From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933701AbdKBOzk (ORCPT ); Thu, 2 Nov 2017 10:55:40 -0400 Received: from mx0b-00082601.pphosted.com ([67.231.153.30]:37890 "EHLO mx0a-00082601.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S933448AbdKBOzh (ORCPT ); Thu, 2 Nov 2017 10:55:37 -0400 From: Roman Gushchin To: CC: Tejun Heo , Alexei Starovoitov , Daniel Borkmann , , , Roman Gushchin Subject: [PATCH v2 net-next 0/5] eBPF-based device cgroup controller Date: Thu, 2 Nov 2017 10:54:35 -0400 Message-ID: <20171102145440.12986-1-guro@fb.com> X-Mailer: git-send-email 2.13.6 MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [2620:10d:c091:200::a050] X-ClientProxiedBy: BN6PR20CA0057.namprd20.prod.outlook.com (2603:10b6:404:151::19) To CO1PR15MB1077.namprd15.prod.outlook.com (2a01:111:e400:7b66::7) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 186d1ec0-62f7-4b18-0313-08d52201bb29 X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(2017052603199);SRVR:CO1PR15MB1077; X-Microsoft-Exchange-Diagnostics: 1;CO1PR15MB1077;3:nZUAC0TwetgisB8QVMaL7suDXraN2rAeTQHj8AXyAEcQ5fzBn4R2dh42Qq/yWCBVsgypUdDaokM93ovqmrRPhVges682GoQXc+3227LdSU1LkQiAAaD/8RCsVNKRZvLb8k6sfjTw7boTe06PWqKC70TK9j1biGvsNP9fu6g4bqUES6XUCZ3O7h2DcA3SapoZY5KNCazBoJaI08acKtjLeVaoCdr6O84L1KF7lbXC2lxc+TrhQAzDlPtQVCCgg0Ow;25:VE2j0wf8CHVPsnHcFFOLYWQ+L2D45F3+RWNZeRNowXoVsnD1RlUQb52JiLWRhYRB/EBed5gEjnWwP3Nbnhq/8noIce4y6cgSO4xEKmp4AZCtReD+JLxuRgmzWhgUNIHDSNdJlCgZLXWVC3w1TxghNNhZ2E36EW1Reama9d1Ko/sIlsCcR37PCRwmeI62HF2q3QHhv5d/iWaqhNNFNWYYWIBV8F2lk+psus3076xZgfFTM9nhQrjJd1u7dHRD9ZTM3JGSEhHmSskK4QLt6xiL7WA82e80XduceZphujz9N9TCh0fZA2ObnqujQWXGKKv8ueJdwlPkDEOvURmn7LznPg==;31:uoSfHv0+u3CkLG1bxN3IkMWsyRZzI3YpvyuBTN5gDsJTwyLpArA6MWUhpJSXtH98Qz70ers5yXT53Y7qFFrXieCXtpiGwjqL4b5w6r/lpdT254clJRW7+X+L7hLEjcXNTrCemGPHx3LNIfQICCq3rOZ3XUBHLby/hFE/MNqQ4P7KIfdk8Mpd8dsY0BfnQX67b1SmI5eodPq1IbslG/QgEpkVIHPn5Foo0olLR+hgJoc= X-MS-TrafficTypeDiagnostic: CO1PR15MB1077: X-Microsoft-Exchange-Diagnostics: 1;CO1PR15MB1077;20:bqmJfeJd/vFVlPrbZPgwQWc9hiEBja6IZV4kjC3qZaO8UasjiJMz0NsBQyxCxJxLX+pQ2rx6CY4CuhbKsoFs/NR1NZOy3qCZDWeWZvI7/5AdmQkhJ2ZtgZirQjwSgCSAGNiUPp2KHUvhpTpwOs/tqNysEo8drW6FiYtztms2YPgMrCAVDOpUEL17oDm7HN6dG7J6d1PK5grFSTvmnhKq1rJs2yrsogYgowRLh9+UAw/fh+VK5SnxlElhF8DKkAGW8RDPshh8z1LkUh738ugA6vcYae2Y+V5WVU8kGmwDqW85QB8valqQE8O7lXFQjfUVokLsCZmHHRTMPxnfqngB/qVMrXpz1utzckGqHpxlOxUTxrABHT3FcQNvDyjqzxrfSZ15l5aRzRGFpi8ei+DTquiY6cIS5YstUXggnEOVoUADHJgjjVXTyeYVVnfKyCsWjiqFIAX6CCbrMhGo3RMsLTjYuieQN/OZf7CGfqmKDYI6ieudd/riOdmcgfjEytZQ;4:Mo8dXolXmKRcbLB9Oc/5x2ohpF/kXZDfdGuWskjvoSDTmbq8Cz/iT7NgGN2e9nU7RSNFEMdFafxhzjJRAKsqboPmGnOdzf5lLAvsycwdVYiiZLNT4e9CSzu4JvuwAc85o8+qZI6gIY008TX9gOr0ZcdpYkGZOWa/XwBkR3rDdSzJ9HFQn/Cl7BXutcdJRCnoY0X8ysI/8+7Dzmfs5gtLz6g2OeXXaGEv9/cu38TpXmEQk4E2a5jrq4Ebf7Qyjy8mVkGhJsLlgXACuCoYbOMzZqp9hNO+iS24BFEG+Z8OHOvBHB8/llzeUSxjwwIiOojO X-Exchange-Antispam-Report-Test: