[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240726-frequentieren-undenkbar-5b816a3b8876@brauner>
Date: Fri, 26 Jul 2024 09:06:24 +0200
From: Christian Brauner <brauner@...nel.org>
To: Song Liu <song@...nel.org>
Cc: bpf@...r.kernel.org, linux-fsdevel@...r.kernel.org,
linux-kernel@...r.kernel.org, kernel-team@...a.com, andrii@...nel.org, eddyz87@...il.com,
ast@...nel.org, daniel@...earbox.net, martin.lau@...ux.dev,
viro@...iv.linux.org.uk, jack@...e.cz, kpsingh@...nel.org, mattbobrowski@...gle.com
Subject: Re: [PATCH bpf-next 2/2] selftests/bpf: Add tests for
bpf_get_dentry_xattr
On Thu, Jul 25, 2024 at 04:47:06PM GMT, Song Liu wrote:
> 1. Rename fs_kfuncs/xattr to fs_kfuncs/file_xattr and add a call of
> bpf_get_dentry_xattr() to the test.
> 2. Add a new sub test fs_kfuncs/dentry_xattr, which checks 3 levels of
> parent directories for xattr. This demonstrate the use case that
> a xattr on a directory is used to tag all files in the directory and
> sub directories.
>
> Signed-off-by: Song Liu <song@...nel.org>
> ---
> .../selftests/bpf/prog_tests/fs_kfuncs.c | 61 +++++++++++++++++--
> .../selftests/bpf/progs/test_dentry_xattr.c | 46 ++++++++++++++
> .../selftests/bpf/progs/test_get_xattr.c | 16 ++++-
> 3 files changed, 117 insertions(+), 6 deletions(-)
> create mode 100644 tools/testing/selftests/bpf/progs/test_dentry_xattr.c
>
> diff --git a/tools/testing/selftests/bpf/prog_tests/fs_kfuncs.c b/tools/testing/selftests/bpf/prog_tests/fs_kfuncs.c
> index 37056ba73847..a960cfbe8907 100644
> --- a/tools/testing/selftests/bpf/prog_tests/fs_kfuncs.c
> +++ b/tools/testing/selftests/bpf/prog_tests/fs_kfuncs.c
> @@ -2,17 +2,19 @@
> /* Copyright (c) 2023 Meta Platforms, Inc. and affiliates. */
>
> #include <stdlib.h>
> +#include <sys/stat.h>
> #include <sys/types.h>
> #include <sys/xattr.h>
> #include <linux/fsverity.h>
> #include <unistd.h>
> #include <test_progs.h>
> #include "test_get_xattr.skel.h"
> +#include "test_dentry_xattr.skel.h"
> #include "test_fsverity.skel.h"
>
> static const char testfile[] = "/tmp/test_progs_fs_kfuncs";
>
> -static void test_xattr(void)
> +static void test_file_xattr(void)
> {
> struct test_get_xattr *skel = NULL;
> int fd = -1, err;
> @@ -50,7 +52,8 @@ static void test_xattr(void)
> if (!ASSERT_GE(fd, 0, "open_file"))
> goto out;
>
> - ASSERT_EQ(skel->bss->found_xattr, 1, "found_xattr");
> + ASSERT_EQ(skel->bss->found_xattr_from_file, 1, "found_xattr_from_file");
> + ASSERT_EQ(skel->bss->found_xattr_from_dentry, 1, "found_xattr_from_dentry");
>
> out:
> close(fd);
> @@ -58,6 +61,53 @@ static void test_xattr(void)
> remove(testfile);
> }
>
> +static void test_directory_xattr(void)
> +{
> + struct test_dentry_xattr *skel = NULL;
> + static const char * const paths[] = {
> + "/tmp/a",
> + "/tmp/a/b",
> + "/tmp/a/b/c",
> + };
> + const char *file = "/tmp/a/b/c/d";
> + int i, j, err, fd;
> +
> + for (i = 0; i < sizeof(paths) / sizeof(char *); i++) {
> + err = mkdir(paths[i], 0755);
> + if (!ASSERT_OK(err, "mkdir"))
> + goto out;
> + err = setxattr(paths[i], "user.kfunc", "hello", sizeof("hello"), 0);
> + if (!ASSERT_OK(err, "setxattr")) {
> + i++;
> + goto out;
> + }
> + }
> +
> + skel = test_dentry_xattr__open_and_load();
> +
> + if (!ASSERT_OK_PTR(skel, "test_dentry_xattr__open_and_load"))
> + goto out;
> +
> + skel->bss->monitored_pid = getpid();
> + err = test_dentry_xattr__attach(skel);
> +
> + if (!ASSERT_OK(err, "test_dentry__xattr__attach"))
> + goto out;
> +
> + fd = open(file, O_CREAT | O_RDONLY, 0644);
