attach(allow_prog[0], cg1, BPF_CGROUP_INET_EGRESS,
|
|
|
|
BPF_F_ALLOW_MULTI)) {
|
samples/bpf: add multi-prog cgroup test case
create 5 cgroups, attach 6 progs and check that progs are executed as:
cgrp1 (MULTI progs A, B) ->
cgrp2 (OVERRIDE prog C) ->
cgrp3 (MULTI prog D) ->
cgrp4 (OVERRIDE prog E) ->
cgrp5 (NONE prog F)
the event in cgrp5 triggers execution of F,D,A,B in that order.
if prog F is detached, the execution is E,D,A,B
if prog F and D are detached, the execution is E,A,B
if prog F, E and D are detached, the execution is C,A,B
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-10-03 13:50:25 +08:00
|
|
|
log_err("Attaching prog to cg1");
|
|
|
|
goto err;
|
|
|
|
}
|
2017-12-01 01:02:29 +08:00
|
|
|
if (!bpf_prog_attach(allow_prog[0], cg1, BPF_CGROUP_INET_EGRESS,
|
|
|
|
BPF_F_ALLOW_MULTI)) {
|
samples/bpf: add multi-prog cgroup test case
create 5 cgroups, attach 6 progs and check that progs are executed as:
cgrp1 (MULTI progs A, B) ->
cgrp2 (OVERRIDE prog C) ->
cgrp3 (MULTI prog D) ->
cgrp4 (OVERRIDE prog E) ->
cgrp5 (NONE prog F)
the event in cgrp5 triggers execution of F,D,A,B in that order.
if prog F is detached, the execution is E,D,A,B
if prog F and D are detached, the execution is E,A,B
if prog F, E and D are detached, the execution is C,A,B
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-10-03 13:50:25 +08:00
|
|
|
log_err("Unexpected success attaching the same prog to cg1");
|
|
|
|
goto err;
|
|
|
|
}
|
2017-12-01 01:02:29 +08:00
|
|
|
if (bpf_prog_attach(allow_prog[1], cg1, BPF_CGROUP_INET_EGRESS,
|
|
|
|
BPF_F_ALLOW_MULTI)) {
|
samples/bpf: add multi-prog cgroup test case
create 5 cgroups, attach 6 progs and check that progs are executed as:
cgrp1 (MULTI progs A, B) ->
cgrp2 (OVERRIDE prog C) ->
cgrp3 (MULTI prog D) ->
cgrp4 (OVERRIDE prog E) ->
cgrp5 (NONE prog F)
the event in cgrp5 triggers execution of F,D,A,B in that order.
if prog F is detached, the execution is E,D,A,B
if prog F and D are detached, the execution is E,A,B
if prog F, E and D are detached, the execution is C,A,B
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-10-03 13:50:25 +08:00
|
|
|
log_err("Attaching prog2 to cg1");
|
|
|
|
goto err;
|
|
|
|
}
|
2017-12-01 01:02:29 +08:00
|
|
|
if (bpf_prog_attach(allow_prog[2], cg2, BPF_CGROUP_INET_EGRESS,
|
|
|
|
BPF_F_ALLOW_OVERRIDE)) {
|
samples/bpf: add multi-prog cgroup test case
create 5 cgroups, attach 6 progs and check that progs are executed as:
cgrp1 (MULTI progs A, B) ->
cgrp2 (OVERRIDE prog C) ->
cgrp3 (MULTI prog D) ->
cgrp4 (OVERRIDE prog E) ->
cgrp5 (NONE prog F)
the event in cgrp5 triggers execution of F,D,A,B in that order.
if prog F is detached, the execution is E,D,A,B
if prog F and D are detached, the execution is E,A,B
if prog F, E and D are detached, the execution is C,A,B
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-10-03 13:50:25 +08:00
|
|
|
log_err("Attaching prog to cg2");
|
|
|
|
goto err;
|
|
|
|
}
|
2017-12-01 01:02:29 +08:00
|
|
|
if (bpf_prog_attach(allow_prog[3], cg3, BPF_CGROUP_INET_EGRESS,
|
|
|
|
BPF_F_ALLOW_MULTI)) {
|
samples/bpf: add multi-prog cgroup test case
create 5 cgroups, attach 6 progs and check that progs are executed as:
cgrp1 (MULTI progs A, B) ->
cgrp2 (OVERRIDE prog C) ->
cgrp3 (MULTI prog D) ->
cgrp4 (OVERRIDE prog E) ->
cgrp5 (NONE prog F)
the event in cgrp5 triggers execution of F,D,A,B in that order.
