From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754812AbdKBRQd (ORCPT ); Thu, 2 Nov 2017 13:16:33 -0400 Received: from mx0b-00082601.pphosted.com ([67.231.153.30]:56348 "EHLO mx0a-00082601.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1750722AbdKBRQa (ORCPT ); Thu, 2 Nov 2017 13:16:30 -0400 From: Roman Gushchin To: CC: Tejun Heo , Alexei Starovoitov , Daniel Borkmann , , , Roman Gushchin Subject: [PATCH v3 net-next 0/5] eBPF-based device cgroup controller Date: Thu, 2 Nov 2017 13:15:25 -0400 Message-ID: <20171102171530.7627-1-guro@fb.com> X-Mailer: git-send-email 2.13.6 MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [2620:10d:c091:200::2:53d6] X-ClientProxiedBy: CO2PR04CA0112.namprd04.prod.outlook.com (2603:10b6:104:7::14) To BL2PR15MB1073.namprd15.prod.outlook.com (2603:10b6:201:17::7) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 61e6da3c-2f97-45c0-6b14-08d522156a8c X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(2017052603199);SRVR:BL2PR15MB1073; X-Microsoft-Exchange-Diagnostics: 1;BL2PR15MB1073;3:LWW39XzNQr+cByAKMo/sFgTIugJpASejBVbTLQLBFdIXMaffnRvrPE59NrWB48EdtIkld1DMV7w5xlVATQCZl9aEnqEXespZkQaRxBwlx3CGKHYyOJ2JdYqZuzqMPPtRnGBEKOtnI3GJYIXBxue1Lb3t3Z921wz6WfQ4lYMq/uCkWqAyT39/UPqbdaTgtkkI/q/3/rLZkLX0Y+DuKy0jLEvSW/tlIS7qGWwI0/deTh0tNfPBt4GIZI5o76t/ogyk;25:c11xEnBo9BUeIL//42f0rEjZLWZ5yZ4TwQ20dd3qRxFN805xk/RSWV0mLEj9ECPnJ3/bI8/DOcZPNnvGvXb1+ZMd4iEmwQkhQ16O5MDKCNWagDLft1Qmmmg1tHBi6G+yk7m2bWlyqteXSwaUPjN//TnY0sgmKEhp2KWvFpzl+DeNxgBpqLdbYnZ87kVugv/wZF/sSsH9ES0tx44XJ9S+dcxyU1mBfZXYuYuFmh3OkWi6imlRDtBUBIsg2BXHsyGAarkib7HfWbsESZYP7NKb10MFjdddk5fPI7WKw95BQpOGCaAOu1br5lJB+7l4tNIyHvNuK3Md7gV+Jg2r2Qf4Xw==;31:/tBFMjikVkq1kai2YzWAIaEI8997P4EaGVxLZudi7dm7iy06Yz96Uvuvkmk00P00AYnh+wsSm+wPleNxVI7XEJNaeqB+unImk66gnaHa7vTiC1Qd88pxe7oNId8lnhBjmXZ9/HmL/CBOdSqb9wtPjZyrVAFgQ3iQ092S2zzohaUfxrDV7XqTopYAKaoapOUW5c9ejlqRuW0rNADnEZ3i/AM1r06EZItwQtNzkLhjo08= X-MS-TrafficTypeDiagnostic: BL2PR15MB1073: X-Microsoft-Exchange-Diagnostics: 1;BL2PR15MB1073;20:d686LUkLj2ibpdnXVJ3Bkk2Wz+I7VGD2y+pFrQUdDrWnve8RGzEgm7fN78+v/W1SbZlw6ldJ8/eJj7e/ibGXwSTonBjFIZuj+IVXj96VL58wiQ6co73u87tMr9ZyhZ51d38cnm1lCK49XmAL9M1u58MiTbuwYppxXZ6ysdDPsH2Lxc6ke4ShsNZx2dv+oLw7yUF1bydsT7RAlLnChbFRNuI2nmSa4+UBrM6N7YK9pAolQP22ATL6rKQ0TwXFLVYCW1kREW7+VUiBnf4MAroqIbal+nTXiifYEGqvk0zBmx4szhUq0nk/WbZYSf/pozhMygVDaoNDMdr9UvEKoq9oPy5/EJd2ducNeItJjJYBbt1qfogevXhqGha5KZlmFwGJgQa2avXV3Ct6McdrZN0HFzFngziMSq3piFOadmg7Cua5dQiY8F8D0iRFWcmzelzFVGEYfUXSfFj8uW2dFORmCuOSNxWSvf5virl2Jh4f/dQDyOr2ium9PW2XX2Aokcmb;4:dhYbQVN3N0TdefTobAUV34WtsORlgKWB1jwAvDpfUW1tNPYzDehqERDYd8hefTgN7zpSm0ehyYpFV3lT0gr/HBbHcxEdfzmj9cxK2vUx7x5sB0q2mtOMUxGspOq4d0zfDOTSf5CFGWiXE3FzVYEEa21fgnyslzn7Teou7MHmmCYjw5gyLV3Fcg4pneyALqd6hG1vilG+Z4c8Ul9on12QUPBbzLMgc6uKLQck3M85xViWksZIjpZROf8srQZXPRwZh8OqPYL92jrqQOgupOmBeJD869fsZoF7Nyid6JxTD4YlzDd5lk/a9FC7inT9cWYu X-Exchange-Antispam-Report-Test: