1. 25 Nov, 2017 2 commits
  2. 11 Nov, 2017 1 commit
  3. 10 Nov, 2017 19 commits
  4. 08 Nov, 2017 15 commits
  5. 06 Nov, 2017 1 commit
  6. 05 Nov, 2017 2 commits
    • David S. Miller's avatar
      Merge branch 'eBPF-based-device-cgroup-controller' · 2798b80b
      David S. Miller authored
      Roman Gushchin says:
      
      ====================
      eBPF-based device cgroup controller
      
      This patchset introduces an eBPF-based device controller for cgroup v2.
      
      Patches (1) and (2) are a preparational work required to share some code
        with the existing device controller implementation.
      Patch (3) is the main patch, which introduces a new bpf prog type
        and all necessary infrastructure.
      Patch (4) moves cgroup_helpers.c/h to use them by patch (4).
      Patch (5) implements an example of eBPF program which controls access
        to device files and corresponding userspace test.
      
      v3:
        Renamed constants introduced by patch (3) to BPF_DEVCG_*
      
      v2:
        Added patch (1).
      
      v1:
        https://lkml.org/lkml/2017/11/1/363
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2798b80b
    • Roman Gushchin's avatar
      selftests/bpf: add a test for device cgroup controller · 37f1ba09
      Roman Gushchin authored
      Add a test for device cgroup controller.
      
      The test loads a simple bpf program which logs all
      device access attempts using trace_printk() and forbids
      all operations except operations with /dev/zero and
      /dev/urandom.
      
      Then the test creates and joins a test cgroup, and attaches
      the bpf program to it.
      
      Then it tries to perform some simple device operations
      and checks the result:
      
        create /dev/null (should fail)
        create /dev/zero (should pass)
        copy data from /dev/urandom to /dev/zero (should pass)
        copy data from /dev/urandom to /dev/full (should fail)
        copy data from /dev/random to /dev/zero (should fail)
      Signed-off-by: default avatarRoman Gushchin <guro@fb.com>
      Acked-by: default avatarAlexei Starovoitov <ast@kernel.org>
      Acked-by: default avatarTejun Heo <tj@kernel.org>
      Cc: Daniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      37f1ba09