[PATCH v4 bpf-next 2/2] selftests/bpf: Add is_kernel parameter to LSM/bpf test programs
Song Liu
song at kernel.org
Wed Mar 5 03:27:09 UTC 2025
On Tue, Mar 4, 2025 at 4:36 PM Blaise Boscaccy
<bboscaccy at linux.microsoft.com> wrote:
>
> Song Liu <song at kernel.org> writes:
>
> > On Tue, Mar 4, 2025 at 12:31 PM Blaise Boscaccy
> > <bboscaccy at linux.microsoft.com> wrote:
> >>
> >> The security_bpf LSM hook now contains a boolean parameter specifying
> >> whether an invocation of the bpf syscall originated from within the
> >> kernel. Here, we update the function signature of relevant test
> >> programs to include that new parameter.
> >>
> >> Signed-off-by: Blaise Boscaccy bboscaccy at linux.microsoft.com
> > ^^^ The email address is broken.
> >
>
> Whoops, appologies, will get that fixed.
>
> >> ---
> >> tools/testing/selftests/bpf/progs/rcu_read_lock.c | 3 ++-
> >> tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c | 4 ++--
> >> tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c | 6 +++---
> >> tools/testing/selftests/bpf/progs/test_lookup_key.c | 2 +-
> >> tools/testing/selftests/bpf/progs/test_ptr_untrusted.c | 2 +-
> >> tools/testing/selftests/bpf/progs/test_task_under_cgroup.c | 2 +-
> >> tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c | 2 +-
> >> 7 files changed, 11 insertions(+), 10 deletions(-)
> >
> > It appears you missed a few of these?
> >
>
> Some of these don't require any changes. I ran into this as well while doing a
> search.
>
> These are all accounted for in the patch.
> > tools/testing/selftests/bpf/progs/rcu_read_lock.c:SEC("?lsm.s/bpf")
> > tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c:SEC("lsm/bpf")
> > tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c:SEC("lsm.s/bpf")
> > tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c:SEC("?lsm.s/bpf")
> > tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c:SEC("?lsm.s/bpf")
> > tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c:SEC("lsm.s/bpf")
>
> security_bpf_map wasn't altered, it can't be called from the kernel. No
> changes needed.
> > tools/testing/selftests/bpf/progs/test_libbpf_get_fd_by_id_opts.c:SEC("lsm/bpf_map")
>
> These are also all accounted for in the patch.
> > tools/testing/selftests/bpf/progs/test_lookup_key.c:SEC("lsm.s/bpf")
> > tools/testing/selftests/bpf/progs/test_ptr_untrusted.c:SEC("lsm.s/bpf")
> > tools/testing/selftests/bpf/progs/test_task_under_cgroup.c:SEC("lsm.s/bpf")
> > tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c:SEC("lsm.s/bpf")
>
> bpf_token_cmd and bpf_token_capabable aren't callable from the kernel,
> no changes to that hook either currently.
>
> > tools/testing/selftests/bpf/progs/token_lsm.c:SEC("lsm/bpf_token_capable")
> > tools/testing/selftests/bpf/progs/token_lsm.c:SEC("lsm/bpf_token_cmd")
>
>
> This program doesn't take any parameters currently.
> > tools/testing/selftests/bpf/progs/verifier_global_subprogs.c:SEC("?lsm/bpf")
>
> These are all naked calls that don't take any explicit parameters.
> > tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")
> > tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")
> > tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")
> > tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")
> > tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")
> > tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")
> > tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")
Thanks for the explanation. I think we can keep this part as-is.
Song
More information about the Linux-security-module-archive
mailing list