Commit | Line | Data |
---|---|---|
9e6e60ec SD |
1 | /* Copyright (c) 2016 Sargun Dhillon <sargun@sargun.me> |
2 | * | |
3 | * This program is free software; you can redistribute it and/or | |
4 | * modify it under the terms of version 2 of the GNU General Public | |
5 | * License as published by the Free Software Foundation. | |
6 | */ | |
7 | ||
8 | #define _GNU_SOURCE | |
9 | #include <stdio.h> | |
10 | #include <linux/bpf.h> | |
11 | #include <unistd.h> | |
12 | #include "libbpf.h" | |
13 | #include "bpf_load.h" | |
14 | #include <string.h> | |
15 | #include <fcntl.h> | |
16 | #include <errno.h> | |
17 | #include <linux/bpf.h> | |
18 | #include <sched.h> | |
19 | #include <sys/mount.h> | |
20 | #include <sys/stat.h> | |
21 | #include <sys/types.h> | |
22 | #include <linux/limits.h> | |
23 | ||
24 | #define CGROUP_MOUNT_PATH "/mnt" | |
25 | #define CGROUP_PATH "/mnt/my-cgroup" | |
26 | ||
27 | #define clean_errno() (errno == 0 ? "None" : strerror(errno)) | |
28 | #define log_err(MSG, ...) fprintf(stderr, "(%s:%d: errno: %s) " MSG "\n", \ | |
29 | __FILE__, __LINE__, clean_errno(), ##__VA_ARGS__) | |
30 | ||
31 | static int join_cgroup(char *path) | |
32 | { | |
33 | int fd, rc = 0; | |
34 | pid_t pid = getpid(); | |
35 | char cgroup_path[PATH_MAX + 1]; | |
36 | ||
37 | snprintf(cgroup_path, sizeof(cgroup_path), "%s/cgroup.procs", path); | |
38 | ||
39 | fd = open(cgroup_path, O_WRONLY); | |
40 | if (fd < 0) { | |
41 | log_err("Opening Cgroup"); | |
42 | return 1; | |
43 | } | |
44 | ||
45 | if (dprintf(fd, "%d\n", pid) < 0) { | |
46 | log_err("Joining Cgroup"); | |
47 | rc = 1; | |
48 | } | |
49 | close(fd); | |
50 | return rc; | |
51 | } | |
52 | ||
53 | int main(int argc, char **argv) | |
54 | { | |
55 | char filename[256]; | |
56 | int cg2, idx = 0; | |
57 | pid_t remote_pid, local_pid = getpid(); | |
58 | ||
59 | snprintf(filename, sizeof(filename), "%s_kern.o", argv[0]); | |
60 | if (load_bpf_file(filename)) { | |
61 | printf("%s", bpf_log_buf); | |
62 | return 1; | |
63 | } | |
64 | ||
65 | /* | |
66 | * This is to avoid interfering with existing cgroups. Unfortunately, | |
67 | * most people don't have cgroupv2 enabled at this point in time. | |
68 | * It's easier to create our own mount namespace and manage it | |
69 | * ourselves. | |
70 | */ | |
71 | if (unshare(CLONE_NEWNS)) { | |
72 | log_err("unshare"); | |
73 | return 1; | |
74 | } | |
75 | ||
76 | if (mount("none", "/", NULL, MS_REC | MS_PRIVATE, NULL)) { | |
77 | log_err("mount fakeroot"); | |
78 | return 1; | |
79 | } | |
80 | ||
81 | if (mount("none", CGROUP_MOUNT_PATH, "cgroup2", 0, NULL)) { | |
82 | log_err("mount cgroup2"); | |
83 | return 1; | |
84 | } | |
85 | ||
86 | if (mkdir(CGROUP_PATH, 0777) && errno != EEXIST) { | |
87 | log_err("mkdir cgroup"); | |
88 | return 1; | |
89 | } | |
90 | ||
91 | cg2 = open(CGROUP_PATH, O_RDONLY); | |
92 | if (cg2 < 0) { | |
93 | log_err("opening target cgroup"); | |
94 | goto cleanup_cgroup_err; | |
95 | } | |
96 | ||
97 | if (bpf_update_elem(map_fd[0], &idx, &cg2, BPF_ANY)) { | |
98 | log_err("Adding target cgroup to map"); | |
99 | goto cleanup_cgroup_err; | |
100 | } | |
101 | if (join_cgroup("/mnt/my-cgroup")) { | |
102 | log_err("Leaving target cgroup"); | |
103 | goto cleanup_cgroup_err; | |
104 | } | |
105 | ||
106 | /* | |
107 | * The installed helper program catched the sync call, and should | |
108 | * write it to the map. | |
109 | */ | |
110 | ||
111 | sync(); | |
112 | bpf_lookup_elem(map_fd[1], &idx, &remote_pid); | |
113 | ||
114 | if (local_pid != remote_pid) { | |
115 | fprintf(stderr, | |
116 | "BPF Helper didn't write correct PID to map, but: %d\n", | |
117 | remote_pid); | |
118 | goto leave_cgroup_err; | |
119 | } | |
120 | ||
121 | /* Verify the negative scenario; leave the cgroup */ | |
122 | if (join_cgroup(CGROUP_MOUNT_PATH)) | |
123 | goto leave_cgroup_err; | |
124 | ||
125 | remote_pid = 0; | |
126 | bpf_update_elem(map_fd[1], &idx, &remote_pid, BPF_ANY); | |
127 | ||
128 | sync(); | |
129 | bpf_lookup_elem(map_fd[1], &idx, &remote_pid); | |
130 | ||
131 | if (local_pid == remote_pid) { | |
132 | fprintf(stderr, "BPF cgroup negative test did not work\n"); | |
133 | goto cleanup_cgroup_err; | |
134 | } | |
135 | ||
136 | rmdir(CGROUP_PATH); | |
137 | return 0; | |
138 | ||
139 | /* Error condition, cleanup */ | |
140 | leave_cgroup_err: | |
141 | join_cgroup(CGROUP_MOUNT_PATH); | |
142 | cleanup_cgroup_err: | |
143 | rmdir(CGROUP_PATH); | |
144 | return 1; | |
145 | } |