if prog F is detached, the execution is E,D,A,B
if prog F and D are detached, the execution is E,A,B
if prog F, E and D are detached, the execution is C,A,B
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-10-03 13:50:25 +08:00
|
|
|
log_err("Attaching prog to cg3");
|
|
|
|
goto err;
|
|
|
|
}
|
2017-12-01 01:02:29 +08:00
|
|
|
if (bpf_prog_attach(allow_prog[4], cg4, BPF_CGROUP_INET_EGRESS,
|
|
|
|
BPF_F_ALLOW_OVERRIDE)) {
|
samples/bpf: add multi-prog cgroup test case
create 5 cgroups, attach 6 progs and check that progs are executed as:
cgrp1 (MULTI progs A, B) ->
cgrp2 (OVERRIDE prog C) ->
cgrp3 (MULTI prog D) ->
cgrp4 (OVERRIDE prog E) ->
cgrp5 (NONE prog F)
the event in cgrp5 triggers execution of F,D,A,B in that order.
if prog F is detached, the execution is E,D,A,B
if prog F and D are detached, the execution is E,A,B
if prog F, E and D are detached, the execution is C,A,B
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-10-03 13:50:25 +08:00
|
|
|
log_err("Attaching prog to cg4");
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
if (bpf_prog_attach(allow_prog[5], cg5, BPF_CGROUP_INET_EGRESS, 0)) {
|
|
|
|
log_err("Attaching prog to cg5");
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
assert(system(PING_CMD) == 0);
|
|
|
|
assert(bpf_map_lookup_elem(map_fd, &key, &value) == 0);
|
|
|
|
assert(value == 1 + 2 + 8 + 32);
|
|
|
|
|
2017-10-03 13:50:28 +08:00
|
|
|
/* query the number of effective progs in cg5 */
|
|
|
|
assert(bpf_prog_query(cg5, BPF_CGROUP_INET_EGRESS, BPF_F_QUERY_EFFECTIVE,
|
|
|
|
NULL, NULL, &prog_cnt) == 0);
|
|
|
|
assert(prog_cnt == 4);
|
|
|
|
/* retrieve prog_ids of effective progs in cg5 */
|
|
|
|
assert(bpf_prog_query(cg5, BPF_CGROUP_INET_EGRESS, BPF_F_QUERY_EFFECTIVE,
|
|
|
|
&attach_flags, prog_ids, &prog_cnt) == 0);
|
|
|
|
assert(prog_cnt == 4);
|
|
|
|
assert(attach_flags == 0);
|
|
|
|
saved_prog_id = prog_ids[0];
|
|
|
|
/* check enospc handling */
|
|
|
|
prog_ids[0] = 0;
|
|
|
|
prog_cnt = 2;
|
|
|
|
assert(bpf_prog_query(cg5, BPF_CGROUP_INET_EGRESS, BPF_F_QUERY_EFFECTIVE,
|
|
|
|
&attach_flags, prog_ids, &prog_cnt) == -1 &&
|
|
|
|
errno == ENOSPC);
|
|
|
|
assert(prog_cnt == 4);
|
|
|
|
/* check that prog_ids are returned even when buffer is too small */
|
|
|
|
assert(prog_ids[0] == saved_prog_id);
|
|
|
|
/* retrieve prog_id of single attached prog in cg5 */
|
|
|
|
prog_ids[0] = 0;
|
|
|
|
assert(bpf_prog_query(cg5, BPF_CGROUP_INET_EGRESS, 0,
|
|
|
|
NULL, prog_ids, &prog_cnt) == 0);
|
|
|
|
assert(prog_cnt == 1);
|
|
|
|
assert(prog_ids[0] == saved_prog_id);
|
|
|
|
|
samples/bpf: add multi-prog cgroup test case
create 5 cgroups, attach 6 progs and check that progs are executed as:
cgrp1 (MULTI progs A, B) ->
cgrp2 (OVERRIDE prog C) ->
cgrp3 (MULTI prog D) ->
cgrp4 (OVERRIDE prog E) ->
cgrp5 (NONE prog F)
the event in cgrp5 triggers execution of F,D,A,B in that order.
