Commit 0350f9d9 authored by Andrii Nakryiko's avatar Andrii Nakryiko Committed by Alexei Starovoitov

selftests/bpf: Utilize string values for delegate_xxx mount options

Use both hex-based and string-based way to specify delegate mount
options for BPF FS.
Signed-off-by: default avatarAndrii Nakryiko <andrii@kernel.org>
Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
Acked-by: default avatarJohn Fastabend <john.fastabend@gmail.com>
Link: https://lore.kernel.org/bpf/20240124022127.2379740-21-andrii@kernel.org
parent 6c1752e0
...@@ -55,14 +55,22 @@ static int restore_priv_caps(__u64 old_caps) ...@@ -55,14 +55,22 @@ static int restore_priv_caps(__u64 old_caps)
return cap_enable_effective(old_caps, NULL); return cap_enable_effective(old_caps, NULL);
} }
static int set_delegate_mask(int fs_fd, const char *key, __u64 mask) static int set_delegate_mask(int fs_fd, const char *key, __u64 mask, const char *mask_str)
{ {
char buf[32]; char buf[32];
int err; int err;
if (!mask_str) {
if (mask == ~0ULL) {
mask_str = "any";
} else {
snprintf(buf, sizeof(buf), "0x%llx", (unsigned long long)mask); snprintf(buf, sizeof(buf), "0x%llx", (unsigned long long)mask);
mask_str = buf;
}
}
err = sys_fsconfig(fs_fd, FSCONFIG_SET_STRING, key, err = sys_fsconfig(fs_fd, FSCONFIG_SET_STRING, key,
mask == ~0ULL ? "any" : buf, 0); mask_str, 0);
if (err < 0) if (err < 0)
err = -errno; err = -errno;
return err; return err;
...@@ -75,6 +83,10 @@ struct bpffs_opts { ...@@ -75,6 +83,10 @@ struct bpffs_opts {
__u64 maps; __u64 maps;
__u64 progs; __u64 progs;
__u64 attachs; __u64 attachs;
const char *cmds_str;
const char *maps_str;
const char *progs_str;
const char *attachs_str;
}; };
static int create_bpffs_fd(void) static int create_bpffs_fd(void)
...@@ -93,16 +105,16 @@ static int materialize_bpffs_fd(int fs_fd, struct bpffs_opts *opts) ...@@ -93,16 +105,16 @@ static int materialize_bpffs_fd(int fs_fd, struct bpffs_opts *opts)
int mnt_fd, err; int mnt_fd, err;
/* set up token delegation mount options */ /* set up token delegation mount options */
err = set_delegate_mask(fs_fd, "delegate_cmds", opts->cmds); err = set_delegate_mask(fs_fd, "delegate_cmds", opts->cmds, opts->cmds_str);
if (!ASSERT_OK(err, "fs_cfg_cmds")) if (!ASSERT_OK(err, "fs_cfg_cmds"))
return err; return err;
err = set_delegate_mask(fs_fd, "delegate_maps", opts->maps); err = set_delegate_mask(fs_fd, "delegate_maps", opts->maps, opts->maps_str);
if (!ASSERT_OK(err, "fs_cfg_maps")) if (!ASSERT_OK(err, "fs_cfg_maps"))
return err; return err;
err = set_delegate_mask(fs_fd, "delegate_progs", opts->progs); err = set_delegate_mask(fs_fd, "delegate_progs", opts->progs, opts->progs_str);
if (!ASSERT_OK(err, "fs_cfg_progs")) if (!ASSERT_OK(err, "fs_cfg_progs"))
return err; return err;
err = set_delegate_mask(fs_fd, "delegate_attachs", opts->attachs); err = set_delegate_mask(fs_fd, "delegate_attachs", opts->attachs, opts->attachs_str);
if (!ASSERT_OK(err, "fs_cfg_attachs")) if (!ASSERT_OK(err, "fs_cfg_attachs"))
return err; return err;
...@@ -284,13 +296,13 @@ static void child(int sock_fd, struct bpffs_opts *opts, child_callback_fn callba ...@@ -284,13 +296,13 @@ static void child(int sock_fd, struct bpffs_opts *opts, child_callback_fn callba
} }
/* ensure unprivileged child cannot set delegation options */ /* ensure unprivileged child cannot set delegation options */
err = set_delegate_mask(fs_fd, "delegate_cmds", 0x1); err = set_delegate_mask(fs_fd, "delegate_cmds", 0x1, NULL);