UriScan:(192374486261705); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(11241501159)(6040450)(2401047)(5005006)(8121501046)(3231020)(93006095)(93001095)(3002001)(10201501046)(100000703101)(100105400095)(6041248)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123558100)(20161123555025)(20161123564025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095);SRVR:CO1PR15MB1077;BCL:0;PCL:0;RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);SRVR:CO1PR15MB1077; X-Forefront-PRVS: 047999FF16 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10019020)(6009001)(346002)(376002)(199003)(189002)(81156014)(50466002)(189998001)(48376002)(50986999)(25786009)(4326008)(2361001)(36756003)(7736002)(5660300001)(2351001)(1076002)(8676002)(101416001)(68736007)(97736004)(33646002)(2906002)(81166006)(6666003)(6116002)(105586002)(106356001)(316002)(966005)(5003940100001)(8936002)(478600001)(54906003)(53936002)(305945005)(16586007)(6916009)(6486002)(47776003)(53416004)(69596002)(86362001)(6506006)(6306002)(50226002)(6512007)(42262002);DIR:OUT;SFP:1102;SCL:1;SRVR:CO1PR15MB1077;H:castle.thefacebook.com;FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1;CO1PR15MB1077;23:1UuTIB3W0foQw0taTfE58zHFR7iMBxp9Oeykv1eIw?= =?us-ascii?Q?9M55e/RwcqnHiAre+GngIgucReBE/P7S0EBfb0fKpYd81Ez4XNNmvWVQX+aQ?= =?us-ascii?Q?apTb6vssi6p+yfL6844Z5n7TeWA+74u0/xLjYa8jmhDH4VH7Y/vBLWIoE2MY?= =?us-ascii?Q?e0sxLnnR/vxw2WVKCf2o8jMbNMCfjrPjtpcSRkL4I/mntN0nLVKDj7wlUwfd?= =?us-ascii?Q?NAyM/ObW+mKlVkkG0zyOECjv0/R7SMnqJWywVoVk8Ds/EbtLJMXb7t/90kiV?= =?us-ascii?Q?5TYajyAuAEKUcAxxYs0Ne2GDjveKbXnKMM+wvH7SBz1W1SbvJnP8T6yNNwW8?= =?us-ascii?Q?uKI9rvEyYE7wgcFloEJc5ow6LKhFkkbjpqEIIBtLTA5G93kfyR3uGMz7ZM2O?= =?us-ascii?Q?kCYTA9Qdce2xXuu9NEcmE1RUAU/L0Bmmh5XJCSzKs9aMVpN4M5XtE3r+Gjnx?= =?us-ascii?Q?CcrLeo006B0QJCY+J5eixu1oJOvN2DKNlUWVt4JNB9T3gGmJaP10jOFfGa09?= =?us-ascii?Q?4OfdPhQmpUgBFLG6CqF+MpaldQ5/ISYL/Z8mVRJaivvevqzcDx8xkVptf5uM?= =?us-ascii?Q?Q0PBWLbvEEohjqSWvhQ7PPf/V/KEgcQxrhUwe6ZJYB1k4OtrjtxNmRj0t4rt?= =?us-ascii?Q?LHNxz5D/l3DNMstyA7dQMJ2R2ePFXjvHo0JZXN9I9Ja5TtdfaM8e6ZGHRIm3?= =?us-ascii?Q?0JIzK4ImdsFFgqCvBJ20npWLfRrwaFT7PinhVdIJY3dkP+Ynb4Aq7PGMwMCA?= =?us-ascii?Q?yjgQ4Llu0fUJ9a2IZuHNZ+P6n1/zsCFwGWguIDhdhC3coAAXGiEHnez/cSj6?= =?us-ascii?Q?7qeh942K1M7xIVwUoAuHVbXzdWvXlzpnFKDynjwnKHJrBdMF9HWMPJbIrBXz?= =?us-ascii?Q?8BPTOL1wkVIxUVI+BtjbQTRDXc6JEmGTJE0eNuxEKXBUZsxmnoCRh3rl/c7F?= =?us-ascii?Q?/fJwLbAdcB6bpNaBOT12RjRZ/Aqjsa7uqiRFkEcGB2tvx+aPjBVwiWH/pyys?= =?us-ascii?Q?WYMvn8MU9nNGEnybSo5KW+q58JFVNx5rbZ1osj4FvykrHY4plgehpO9PXQf5?= =?us-ascii?Q?fRCPGFT4C4rKJZQeKAia/zLVxVLacZwWAbjuxQrVAmeJ78ZW79VUUYK8NEfp?= =?us-ascii?Q?7Lvl5gjxNyeQ6b5ytLXWGBBZ8VfxVmY?= X-Microsoft-Exchange-Diagnostics: 1;CO1PR15MB1077;6:fJtug76qD7NsiRASmB+cC1/1uWXxpfG7DzUgp4QtV1zP3TWVzJ1/En8Qt3JB4YeInMgPqZaE1WhKpE7uSAoSxXkIO0nC2Nuno/vn3gUdQ3WGQf5dga8iC1/myYewzLaYeEya2HI405/GwDMuMq5GL9qn4Q5B27xSdTtdjFAuLmehTi1A0XIOKPn/WvRku/lkCmFTmYyJtNVxilE5tp0pf7Cwax+NLr1Q7++uSwTiL36wcKIXMviAuTcspH9AjMRnVXwd4NvUq0MYwCzu7NzZiDq03riW+3v4JC4s/spsDJVy01G7LtqEQmI9eC7Gx18C5AkETOw3ZpC3/JRZU8CyPrUjnbgT0qq59gL+/gACHsw=;5:/dI00B0vECGDczKVpJVdAlEvcSsxEUrQzCGtUzY1KUCMDKzmXaJShKwvRJ4HmPMHU0UDUxhabCT5LhANIjkVVHPQXEykIJyikuoYwbxoIEsOxdKzfEzAIMRmk7PHNjOMAmce/a9Wmq37pEaEuE2vKlcxAcQlA/qmRf+PGHs6tiI=;24:ggWrf2YuPwsPIk05W5RTbViLHMyG0T1F+dhhr9k9ctzKiDiXmpTeDhmKqpagQka/dEXO0IRZQ2RXbTdAle8rsv6dHgXooaTLE0xQ54WXqzg=;7:ClnWiwiPU0/eCCrJUxMf8WVeG710HEjkjEOZAz3sIyNyEbZ5kDjl9wq69RKF2sIG/zWh640sIjeY9l3WhCR+3j/OySwskU5y1eQnFbdMK2JABCCgmeTlK5mWWvFyQYN6NuIBY6DmNX/Ih63hfkzu0ZUxS07SMJV4bSmEMe/maxuJF7pylrGpUTPRUIpC/kOUBBxv5DD1BEfwsg5mC2qEZo5zMKuz271wfpX50CVQydA28o6VQE0jLrzd9ZyAE2CH SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;CO1PR15MB1077;20:ovvhRYY0DQwgXEoT0SUdR/UFaqXMP2mTVtdq5qozjNQQYKOLceOW3x2vIRqbEnfq/GdgvwSWdGAFT1Sc3MzYv8qKNC6XZv1iL0RjUi+lTT0Nls2MnfzGy0F1+kpv35RhsaLL/tGtbPDREonuqXVatSyqf2FhAxSZDcfKUGc7B/A= X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Nov 2017 14:55:15.8912 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 186d1ec0-62f7-4b18-0313-08d52201bb29 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2 X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1PR15MB1077 X-OriginatorOrg: fb.com X-Proofpoint-Spam-Reason: safe X-FB-Internal: Safe X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2017-11-02_05:,, signatures=0 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This patchset introduces an eBPF-based device controller for cgroup v2. Patches (1) and (2) are a preparational work required to share some code with the existing device controller implementation. Patch (3) is the main patch, which introduces a new bpf prog type and all necessary infrastructure. Patch (4) moves cgroup_helpers.c/h to use them by patch (4). Patch (5) implements an example of eBPF program which controls access to device files and corresponding userspace test. v2: Added patch (1). v1: https://lkml.org/lkml/2017/11/1/363 Roman Gushchin (5): device_cgroup: add DEVCG_ prefix to ACC_* and DEV_* constants device_cgroup: prepare code for bpf-based device controller bpf, cgroup: implement eBPF-based device controller for cgroup v2 bpf: move cgroup_helpers from samples/bpf/ to tools/testing/selftesting/bpf/ selftests/bpf: add a test for device cgroup controller include/linux/bpf-cgroup.h | 15 ++++ include/linux/bpf_types.h | 3 + include/linux/device_cgroup.h | 67 +++++++++++++++- include/uapi/linux/bpf.h | 15 ++++ kernel/bpf/cgroup.c | 67 ++++++++++++++++ kernel/bpf/syscall.c | 7 ++ kernel/bpf/verifier.c | 1 + samples/bpf/Makefile | 5 +- security/device_cgroup.c | 91 ++++++--------------- tools/include/uapi/linux/bpf.h | 15 ++++ tools/testing/selftests/bpf/Makefile | 6 +- .../testing/selftests}/bpf/cgroup_helpers.c | 0 .../testing/selftests}/bpf/cgroup_helpers.h | 0 tools/testing/selftests/bpf/dev_cgroup.c | 60 ++++++++++++++ tools/testing/selftests/bpf/test_dev_cgroup.c | 93 ++++++++++++++++++++++ 15 files changed, 369 insertions(+), 76 deletions(-) rename {samples => tools/testing/selftests}/bpf/cgroup_helpers.c (100%) rename {samples => tools/testing/selftests}/bpf/cgroup_helpers.h (100%) create mode 100644 tools/testing/selftests/bpf/dev_cgroup.c create mode 100644 tools/testing/selftests/bpf/test_dev_cgroup.c -- 2.13.6