UriScan:(192374486261705); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(11241501159)(6040450)(2401047)(8121501046)(5005006)(100000703101)(100105400095)(93006095)(93001095)(10201501046)(3231020)(3002001)(6041248)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123555025)(20161123562025)(20161123564025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095);SRVR:BL2PR15MB1073;BCL:0;PCL:0;RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);SRVR:BL2PR15MB1073; X-Forefront-PRVS: 047999FF16 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10019020)(6009001)(376002)(346002)(199003)(189002)(50986999)(478600001)(53416004)(33646002)(54906003)(5003940100001)(2351001)(105586002)(4326008)(966005)(2361001)(2906002)(16586007)(316002)(106356001)(305945005)(7736002)(25786009)(101416001)(50226002)(1076002)(8676002)(189998001)(36756003)(81166006)(81156014)(47776003)(69596002)(97736004)(6666003)(6116002)(6916009)(5660300001)(6306002)(6512007)(6506006)(68736007)(53936002)(48376002)(50466002)(6486002)(8936002)(86362001)(42262002);DIR:OUT;SFP:1102;SCL:1;SRVR:BL2PR15MB1073;H:castle.thefacebook.com;FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1;BL2PR15MB1073;23:PCC45OWKBkz6ekuqHRNjJ+Lj6SsuyQJWL6gSrY0a3?= =?us-ascii?Q?KA0AGawmoge9CYQglD5D0pde/bUWCQLACydUyoUmtzbvgHHSV+2gRgcVtdWc?= =?us-ascii?Q?QJZklQ8AAY3puSmHRucAQ1ZAgo9qx2u8xnSsOvoSoxjtjxoYwk4Tg1nAmSOj?= =?us-ascii?Q?HmKMTVTyYWjtXVEFwMlwOhZOHD6JhIMUtnazAWJwz/S7CmqKxztA4Sc1gx6L?= =?us-ascii?Q?HKlDSKG7mhnOj0FnCYvPdETXTJtQzyGjrqSxpxUTTrBWXBn1MHaNkEFd65Ux?= =?us-ascii?Q?RM5IYKG8sejq9hd4GKujsEmwYfbdAI2xk0anOalo5gXTW2y21Xcu+CGaH8ko?= =?us-ascii?Q?tloZbNkKPrr69QM6SOE+AG6DLsrRY8ApeVIDW4fZtjtgzocFY2QXaILAPtn3?= =?us-ascii?Q?d4At7pEY77EfRgL5zMKdu+i5594uEDI6+Rv+zEWOkf4Rb3o8C8drYD+7uaWe?= =?us-ascii?Q?XlY/hKcZfa1Z+2rcW+0sJk7vyS3NiKyOh8HJ9LM5fE8tpIwIJlWAaNEHQYnT?= =?us-ascii?Q?aGQ0YGhdJI74XfnPy7P4s277Eg407AxU59nDJ4XfhMU6C7XKYIu+6+QYLP/B?= =?us-ascii?Q?HoABg7qXa1XGnyDfTXzZHmU0ANuDWHP25MQmw6iLd88TYoU/vdhTy5ZlAj2h?= =?us-ascii?Q?hXEuDEcAidPRkRO9wb0gEHOdlbF6iF8U6+1UpDhlvHg+IArqHR+0ZlMAnapP?= =?us-ascii?Q?9WKjr44K+fHNhExjnYWve6OxxducVTIgz8UsXwzfQqtUhyuJkELvcYeki9hz?= =?us-ascii?Q?CbRvOkL9RCKgyHVKRIxF4oyYSXmbtDs3vcmURQF6sVbwBk+73ikdSv+0KG+s?= =?us-ascii?Q?ZgMdxdXi2f1Y0XNQx40ZCmLOdN8CW/aB65rpxDHp+hszbRRXs3X+OW3eT7uz?= =?us-ascii?Q?vbuG0BL64yGaoRAsFBGjf3aS8/VnTBOD4BhOLqaSV7P6UNcToSknsKHsVtwF?= =?us-ascii?Q?Uv0QbEhl91DxjBo4CLkhZ5AmwaeEjsxH158cLiMRYeYBuVXL9r0Zc0J6MOs2?= =?us-ascii?Q?Zy0SZQxodbBoKRVFN0vfZZPWaEjcm2fpGnbfOm+N25a0Gn/sSoH8h8hZDnCb?= =?us-ascii?Q?pdbB3VVBdT3fs1mjIP376zLQJ6OxLWXhSZvn+7lfDOhloDbJEWS6zGO5v+FM?= =?us-ascii?Q?6M4V1iAU3WCyqojmV/Bdjg4i9oEr7Of?= X-Microsoft-Exchange-Diagnostics: 1;BL2PR15MB1073;6:/YjhO+flaLPbM+PJBpA3Zf7VxwZRbwMVbkupAZPWlkfpoWDH/onTUIlB695r7tclppc2gaKkm/mKrPm+2K5u5XyukI5YFRGK/E9jjSpk912rHj/8sYY63aHi1ymgkx7LfpC4GZ4ivzxZ7e9tJCfzIUIvOMHYRg9rfONgjbGcKXZMFpleyDBcvUKi/1JRd+NVsk2l4EwNLXNVYvQQzQn2lMNBc+PcXU5ZzefOwUMLoP2G2TwYkb0q4rEAfQohGTzOhxOm6w0W5tTO/33aYm12EdLHbjoRKoADHL/WwxpMFbh6NYz/znKZ6J0qZVARC37SHTZVNioNM+8FbsqjdG96vMf1FpTE4oDN/WKk3K8tRCw=;5:vkSgWrBAQaTBzh2Q+zwxuZd2VAPVEjRWiM9hPyVXxtX/eQa+d6wJ7rwSOJ1eN5/6Lm9L3y14+0IiJvOMIc9bxVJLBz6211sZg6lMV2i8Yw0QTYOtvKpMAEeZ/bwdwpZPtxw0wd3spsMHBidcJyxQstWS62qgApXklNQaTtHX9pg=;24:sdPGqFq8rwtTQ53cNzzIFFhEXuw8r/AF5XlaUMbDxssd6b+DGkGPFJvHXr3DA3qCy/IXiGeIqY+qbKzjnD0f4+cjoXLAwMbBKnCTVG8KyjY=;7:M+tzKn3lXcGy/y3zAg41rrBwtobRsbfriPaBDrG6IWsVGPyA1B8CwVBkRiLPnofbfBVAyAhHmOVoFeTS7oYjwoRaGBXXZm0+75dnjIi/ca/GJsDjQD8a1DDaVq8bo0j61Tvxn7Z7tLj0BTmrVZJrJE10ihCUQx7kh2pOXxODUHIelm3afXxm21r6darwGnVNgEbYyWOUxuQv3bKKnlUxgKTyh8AIFXdBeLo1JBz2+i6lLgGT/ifGYho+OAxANpkp SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;BL2PR15MB1073;20:8iDAnPvIQF96UytayfyyHhcOFtH36W+NwQCxiYbUr05uJ6XPxuYq/pX8NlERO1D1KZNZt8MpQXjmZ5d+twzphv69sj9yn9mhMQMZ8ngGcjNDeJHdJxW6RuFiKeeFSMVZwhR+Pbv3dxYdnJbjwhBJbY9WH54KsYtH252yvUwLwBw= X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Nov 2017 17:16:09.7068 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 61e6da3c-2f97-45c0-6b14-08d522156a8c X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2 X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL2PR15MB1073 X-OriginatorOrg: fb.com X-Proofpoint-Spam-Reason: safe X-FB-Internal: Safe X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2017-11-02_06:,, signatures=0 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This patchset introduces an eBPF-based device controller for cgroup v2. Patches (1) and (2) are a preparational work required to share some code with the existing device controller implementation. Patch (3) is the main patch, which introduces a new bpf prog type and all necessary infrastructure. Patch (4) moves cgroup_helpers.c/h to use them by patch (4). Patch (5) implements an example of eBPF program which controls access to device files and corresponding userspace test. v3: Renamed constants introduced by patch (3) to BPF_DEVCG_* v2: Added patch (1). v1: https://lkml.org/lkml/2017/11/1/363 Roman Gushchin (5): device_cgroup: add DEVCG_ prefix to ACC_* and DEV_* constants device_cgroup: prepare code for bpf-based device controller bpf, cgroup: implement eBPF-based device controller for cgroup v2 bpf: move cgroup_helpers from samples/bpf/ to tools/testing/selftesting/bpf/ selftests/bpf: add a test for device cgroup controller include/linux/bpf-cgroup.h | 15 ++++ include/linux/bpf_types.h | 3 + include/linux/device_cgroup.h | 67 +++++++++++++++- include/uapi/linux/bpf.h | 15 ++++ kernel/bpf/cgroup.c | 67 ++++++++++++++++ kernel/bpf/syscall.c | 7 ++ kernel/bpf/verifier.c | 1 + samples/bpf/Makefile | 5 +- security/device_cgroup.c | 91 ++++++--------------- tools/include/uapi/linux/bpf.h | 15 ++++ tools/testing/selftests/bpf/Makefile | 6 +- .../testing/selftests}/bpf/cgroup_helpers.c | 0 .../testing/selftests}/bpf/cgroup_helpers.h | 0 tools/testing/selftests/bpf/dev_cgroup.c | 60 ++++++++++++++ tools/testing/selftests/bpf/test_dev_cgroup.c | 93 ++++++++++++++++++++++ 15 files changed, 369 insertions(+), 76 deletions(-) rename {samples => tools/testing/selftests}/bpf/cgroup_helpers.c (100%) rename {samples => tools/testing/selftests}/bpf/cgroup_helpers.h (100%) create mode 100644 tools/testing/selftests/bpf/dev_cgroup.c create mode 100644 tools/testing/selftests/bpf/test_dev_cgroup.c -- 2.13.6