1// SPDX-License-Identifier: GPL-2.0
2
3#include <test_progs.h>
4
5#include "cgroup_helpers.h"
6
7#define FOO		"/foo"
8#define BAR		"/foo/bar/"
9#define PING_CMD	"ping -q -c1 -w1 127.0.0.1 > /dev/null"
10
11static char bpf_log_buf[BPF_LOG_BUF_SIZE];
12
13static int prog_load(int verdict)
14{
15	struct bpf_insn prog[] = {
16		BPF_MOV64_IMM(BPF_REG_0, verdict), /* r0 = verdict */
17		BPF_EXIT_INSN(),
18	};
19	size_t insns_cnt = ARRAY_SIZE(prog);
20
21	return bpf_test_load_program(BPF_PROG_TYPE_CGROUP_SKB,
22			       prog, insns_cnt, "GPL", 0,
23			       bpf_log_buf, BPF_LOG_BUF_SIZE);
24}
25
26void serial_test_cgroup_attach_override(void)
27{
28	int drop_prog = -1, allow_prog = -1, foo = -1, bar = -1;
29	__u32 duration = 0;
30
31	allow_prog = prog_load(1);
32	if (CHECK(allow_prog < 0, "prog_load_allow",
33		  "verifier output:\n%s\n-------\n", bpf_log_buf))
34		goto err;
35
36	drop_prog = prog_load(0);
37	if (CHECK(drop_prog < 0, "prog_load_drop",
38		  "verifier output:\n%s\n-------\n", bpf_log_buf))
39		goto err;
40
41	foo = test__join_cgroup(FOO);
42	if (CHECK(foo < 0, "cgroup_join_foo", "cgroup setup failed\n"))
43		goto err;
44
45	if (CHECK(bpf_prog_attach(drop_prog, foo, BPF_CGROUP_INET_EGRESS,
46				  BPF_F_ALLOW_OVERRIDE),
47		  "prog_attach_drop_foo_override",
48		  "attach prog to %s failed, errno=%d\n", FOO, errno))
49		goto err;
50
51	if (CHECK(!system(PING_CMD), "ping_fail",
52		  "ping unexpectedly succeeded\n"))
53		goto err;
54
55	bar = test__join_cgroup(BAR);
56	if (CHECK(bar < 0, "cgroup_join_bar", "cgroup setup failed\n"))
57		goto err;
58
59	if (CHECK(!system(PING_CMD), "ping_fail",
60		  "ping unexpectedly succeeded\n"))
61		goto err;
62
63	if (CHECK(bpf_prog_attach(allow_prog, bar, BPF_CGROUP_INET_EGRESS,
64				  BPF_F_ALLOW_OVERRIDE),
65		  "prog_attach_allow_bar_override",
66		  "attach prog to %s failed, errno=%d\n", BAR, errno))
67		goto err;
68
69	if (CHECK(system(PING_CMD), "ping_ok", "ping failed\n"))
70		goto err;
71
72	if (CHECK(bpf_prog_detach(bar, BPF_CGROUP_INET_EGRESS),
73		  "prog_detach_bar",
74		  "detach prog from %s failed, errno=%d\n", BAR, errno))
75		goto err;
76
77	if (CHECK(!system(PING_CMD), "ping_fail",
78		  "ping unexpectedly succeeded\n"))
79		goto err;
80
81	if (CHECK(bpf_prog_attach(allow_prog, bar, BPF_CGROUP_INET_EGRESS,
82				  BPF_F_ALLOW_OVERRIDE),
83		  "prog_attach_allow_bar_override",
84		  "attach prog to %s failed, errno=%d\n", BAR, errno))
85		goto err;
86
87	if (CHECK(bpf_prog_detach(foo, BPF_CGROUP_INET_EGRESS),
88		  "prog_detach_foo",
89		  "detach prog from %s failed, errno=%d\n", FOO, errno))
90		goto err;
91
92	if (CHECK(system(PING_CMD), "ping_ok", "ping failed\n"))
93		goto err;
94
95	if (CHECK(bpf_prog_attach(allow_prog, bar, BPF_CGROUP_INET_EGRESS,
96				  BPF_F_ALLOW_OVERRIDE),
97		  "prog_attach_allow_bar_override",
98		  "attach prog to %s failed, errno=%d\n", BAR, errno))
99		goto err;
100
101	if (CHECK(!bpf_prog_attach(allow_prog, bar, BPF_CGROUP_INET_EGRESS, 0),
102		  "fail_prog_attach_allow_bar_none",
103		  "attach prog to %s unexpectedly succeeded\n", BAR))
104		goto err;
105
106	if (CHECK(bpf_prog_detach(bar, BPF_CGROUP_INET_EGRESS),
107		  "prog_detach_bar",
108		  "detach prog from %s failed, errno=%d\n", BAR, errno))
109		goto err;
110
111	if (CHECK(!bpf_prog_detach(foo, BPF_CGROUP_INET_EGRESS),
112		  "fail_prog_detach_foo",
113		  "double detach from %s unexpectedly succeeded\n", FOO))
114		goto err;
115
116	if (CHECK(bpf_prog_attach(allow_prog, foo, BPF_CGROUP_INET_EGRESS, 0),
117		  "prog_attach_allow_foo_none",
118		  "attach prog to %s failed, errno=%d\n", FOO, errno))
119		goto err;
120
121	if (CHECK(!bpf_prog_attach(allow_prog, bar, BPF_CGROUP_INET_EGRESS, 0),
122		  "fail_prog_attach_allow_bar_none",
123		  "attach prog to %s unexpectedly succeeded\n", BAR))
124		goto err;
125
126	if (CHECK(!bpf_prog_attach(allow_prog, bar, BPF_CGROUP_INET_EGRESS,
127				   BPF_F_ALLOW_OVERRIDE),
128		  "fail_prog_attach_allow_bar_override",
129		  "attach prog to %s unexpectedly succeeded\n", BAR))
130		goto err;
131
132	if (CHECK(!bpf_prog_attach(allow_prog, foo, BPF_CGROUP_INET_EGRESS,
133				   BPF_F_ALLOW_OVERRIDE),
134		  "fail_prog_attach_allow_foo_override",
135		  "attach prog to %s unexpectedly succeeded\n", FOO))
136		goto err;
137
138	if (CHECK(bpf_prog_attach(drop_prog, foo, BPF_CGROUP_INET_EGRESS, 0),
139		  "prog_attach_drop_foo_none",
140		  "attach prog to %s failed, errno=%d\n", FOO, errno))
141		goto err;
142
143err:
144	close(foo);
145	close(bar);
146	close(allow_prog);
147	close(drop_prog);
148}
149