ASSERT_EQ(err, -EPERM, "delegate_cmd_eperm"); ASSERT_EQ(err, -EPERM, "delegate_cmd_eperm");
err = set_delegate_mask(fs_fd, "delegate_maps", 0x1); err = set_delegate_mask(fs_fd, "delegate_maps", 0x1, NULL);
ASSERT_EQ(err, -EPERM, "delegate_maps_eperm"); ASSERT_EQ(err, -EPERM, "delegate_maps_eperm");
err = set_delegate_mask(fs_fd, "delegate_progs", 0x1); err = set_delegate_mask(fs_fd, "delegate_progs", 0x1, NULL);
ASSERT_EQ(err, -EPERM, "delegate_progs_eperm"); ASSERT_EQ(err, -EPERM, "delegate_progs_eperm");
err = set_delegate_mask(fs_fd, "delegate_attachs", 0x1); err = set_delegate_mask(fs_fd, "delegate_attachs", 0x1, NULL);
ASSERT_EQ(err, -EPERM, "delegate_attachs_eperm"); ASSERT_EQ(err, -EPERM, "delegate_attachs_eperm");
/* pass BPF FS context object to parent */ /* pass BPF FS context object to parent */
...@@ -314,22 +326,22 @@ static void child(int sock_fd, struct bpffs_opts *opts, child_callback_fn callba ...@@ -314,22 +326,22 @@ static void child(int sock_fd, struct bpffs_opts *opts, child_callback_fn callba
} }
/* ensure unprivileged child cannot reconfigure to set delegation options */ /* ensure unprivileged child cannot reconfigure to set delegation options */
err = set_delegate_mask(fs_fd, "delegate_cmds", ~0ULL); err = set_delegate_mask(fs_fd, "delegate_cmds", 0, "any");
if (!ASSERT_EQ(err, -EPERM, "delegate_cmd_eperm_reconfig")) { if (!ASSERT_EQ(err, -EPERM, "delegate_cmd_eperm_reconfig")) {
err = -EINVAL; err = -EINVAL;
goto cleanup; goto cleanup;
} }
err = set_delegate_mask(fs_fd, "delegate_maps", ~0ULL); err = set_delegate_mask(fs_fd, "delegate_maps", 0, "any");
if (!ASSERT_EQ(err, -EPERM, "delegate_maps_eperm_reconfig")) { if (!ASSERT_EQ(err, -EPERM, "delegate_maps_eperm_reconfig")) {
err = -EINVAL; err = -EINVAL;
goto cleanup; goto cleanup;
} }
err = set_delegate_mask(fs_fd, "delegate_progs", ~0ULL); err = set_delegate_mask(fs_fd, "delegate_progs", 0, "any");
if (!ASSERT_EQ(err, -EPERM, "delegate_progs_eperm_reconfig")) { if (!ASSERT_EQ(err, -EPERM, "delegate_progs_eperm_reconfig")) {
err = -EINVAL; err = -EINVAL;
goto cleanup; goto cleanup;
} }
err = set_delegate_mask(fs_fd, "delegate_attachs", ~0ULL); err = set_delegate_mask(fs_fd, "delegate_attachs", 0, "any");
if (!ASSERT_EQ(err, -EPERM, "delegate_attachs_eperm_reconfig")) { if (!ASSERT_EQ(err, -EPERM, "delegate_attachs_eperm_reconfig")) {
err = -EINVAL; err = -EINVAL;
goto cleanup; goto cleanup;
...@@ -658,8 +670,8 @@ void test_token(void) ...@@ -658,8 +670,8 @@ void test_token(void)
{ {
if (test__start_subtest("map_token")) { if (test__start_subtest("map_token")) {
struct bpffs_opts opts = { struct bpffs_opts opts = {
.cmds = 1ULL << BPF_MAP_CREATE, .cmds_str = "map_create",
.maps = 1ULL << BPF_MAP_TYPE_STACK, .maps_str = "stack",
}; };
subtest_userns(&opts, userns_map_create); subtest_userns(&opts, userns_map_create);
...@@ -673,9 +685,9 @@ void test_token(void) ...@@ -673,9 +685,9 @@ void test_token(void)
} }
if (test__start_subtest("prog_token")) { if (test__start_subtest("prog_token")) {
struct bpffs_opts opts = { struct bpffs_opts opts = {
.cmds = 1ULL << BPF_PROG_LOAD, .cmds_str = "PROG_LOAD",
.progs = 1ULL << BPF_PROG_TYPE_XDP, .progs_str = "XDP",
.attachs = 1ULL << BPF_XDP, .attachs_str = "xdp",
}; };
subtest_userns(&opts, userns_prog_load); subtest_userns(&opts, userns_prog_load);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment