From 77abd02985415fc90db03511b6bcc4479f61f81f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Fri, 8 Nov 2019 14:58:28 +0100
Subject: [PATCH] tests: move memlock helper to shared code

---
 src/shared/tests.c           | 19 +++++++++++++++++++
 src/shared/tests.h           |  4 ++++
 src/test/test-bpf-firewall.c | 25 -------------------------
 3 files changed, 23 insertions(+), 25 deletions(-)

diff --git a/src/shared/tests.c b/src/shared/tests.c
index 11ea12ed69..fc53546be0 100644
--- a/src/shared/tests.c
+++ b/src/shared/tests.c
@@ -3,6 +3,7 @@
 #include <sched.h>
 #include <signal.h>
 #include <stdlib.h>
+#include <sys/mman.h>
 #include <sys/mount.h>
 #include <sys/wait.h>
 #include <util.h>
@@ -149,3 +150,21 @@ bool have_namespaces(void) {
 
         assert_not_reached("unexpected exit code");
 }
+
+bool can_memlock(void) {
+        /* Let's see if we can mlock() a larger blob of memory. BPF programs are charged against
+         * RLIMIT_MEMLOCK, hence let's first make sure we can lock memory at all, and skip the test if we
+         * cannot. Why not check RLIMIT_MEMLOCK explicitly? Because in container environments the
+         * RLIMIT_MEMLOCK value we see might not match the RLIMIT_MEMLOCK value actually in effect. */
+
+        void *p = mmap(NULL, CAN_MEMLOCK_SIZE, PROT_READ|PROT_WRITE, MAP_ANONYMOUS|MAP_SHARED, -1, 0);
+        if (p == MAP_FAILED)
+                return false;
+
+        bool b = mlock(p, CAN_MEMLOCK_SIZE) >= 0;
+        if (b)
+                assert_se(munlock(p, CAN_MEMLOCK_SIZE) >= 0);
+
+        assert_se(munmap(p, CAN_MEMLOCK_SIZE) >= 0);
+        return b;
+}
diff --git a/src/shared/tests.h b/src/shared/tests.h
index 718196f134..8416b107f3 100644
--- a/src/shared/tests.h
+++ b/src/shared/tests.h
@@ -12,3 +12,7 @@ int log_tests_skipped(const char *message);
 int log_tests_skipped_errno(int r, const char *message);
 
 bool have_namespaces(void);
+
+/* We use the small but non-trivial limit here */
+#define CAN_MEMLOCK_SIZE (512 * 1024U)
+bool can_memlock(void);
diff --git a/src/test/test-bpf-firewall.c b/src/test/test-bpf-firewall.c
index 9fd1b429db..0942c61e0f 100644
--- a/src/test/test-bpf-firewall.c
+++ b/src/test/test-bpf-firewall.c
@@ -2,7 +2,6 @@
 
 #include <linux/bpf_insn.h>
 #include <string.h>
-#include <sys/mman.h>
 #include <unistd.h>
 
 #include "bpf-firewall.h"
@@ -16,30 +15,6 @@
 #include "unit.h"
 #include "virt.h"
 
-/* We use the small but non-trivial limit here */
-#define CAN_MEMLOCK_SIZE (512 * 1024U)
-
-static bool can_memlock(void) {
-        void *p;
-        bool b;
-
-        /* Let's see if we can mlock() a larger blob of memory. BPF programs are charged against
-         * RLIMIT_MEMLOCK, hence let's first make sure we can lock memory at all, and skip the test if we
-         * cannot. Why not check RLIMIT_MEMLOCK explicitly? Because in container environments the
-         * RLIMIT_MEMLOCK value we see might not match the RLIMIT_MEMLOCK value actually in effect. */
-
-        p = mmap(NULL, CAN_MEMLOCK_SIZE, PROT_READ|PROT_WRITE, MAP_ANONYMOUS|MAP_SHARED, -1, 0);
-        if (p == MAP_FAILED)
-                return false;
-
-        b = mlock(p, CAN_MEMLOCK_SIZE) >= 0;
-        if (b)
-                assert_se(munlock(p, CAN_MEMLOCK_SIZE) >= 0);
-
-        assert_se(munmap(p, CAN_MEMLOCK_SIZE) >= 0);
-        return b;
-}
-
 int main(int argc, char *argv[]) {
         const struct bpf_insn exit_insn[] = {
                 BPF_MOV64_IMM(BPF_REG_0, 0), /* drop */