tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

selftests/bpf: do not disable /dev/null device access in cgroup dev test

test_dev_cgroup currently loads a small bpf program allowing any access on
urandom and zero devices, disabling access to any other device. It makes
migrating this test to test_progs impossible, since this one manipulates
extensively /dev/null.

Allow /dev/null manipulation in dev_cgroup program to make its usage in
test_progs framework possible. Update test_dev_cgroup.c as well to match
this change while it has not been removed.

Reviewed-by: Alan Maguire <alan.maguire@oracle.com>
Acked-by: Stanislav Fomichev <sdf@fomichev.me>
Signed-off-by: Alexis Lothoré (eBPF Foundation) <alexis.lothore@bootlin.com>
Link: https://lore.kernel.org/r/20240731-convert_dev_cgroup-v4-1-849425d90de6@bootlin.com
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>

authored by

Alexis Lothoré (eBPF Foundation) and committed by
Martin KaFai Lau ba6a9018 92cc2456

+11 -11
+2 -2
tools/testing/selftests/bpf/progs/dev_cgroup.c
··· 41 41 bpf_trace_printk(fmt, sizeof(fmt), ctx->major, ctx->minor); 42 42 #endif 43 43 44 - /* Allow access to /dev/zero and /dev/random. 44 + /* Allow access to /dev/null and /dev/urandom. 45 45 * Forbid everything else. 46 46 */ 47 47 if (ctx->major != 1 || type != BPF_DEVCG_DEV_CHAR) 48 48 return 0; 49 49 50 50 switch (ctx->minor) { 51 - case 5: /* 1:5 /dev/zero */ 51 + case 3: /* 1:3 /dev/null */ 52 52 case 9: /* 1:9 /dev/urandom */ 53 53 return 1; 54 54 }
+9 -9
tools/testing/selftests/bpf/test_dev_cgroup.c
··· 54 54 goto err; 55 55 } 56 56 57 - /* All operations with /dev/zero and and /dev/urandom are allowed, 57 + /* All operations with /dev/null and /dev/urandom are allowed, 58 58 * everything else is forbidden. 59 59 */ 60 - assert(system("rm -f /tmp/test_dev_cgroup_null") == 0); 61 - assert(system("mknod /tmp/test_dev_cgroup_null c 1 3")); 62 - assert(system("rm -f /tmp/test_dev_cgroup_null") == 0); 63 - 64 - /* /dev/zero is whitelisted */ 65 60 assert(system("rm -f /tmp/test_dev_cgroup_zero") == 0); 66 - assert(system("mknod /tmp/test_dev_cgroup_zero c 1 5") == 0); 61 + assert(system("mknod /tmp/test_dev_cgroup_zero c 1 5")); 67 62 assert(system("rm -f /tmp/test_dev_cgroup_zero") == 0); 68 63 69 - assert(system("dd if=/dev/urandom of=/dev/zero count=64") == 0); 64 + /* /dev/null is whitelisted */ 65 + assert(system("rm -f /tmp/test_dev_cgroup_null") == 0); 66 + assert(system("mknod /tmp/test_dev_cgroup_null c 1 3") == 0); 67 + assert(system("rm -f /tmp/test_dev_cgroup_null") == 0); 68 + 69 + assert(system("dd if=/dev/urandom of=/dev/null count=64") == 0); 70 70 71 71 /* src is allowed, target is forbidden */ 72 72 assert(system("dd if=/dev/urandom of=/dev/full count=64")); 73 73 74 74 /* src is forbidden, target is allowed */ 75 - assert(system("dd if=/dev/random of=/dev/zero count=64")); 75 + assert(system("dd if=/dev/random of=/dev/null count=64")); 76 76 77 77 error = 0; 78 78 printf("test_dev_cgroup:PASS\n");