> + if (!ASSERT_GE(fd, 0, "open_file"))
> + goto out;
> +
> + ASSERT_EQ(skel->bss->number_of_xattr_found, 3, "number_of_xattr_found");
> + close(fd);
> +out:
> + test_dentry_xattr__destroy(skel);
> + remove(file);
> + for (j = i - 1; j >= 0; j--)
> + rmdir(paths[j]);
> +}
> +
> +
> #ifndef SHA256_DIGEST_SIZE
> #define SHA256_DIGEST_SIZE 32
> #endif
> @@ -134,8 +184,11 @@ static void test_fsverity(void)
>
> void test_fs_kfuncs(void)
> {
> - if (test__start_subtest("xattr"))
> - test_xattr();
> + if (test__start_subtest("file_xattr"))
> + test_file_xattr();
> +
> + if (test__start_subtest("dentry_xattr"))
> + test_directory_xattr();
>
> if (test__start_subtest("fsverity"))
> test_fsverity();
> diff --git a/tools/testing/selftests/bpf/progs/test_dentry_xattr.c b/tools/testing/selftests/bpf/progs/test_dentry_xattr.c
> new file mode 100644
> index 000000000000..d2e378b2e2d5
> --- /dev/null
> +++ b/tools/testing/selftests/bpf/progs/test_dentry_xattr.c
> @@ -0,0 +1,46 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/* Copyright (c) 2024 Meta Platforms, Inc. and affiliates. */
> +
> +#include "vmlinux.h"
> +#include <bpf/bpf_tracing.h>
> +#include "bpf_kfuncs.h"
> +
> +char _license[] SEC("license") = "GPL";
> +
> +__u32 monitored_pid;
> +__u32 number_of_xattr_found;
> +
> +static const char expected_value[] = "hello";
> +char value[32];
> +
> +SEC("lsm.s/file_open")
> +int BPF_PROG(test_file_open, struct file *f)
> +{
> + struct bpf_dynptr value_ptr;
> + struct dentry *dentry, *prev_dentry;
> + __u32 pid, matches = 0;
> + int i, ret;
> +
> + pid = bpf_get_current_pid_tgid() >> 32;
> + if (pid != monitored_pid)
> + return 0;
> +
> + bpf_dynptr_from_mem(value, sizeof(value), 0, &value_ptr);
> +
> + dentry = bpf_file_dentry(f);
> +
> + for (i = 0; i < 10; i++) {
> + ret = bpf_get_dentry_xattr(dentry, "user.kfunc", &value_ptr);
> + if (ret == sizeof(expected_value) &&
> + !bpf_strncmp(value, ret, expected_value))
> + matches++;
> +
> + prev_dentry = dentry;
> + dentry = bpf_dget_parent(prev_dentry);
Why do you need to walk upwards and instead of reading the xattr values
during security_inode_permission()?
> + bpf_dput(prev_dentry);
> + }
> +
> + bpf_dput(dentry);
> + number_of_xattr_found = matches;
> + return 0;
> +}
> diff --git a/tools/testing/selftests/bpf/progs/test_get_xattr.c b/tools/testing/selftests/bpf/progs/test_get_xattr.c
> index 7eb2a4e5a3e5..3b0dc6106ca5 100644
> --- a/tools/testing/selftests/bpf/progs/test_get_xattr.c
> +++ b/tools/testing/selftests/bpf/progs/test_get_xattr.c
> @@ -9,7 +9,8 @@
> char _license[] SEC("license") = "GPL";
>
> __u32 monitored_pid;
> -__u32 found_xattr;
> +__u32 found_xattr_from_file;
> +__u32 found_xattr_from_dentry;
>
> static const char expected_value[] = "hello";
> char value[32];
> @@ -18,6 +19,7 @@ SEC("lsm.s/file_open")
> int BPF_PROG(test_file_open, struct file *f)
> {
> struct bpf_dynptr value_ptr;
> + struct dentry *dentry;
> __u32 pid;
> int ret;
>
> @@ -32,6 +34,16 @@ int BPF_PROG(test_file_open, struct file *f)
> return 0;
> if (bpf_strncmp(value, ret, expected_value))
> return 0;
> - found_xattr = 1;
> + found_xattr_from_file = 1;
> +
> + dentry = bpf_file_dentry(f);
> + ret = bpf_get_dentry_xattr(dentry, "user.kfuncs", &value_ptr);
> + bpf_dput(dentry);
> + if (ret != sizeof(expected_value))
> + return 0;
> + if (bpf_strncmp(value, ret, expected_value))
> + return 0;
> + found_xattr_from_dentry = 1;
> +
> return 0;
> }
> --
> 2.43.0
>
Powered by blists - more mailing lists