[PATCH bpf-next v3 5/6] selftests/bpf: Verify load-time signed loader metadata
bot+bpf-ci at kernel.org
bot+bpf-ci at kernel.org
Thu Jul 2 15:17:12 UTC 2026
> diff --git a/tools/testing/selftests/bpf/prog_tests/signed_loader.c b/tools/testing/selftests/bpf/prog_tests/signed_loader.c
> index 5fc417e31fc6..b3ac3d9b0e31 100644
> --- a/tools/testing/selftests/bpf/prog_tests/signed_loader.c
> +++ b/tools/testing/selftests/bpf/prog_tests/signed_loader.c
[ ... ]
> @@ -1090,20 +1173,462 @@ static void lsm_signature_verdict(void)
> test_signed_loader_lsm__destroy(lsm);
> }
>
> +static void signed_module_kfunc_rejected(void)
> +{
> + struct bpf_insn insns[] = {
> + BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, BPF_PSEUDO_KFUNC_CALL, 1, 1),
> + BPF_MOV64_IMM(BPF_REG_0, 0),
> + BPF_EXIT_INSN(),
> + };
> + char dir_tmpl[] = "/tmp/signed_loader_kfnXXXXXX", *dir;
> + int map_fd = -1, prog_fd, err, fds[2];
> + struct btf *btf = NULL;
[ ... ]
> + prog_fd = syscall(__NR_bpf, BPF_PROG_LOAD, &attr,
> + offsetofend(union bpf_attr, keyring_id));
> + err = prog_fd < 0 ? -errno : prog_fd;
> + if (prog_fd >= 0)
> + close(prog_fd);
> +
> + ASSERT_EQ(err, -EACCES, "module kfunc BTF in signed program rejected");
> +cleanup:
> + if (btf)
> + btf__free(btf);
> + if (map_fd >= 0)
> + close(map_fd);
This isn't a bug, but was map_fd meant to be dropped from this test?
It's initialized to -1 and never changed, so the cleanup branch is
unreachable. The sibling tests signed_map_by_fd_rejected and
signed_sparse_fd_array_rejected create and close a map_fd, but
signed_module_kfunc_rejected only uses BTF fds and never assigns
map_fd.
> + run_setup("cleanup", dir);
> +}
[ ... ]
---
AI reviewed your patch. Please fix the bug or email reply why it's not a bug.
See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md
CI run summary: https://github.com/kernel-patches/bpf/actions/runs/28599478014
More information about the Linux-security-module-archive
mailing list