cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

test_dev_cgroup.c (2094B)

      1// SPDX-License-Identifier: GPL-2.0-only
      2/* Copyright (c) 2017 Facebook
      3 */
      4
      5#include <stdio.h>
      6#include <stdlib.h>
      7#include <string.h>
      8#include <errno.h>
      9#include <assert.h>
     10#include <sys/time.h>
     11
     12#include <linux/bpf.h>
     13#include <bpf/bpf.h>
     14#include <bpf/libbpf.h>
     15
     16#include "cgroup_helpers.h"
     17#include "testing_helpers.h"
     18
     19#define DEV_CGROUP_PROG "./dev_cgroup.o"
     20
     21#define TEST_CGROUP "/test-bpf-based-device-cgroup/"
     22
     23int main(int argc, char **argv)
     24{
     25	struct bpf_object *obj;
     26	int error = EXIT_FAILURE;
     27	int prog_fd, cgroup_fd;
     28	__u32 prog_cnt;
     29
     30	/* Use libbpf 1.0 API mode */
     31	libbpf_set_strict_mode(LIBBPF_STRICT_ALL);
     32
     33	if (bpf_prog_test_load(DEV_CGROUP_PROG, BPF_PROG_TYPE_CGROUP_DEVICE,
     34			  &obj, &prog_fd)) {
     35		printf("Failed to load DEV_CGROUP program\n");
     36		goto out;
     37	}
     38
     39	cgroup_fd = cgroup_setup_and_join(TEST_CGROUP);
     40	if (cgroup_fd < 0) {
     41		printf("Failed to create test cgroup\n");
     42		goto out;
     43	}
     44
     45	/* Attach bpf program */
     46	if (bpf_prog_attach(prog_fd, cgroup_fd, BPF_CGROUP_DEVICE, 0)) {
     47		printf("Failed to attach DEV_CGROUP program");
     48		goto err;
     49	}
     50
     51	if (bpf_prog_query(cgroup_fd, BPF_CGROUP_DEVICE, 0, NULL, NULL,
     52			   &prog_cnt)) {
     53		printf("Failed to query attached programs");
     54		goto err;
     55	}
     56
     57	/* All operations with /dev/zero and and /dev/urandom are allowed,
     58	 * everything else is forbidden.
     59	 */
     60	assert(system("rm -f /tmp/test_dev_cgroup_null") == 0);
     61	assert(system("mknod /tmp/test_dev_cgroup_null c 1 3"));
     62	assert(system("rm -f /tmp/test_dev_cgroup_null") == 0);
     63
     64	/* /dev/zero is whitelisted */
     65	assert(system("rm -f /tmp/test_dev_cgroup_zero") == 0);
     66	assert(system("mknod /tmp/test_dev_cgroup_zero c 1 5") == 0);
     67	assert(system("rm -f /tmp/test_dev_cgroup_zero") == 0);
     68
     69	assert(system("dd if=/dev/urandom of=/dev/zero count=64") == 0);
     70
     71	/* src is allowed, target is forbidden */
     72	assert(system("dd if=/dev/urandom of=/dev/full count=64"));
     73
     74	/* src is forbidden, target is allowed */
     75	assert(system("dd if=/dev/random of=/dev/zero count=64"));
     76
     77	error = 0;
     78	printf("test_dev_cgroup:PASS\n");
     79
     80err:
     81	cleanup_cgroup_environment();
     82
     83out:
     84	return error;
     85}