[PATCH v7 bpf-next 2/2] selftests/bpf: Add a kernel flag test for LSM bpf hook
Song Liu
song at kernel.org
Mon Mar 10 23:07:03 UTC 2025
On Mon, Mar 10, 2025 at 3:18 PM Blaise Boscaccy
<bboscaccy at linux.microsoft.com> wrote:
>
> This test exercises the kernel flag added to security_bpf by
> effectively blocking light-skeletons from loading while allowing
> normal skeletons to function as-is. Since this should work with any
> arbitrary BPF program, an existing program from LSKELS_EXTRA was
> used as a test payload.
>
> Signed-off-by: Blaise Boscaccy <bboscaccy at linux.microsoft.com>
[...]
> +
> + /* Test with skel. This should pass the gatekeeper */
> + skel = kfunc_call_test__open_and_load();
> + if (!ASSERT_OK_PTR(skel, "skel"))
> + goto close_prog;
> +
> + /* Test with lskel. This should fail due to blocking kernel-based bpf() invocations */
> + lskel = kfunc_call_test_lskel__open_and_load();
> + if (!ASSERT_ERR_PTR(lskel, "lskel"))
> + goto close_prog;
This goto is not necessary. But I don't think we need v8 just for this.
Acked-by: Song Liu <song at kernel.org>
> +
> +close_prog:
> + if (skel)
> + kfunc_call_test__destroy(skel);
> + if (lskel)
> + kfunc_call_test_lskel__destroy(lskel);
[...]
More information about the Linux-security-module-archive
mailing list