On 8/6/24 12:55 AM, Alexis Lothoré (eBPF Foundation) wrote:
diff --git a/tools/testing/selftests/bpf/prog_tests/cgroup_ancestor.c b/tools/testing/selftests/bpf/prog_tests/cgroup_ancestor.c new file mode 100644 index 000000000000..4e41463533c0 --- /dev/null +++ b/tools/testing/selftests/bpf/prog_tests/cgroup_ancestor.c @@ -0,0 +1,154 @@ +// SPDX-License-Identifier: GPL-2.0 + +#include "test_progs.h" +#include "network_helpers.h" +#include "cgroup_helpers.h" +#include "cgroup_ancestor.skel.h" + +#define VETH_PREFIX "test_cgid_" +#define VETH_1 VETH_PREFIX "1" +#define VETH_2 VETH_PREFIX "2" +#define CGROUP_PATH "/skb_cgroup_test" +#define NUM_CGROUP_LEVELS 4 +#define WAIT_AUTO_IP_MAX_ATTEMPT 10 +#define DST_ADDR "ff02::1" +#define DST_PORT 1234 +#define MAX_ASSERT_NAME 32 + +struct test_data { + struct cgroup_ancestor *skel; + struct bpf_tc_hook qdisc; + struct bpf_tc_opts tc_attach; +}; + +static int send_datagram(void) +{ + unsigned char buf[] = "some random test data"; + struct sockaddr_in6 addr = { .sin6_family = AF_INET6, + .sin6_port = htons(DST_PORT), + .sin6_scope_id = if_nametoindex(VETH_1) }; + int sock, n; + + if (!ASSERT_EQ(inet_pton(AF_INET6, DST_ADDR, &addr.sin6_addr), 1, + "inet_pton")) + return -1; + + sock = socket(AF_INET6, SOCK_DGRAM, 0);
sock is leaked.
+ if (!ASSERT_OK_FD(sock, "create socket")) + return sock; + + n = sendto(sock, buf, sizeof(buf), 0, (const struct sockaddr *)&addr, + sizeof(addr)); + if (!ASSERT_EQ(n, sizeof(buf), "send data")) + return n; + + return 0; +} + +static int wait_local_ip(void) +{ + char *ping_cmd = ping_command(AF_INET6); + int i, err; + + for (i = 0; i < WAIT_AUTO_IP_MAX_ATTEMPT; i++) { + err = SYS_NOFAIL("%s -c 1 -W 1 %s%%%s", ping_cmd, DST_ADDR, + VETH_1); + if (!err) + break; + } + + return err; +} + +static int setup_network(struct test_data *t) +{ + int ret; + + SYS(fail, "ip link add dev %s type veth peer name %s", VETH_1, VETH_2); + SYS(fail, "ip link set %s up", VETH_1); + SYS(fail, "ip link set %s up", VETH_2);
Same. Do it under a new netns.
+ + ret = wait_local_ip(); + if (!ASSERT_EQ(ret, 0, "wait local ip")) + goto fail; + + memset(&t->qdisc, 0, sizeof(t->qdisc)); + t->qdisc.sz = sizeof(t->qdisc); + t->qdisc.attach_point = BPF_TC_EGRESS; + t->qdisc.ifindex = if_nametoindex(VETH_1); + if (!ASSERT_NEQ(t->qdisc.ifindex, 0, "if_nametoindex")) + goto cleanup_interfaces; + if (!ASSERT_OK(bpf_tc_hook_create(&t->qdisc), "qdisc add")) + goto cleanup_interfaces; + + memset(&t->tc_attach, 0, sizeof(t->tc_attach)); + t->tc_attach.sz = sizeof(t->tc_attach); + t->tc_attach.prog_fd = bpf_program__fd(t->skel->progs.log_cgroup_id); + if (!ASSERT_OK(bpf_tc_attach(&t->qdisc, &t->tc_attach), "filter add")) + goto cleanup_qdisc; + + return 0; + +cleanup_qdisc: + bpf_tc_hook_destroy(&t->qdisc); +cleanup_interfaces: + SYS_NOFAIL("ip link del %s", VETH_1); +fail: + return 1; +} + +static void cleanup_network(struct test_data *t) +{ + bpf_tc_detach(&t->qdisc, &t->tc_attach); + bpf_tc_hook_destroy(&t->qdisc); + /* Deleting first interface will also delete peer interface */ + SYS_NOFAIL("ip link del %s", VETH_1); +} + +static void check_ancestors_ids(struct test_data *t) +{ + __u64 expected_ids[NUM_CGROUP_LEVELS]; + char assert_name[MAX_ASSERT_NAME]; + __u32 level; + + expected_ids[0] = get_cgroup_id("/.."); /* root cgroup */ + expected_ids[1] = get_cgroup_id(""); + expected_ids[2] = get_cgroup_id(CGROUP_PATH); + expected_ids[3] = 0; /* non-existent cgroup */ + + for (level = 0; level < NUM_CGROUP_LEVELS; level++) { + snprintf(assert_name, MAX_ASSERT_NAME, + "ancestor id at level %d", level); + ASSERT_EQ(t->skel->bss->cgroup_ids[level], expected_ids[level], + assert_name); + } +} + +void test_cgroup_ancestor(void) +{ + struct test_data t; + int cgroup_fd; + + t.skel = cgroup_ancestor__open_and_load(); + if (!ASSERT_OK_PTR(t.skel, "open and load")) + return; + + if (setup_network(&t)) + goto cleanup_progs; + + cgroup_fd = cgroup_setup_and_join(CGROUP_PATH);
cgroup_fd is leaked. Thanks for working on this.
+ if (cgroup_fd < 0) + goto cleanup_network; + + if (send_datagram()) + goto cleanup_cgroups; + + check_ancestors_ids(&t); + +cleanup_cgroups: + cleanup_cgroup_environment(); +cleanup_network: + cleanup_network(&t); +cleanup_progs: + cgroup_ancestor__destroy(t.skel); +}