Re: [PATCH net-next v5 3/3] samples/bpf: Add test_current_task_under_cgroup test

Fri, 12 Aug 2016 09:10:37 -0700 

On Fri, Aug 12, 2016 at 08:57:04AM -0700, Sargun Dhillon wrote:
> This test has a BPF program which writes the last known pid to call the
> sync syscall within a given cgroup to a map.
> 
> The user mode program creates its own mount namespace, and mounts the
> cgroupsv2  hierarchy in there, as on all current test systems
> (Ubuntu 16.04, Debian), the cgroupsv2 vfs is unmounted by default.
> Once it does this, it proceeds to test.
> 
> The test checks for positive and negative condition. It ensures that
> when it's part of a given cgroup, its pid is captured in the map,
> and that when it leaves the cgroup, this doesn't happen.
> 
> It populate a cgroups arraymap prior to execution in userspace. This means
> that the program must be run in the same cgroups namespace as the programs
> that are being traced.
> 
> Signed-off-by: Sargun Dhillon <[email protected]>
> Cc: Alexei Starovoitov <[email protected]>
> Cc: Daniel Borkmann <[email protected]>
> Cc: Tejun Heo <[email protected]>

I don't think there is much value explicitly adding 'cc:' to commit log.

> +     if (join_cgroup("/mnt/my-cgroup")) {
> +             log_err("Leaving target cgroup");
> +             goto cleanup_cgroup_err;
> +     }
> +
> +     /*
> +      * The installed helper program catched the sync call, and should
> +      * write it to the map.
> +      */
> +
> +     sync();
> +     bpf_lookup_elem(map_fd[1], &idx, &remote_pid);
> +
> +     if (local_pid != remote_pid) {
> +             fprintf(stderr,
> +                     "BPF Helper didn't write correct PID to map, but: %d\n",
> +                     remote_pid);
> +             goto leave_cgroup_err;
> +     }
> +
> +     /* Verify the negative scenario; leave the cgroup */
> +     if (join_cgroup(CGROUP_MOUNT_PATH))
> +             goto leave_cgroup_err;
> +
> +     remote_pid = 0;
> +     bpf_update_elem(map_fd[1], &idx, &remote_pid, BPF_ANY);
> +
> +     sync();
> +     bpf_lookup_elem(map_fd[1], &idx, &remote_pid);
> +
> +     if (local_pid == remote_pid) {
> +             fprintf(stderr, "BPF cgroup negative test did not work\n");
> +             goto cleanup_cgroup_err;
> +     }
> +
> +     rmdir(CGROUP_PATH);
> +     return 0;

Nice test. Thanks
Acked-by: Alexei Starovoitov <[email protected]>

Reply via email to