[PATCH bpf-next v3 5/6] selftests/bpf: Verify load-time signed loader metadata

bot+bpf-ci at kernel.org bot+bpf-ci at kernel.org
Thu Jul 2 15:17:12 UTC 2026


> diff --git a/tools/testing/selftests/bpf/prog_tests/signed_loader.c b/tools/testing/selftests/bpf/prog_tests/signed_loader.c
> index 5fc417e31fc6..b3ac3d9b0e31 100644
> --- a/tools/testing/selftests/bpf/prog_tests/signed_loader.c
> +++ b/tools/testing/selftests/bpf/prog_tests/signed_loader.c

[ ... ]

> @@ -1090,20 +1173,462 @@ static void lsm_signature_verdict(void)
>  	test_signed_loader_lsm__destroy(lsm);
>  }
>
> +static void signed_module_kfunc_rejected(void)
> +{
> +	struct bpf_insn insns[] = {
> +		BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, BPF_PSEUDO_KFUNC_CALL, 1, 1),
> +		BPF_MOV64_IMM(BPF_REG_0, 0),
> +		BPF_EXIT_INSN(),
> +	};
> +	char dir_tmpl[] = "/tmp/signed_loader_kfnXXXXXX", *dir;
> +	int map_fd = -1, prog_fd, err, fds[2];
> +	struct btf *btf = NULL;

[ ... ]

> +	prog_fd = syscall(__NR_bpf, BPF_PROG_LOAD, &attr,
> +			  offsetofend(union bpf_attr, keyring_id));
> +	err = prog_fd < 0 ? -errno : prog_fd;
> +	if (prog_fd >= 0)
> +		close(prog_fd);
> +
> +	ASSERT_EQ(err, -EACCES, "module kfunc BTF in signed program rejected");
> +cleanup:
> +	if (btf)
> +		btf__free(btf);
> +	if (map_fd >= 0)
> +		close(map_fd);

This isn't a bug, but was map_fd meant to be dropped from this test?
It's initialized to -1 and never changed, so the cleanup branch is
unreachable. The sibling tests signed_map_by_fd_rejected and
signed_sparse_fd_array_rejected create and close a map_fd, but
signed_module_kfunc_rejected only uses BTF fds and never assigns
map_fd.

> +	run_setup("cleanup", dir);
> +}

[ ... ]


---
AI reviewed your patch. Please fix the bug or email reply why it's not a bug.
See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md

CI run summary: https://github.com/kernel-patches/bpf/actions/runs/28599478014


More information about the Linux-security-module-archive mailing list