selftests/bpf: do not disable /dev/null device access in cgroup dev test

test_dev_cgroup currently loads a small bpf program allowing any access on
urandom and zero devices, disabling access to any other device. It makes
migrating this test to test_progs impossible, since this one manipulates
extensively /dev/null.

Allow /dev/null manipulation in dev_cgroup program to make its usage in
test_progs framework possible. Update test_dev_cgroup.c as well to match
this change while it has not been removed.

Reviewed-by: Alan Maguire <alan.maguire@oracle.com>
Acked-by: Stanislav Fomichev <sdf@fomichev.me>
Signed-off-by: Alexis Lothoré (eBPF Foundation) <alexis.lothore@bootlin.com>
Link: https://lore.kernel.org/r/20240731-convert_dev_cgroup-v4-1-849425d90de6@bootlin.com
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>

diff --git a/tools/testing/selftests/bpf/progs/dev_cgroup.c b/tools/testing/selftests/bpf/progs/dev_cgroup.c
index 79b54a4fa2446f56c13946370919b5bf2e644ce3..c1dfbd2b56fc900a65dcaafe50e2318d81b60887 100644 (file)
--- a/tools/testing/selftests/bpf/progs/dev_cgroup.c
+++ b/tools/testing/selftests/bpf/progs/dev_cgroup.c
@@ -41,14 +41,14 @@ int bpf_prog1(struct bpf_cgroup_dev_ctx *ctx)
        bpf_trace_printk(fmt, sizeof(fmt), ctx->major, ctx->minor);
 #endif
 
-       /* Allow access to /dev/zero and /dev/random.
+       /* Allow access to /dev/null and /dev/urandom.
         * Forbid everything else.
         */
        if (ctx->major != 1 || type != BPF_DEVCG_DEV_CHAR)
                return 0;
 
        switch (ctx->minor) {
-       case 5: /* 1:5 /dev/zero */
+       case 3: /* 1:3 /dev/null */
        case 9: /* 1:9 /dev/urandom */
                return 1;
        }

diff --git a/tools/testing/selftests/bpf/test_dev_cgroup.c b/tools/testing/selftests/bpf/test_dev_cgroup.c
index adeaf63cb6fa3905377bc9e7c87f85bb9c74aede..33f544f0005a282cd9eaac7a948f3858f0deae6a 100644 (file)
--- a/tools/testing/selftests/bpf/test_dev_cgroup.c
+++ b/tools/testing/selftests/bpf/test_dev_cgroup.c
@@ -54,25 +54,25 @@ int main(int argc, char **argv)
                goto err;
        }
 
-       /* All operations with /dev/zero and and /dev/urandom are allowed,
+       /* All operations with /dev/null and /dev/urandom are allowed,
         * everything else is forbidden.
         */
-       assert(system("rm -f /tmp/test_dev_cgroup_null") == 0);
-       assert(system("mknod /tmp/test_dev_cgroup_null c 1 3"));
-       assert(system("rm -f /tmp/test_dev_cgroup_null") == 0);
-
-       /* /dev/zero is whitelisted */
        assert(system("rm -f /tmp/test_dev_cgroup_zero") == 0);
-       assert(system("mknod /tmp/test_dev_cgroup_zero c 1 5") == 0);
+       assert(system("mknod /tmp/test_dev_cgroup_zero c 1 5"));
        assert(system("rm -f /tmp/test_dev_cgroup_zero") == 0);
 
-       assert(system("dd if=/dev/urandom of=/dev/zero count=64") == 0);
+       /* /dev/null is whitelisted */
+       assert(system("rm -f /tmp/test_dev_cgroup_null") == 0);
+       assert(system("mknod /tmp/test_dev_cgroup_null c 1 3") == 0);
+       assert(system("rm -f /tmp/test_dev_cgroup_null") == 0);
+
+       assert(system("dd if=/dev/urandom of=/dev/null count=64") == 0);
 
        /* src is allowed, target is forbidden */
        assert(system("dd if=/dev/urandom of=/dev/full count=64"));
 
        /* src is forbidden, target is allowed */
-       assert(system("dd if=/dev/random of=/dev/zero count=64"));
+       assert(system("dd if=/dev/random of=/dev/null count=64"));
 
        error = 0;
        printf("test_dev_cgroup:PASS\n");