if prog F is detached, the execution is E,D,A,B
if prog F and D are detached, the execution is E,A,B
if prog F, E and D are detached, the execution is C,A,B
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-10-03 13:50:25 +08:00
|
|
|
/* detach bottom program and ping again */
|
|
|
|
if (bpf_prog_detach2(-1, cg5, BPF_CGROUP_INET_EGRESS)) {
|
|
|
|
log_err("Detaching prog from cg5");
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
value = 0;
|
|
|
|
assert(bpf_map_update_elem(map_fd, &key, &value, 0) == 0);
|
|
|
|
assert(system(PING_CMD) == 0);
|
|
|
|
assert(bpf_map_lookup_elem(map_fd, &key, &value) == 0);
|
|
|
|
assert(value == 1 + 2 + 8 + 16);
|
|
|
|
|
|
|
|
/* detach 3rd from bottom program and ping again */
|
|
|
|
errno = 0;
|
|
|
|
if (!bpf_prog_detach2(0, cg3, BPF_CGROUP_INET_EGRESS)) {
|
|
|
|
log_err("Unexpected success on detach from cg3");
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
if (bpf_prog_detach2(allow_prog[3], cg3, BPF_CGROUP_INET_EGRESS)) {
|
|
|
|
log_err("Detaching from cg3");
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
value = 0;
|
|
|
|
assert(bpf_map_update_elem(map_fd, &key, &value, 0) == 0);
|
|
|
|
assert(system(PING_CMD) == 0);
|
|
|
|
assert(bpf_map_lookup_elem(map_fd, &key, &value) == 0);
|
|
|
|
assert(value == 1 + 2 + 16);
|
|
|
|
|
|
|
|
/* detach 2nd from bottom program and ping again */
|
|
|
|
if (bpf_prog_detach2(-1, cg4, BPF_CGROUP_INET_EGRESS)) {
|
|
|
|
log_err("Detaching prog from cg4");
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
value = 0;
|
|
|
|
assert(bpf_map_update_elem(map_fd, &key, &value, 0) == 0);
|
|
|
|
assert(system(PING_CMD) == 0);
|
|
|
|
assert(bpf_map_lookup_elem(map_fd, &key, &value) == 0);
|
|
|
|
assert(value == 1 + 2 + 4);
|
2017-10-03 13:50:28 +08:00
|
|
|
|
|
|
|
prog_cnt = 4;
|
|
|
|
assert(bpf_prog_query(cg5, BPF_CGROUP_INET_EGRESS, BPF_F_QUERY_EFFECTIVE,
|
|
|
|
&attach_flags, prog_ids, &prog_cnt) == 0);
|
|
|
|
assert(prog_cnt == 3);
|
|
|
|
assert(attach_flags == 0);
|
|
|
|
assert(bpf_prog_query(cg5, BPF_CGROUP_INET_EGRESS, 0,
|
|
|
|
NULL, prog_ids, &prog_cnt) == 0);
|
|
|
|
assert(prog_cnt == 0);
|
samples/bpf: add multi-prog cgroup test case
create 5 cgroups, attach 6 progs and check that progs are executed as:
cgrp1 (MULTI progs A, B) ->
cgrp2 (OVERRIDE prog C) ->
cgrp3 (MULTI prog D) ->
cgrp4 (OVERRIDE prog E) ->
cgrp5 (NONE prog F)
the event in cgrp5 triggers execution of F,D,A,B in that order.
if prog F is detached, the execution is E,D,A,B
if prog F and D are detached, the execution is E,A,B
if prog F, E and D are detached, the execution is C,A,B
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-10-03 13:50:25 +08:00
|
|
|
goto out;
|
|
|
|
err:
|
|
|
|
rc = 1;
|
|
|
|
|
|
|
|
out:
|
|
|
|
for (i = 0; i < 6; i++)
|
|
|
|
if (allow_prog[i] > 0)
|
|
|
|
close(allow_prog[i]);
|
|
|
|
close(cg1);
|
|
|
|
close(cg2);
|
|
|
|
close(cg3);
|
|
|
|
close(cg4);
|
|
|
|
close(cg5);
|
|
|
|
cleanup_cgroup_environment();
|
|
|
|
if (!rc)
|
|
|
|
printf("### multi:PASS\n");
|
2017-02-11 12:28:24 +08:00
|
|
|
else
|
samples/bpf: add multi-prog cgroup test case
create 5 cgroups, attach 6 progs and check that progs are executed as:
cgrp1 (MULTI progs A, B) ->
cgrp2 (OVERRIDE prog C) ->
cgrp3 (MULTI prog D) ->
cgrp4 (OVERRIDE prog E) ->
cgrp5 (NONE prog F)
the event in cgrp5 triggers execution of F,D,A,B in that order.
if prog F is detached, the execution is E,D,A,B
if prog F and D are detached, the execution is E,A,B
if prog F, E and D are detached, the execution is C,A,B
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-10-03 13:50:25 +08:00
|
|
|
printf("### multi:FAIL\n");
|
2016-12-02 18:42:32 +08:00
|
|
|
return rc;
|
|
|
|
}
|
samples/bpf: add multi-prog cgroup test case
create 5 cgroups, attach 6 progs and check that progs are executed as:
cgrp1 (MULTI progs A, B) ->
cgrp2 (OVERRIDE prog C) ->
cgrp3 (MULTI prog D) ->
cgrp4 (OVERRIDE prog E) ->
cgrp5 (NONE prog F)
the event in cgrp5 triggers execution of F,D,A,B in that order.
if prog F is detached, the execution is E,D,A,B
if prog F and D are detached, the execution is E,A,B
if prog F, E and D are detached, the execution is C,A,B
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-10-03 13:50:25 +08:00
|
|
|
|
|
|
|
int main(int argc, char **argv)
|
|
|
|
{
|
|
|
|
int rc = 0;
|
|
|
|
|
|
|
|
rc = test_foo_bar();
|
|
|
|
if (rc)
|
|
|
|
return rc;
|
|
|
|
|
|
|
|
return test_multiprog();
|
|
|
|
}
|