| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAPhsuW5HJuRYPucfvDbs25un7_D8JJnt=7zNUJ1utY3O_VMeSw@mail.gmail.com>
Date: Tue, 4 Mar 2025 15:19:41 -0800
From: Song Liu <song@...nel.org>
To: Blaise Boscaccy <bboscaccy@...ux.microsoft.com>
Cc: Paul Moore <paul@...l-moore.com>, James Morris <jmorris@...ei.org>,
"Serge E. Hallyn" <serge@...lyn.com>, Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>, John Fastabend <john.fastabend@...il.com>,
Andrii Nakryiko <andrii@...nel.org>, Martin KaFai Lau <martin.lau@...ux.dev>,
Eduard Zingerman <eddyz87@...il.com>, Yonghong Song <yonghong.song@...ux.dev>,
KP Singh <kpsingh@...nel.org>, Stanislav Fomichev <sdf@...ichev.me>, Hao Luo <haoluo@...gle.com>,
Jiri Olsa <jolsa@...nel.org>, Stephen Smalley <stephen.smalley.work@...il.com>,
Ondrej Mosnacek <omosnace@...hat.com>, linux-security-module@...r.kernel.org,
linux-kernel@...r.kernel.org, bpf@...r.kernel.org, selinux@...r.kernel.org
Subject: Re: [PATCH v4 bpf-next 2/2] selftests/bpf: Add is_kernel parameter to
LSM/bpf test programs
On Tue, Mar 4, 2025 at 12:31 PM Blaise Boscaccy
<bboscaccy@...ux.microsoft.com> wrote:
>
> The security_bpf LSM hook now contains a boolean parameter specifying
> whether an invocation of the bpf syscall originated from within the
> kernel. Here, we update the function signature of relevant test
> programs to include that new parameter.
>
> Signed-off-by: Blaise Boscaccy bboscaccy@...ux.microsoft.com
^^^ The email address is broken.
> ---
> tools/testing/selftests/bpf/progs/rcu_read_lock.c | 3 ++-
> tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c | 4 ++--
> tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c | 6 +++---
> tools/testing/selftests/bpf/progs/test_lookup_key.c | 2 +-
> tools/testing/selftests/bpf/progs/test_ptr_untrusted.c | 2 +-
> tools/testing/selftests/bpf/progs/test_task_under_cgroup.c | 2 +-
> tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c | 2 +-
> 7 files changed, 11 insertions(+), 10 deletions(-)
It appears you missed a few of these?
tools/testing/selftests/bpf/progs/rcu_read_lock.c:SEC("?lsm.s/bpf")
tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c:SEC("lsm/bpf")
tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c:SEC("lsm.s/bpf")
tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c:SEC("?lsm.s/bpf")
tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c:SEC("?lsm.s/bpf")
tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c:SEC("lsm.s/bpf")
tools/testing/selftests/bpf/progs/test_libbpf_get_fd_by_id_opts.c:SEC("lsm/bpf_map")
tools/testing/selftests/bpf/progs/test_lookup_key.c:SEC("lsm.s/bpf")
tools/testing/selftests/bpf/progs/test_ptr_untrusted.c:SEC("lsm.s/bpf")
tools/testing/selftests/bpf/progs/test_task_under_cgroup.c:SEC("lsm.s/bpf")
tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c:SEC("lsm.s/bpf")
tools/testing/selftests/bpf/progs/token_lsm.c:SEC("lsm/bpf_token_capable")
tools/testing/selftests/bpf/progs/token_lsm.c:SEC("lsm/bpf_token_cmd")
tools/testing/selftests/bpf/progs/verifier_global_subprogs.c:SEC("?lsm/bpf")
tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")
tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")
tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")
tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")
tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")
tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")
tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")
>
> diff --git a/tools/testing/selftests/bpf/progs/rcu_read_lock.c b/tools/testing/selftests/bpf/progs/rcu_read_lock.c
> index ab3a532b7dd6d..f85d0e282f2ae 100644
> --- a/tools/testing/selftests/bpf/progs/rcu_read_lock.c
> +++ b/tools/testing/selftests/bpf/progs/rcu_read_lock.c
> @@ -242,7 +242,8 @@ int inproper_sleepable_helper(void *ctx)
> }
>
> SEC("?lsm.s/bpf")
> -int BPF_PROG(inproper_sleepable_kfunc, int cmd, union bpf_attr *attr, unsigned int size)
> +int BPF_PROG(inproper_sleepable_kfunc, int cmd, union bpf_attr *attr, unsigned int size,
> + bool is_kernel)
> {
> struct bpf_key *bkey;
>
> diff --git a/tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c b/tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c
> index 44628865fe1d4..0e741262138f2 100644
> --- a/tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c
> +++ b/tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c
> @@ -51,13 +51,13 @@ static int bpf_link_create_verify(int cmd)
> }
>
> SEC("lsm/bpf")
> -int BPF_PROG(lsm_run, int cmd, union bpf_attr *attr, unsigned int size)
> +int BPF_PROG(lsm_run, int cmd, union bpf_attr *attr, unsigned int size, bool is_kernel)
> {
> return bpf_link_create_verify(cmd);
> }
>
> SEC("lsm.s/bpf")
> -int BPF_PROG(lsm_s_run, int cmd, union bpf_attr *attr, unsigned int size)
> +int BPF_PROG(lsm_s_run, int cmd, union bpf_attr *attr, unsigned int size, bool is_kernel)
> {
> return bpf_link_create_verify(cmd);
> }
> diff --git a/tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c b/tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c
> index cd4d752bd089c..ce36a55ba5b8b 100644
> --- a/tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c
> +++ b/tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c
> @@ -36,7 +36,7 @@ char _license[] SEC("license") = "GPL";
>
> SEC("?lsm.s/bpf")
> __failure __msg("cannot pass in dynptr at an offset=-8")
> -int BPF_PROG(not_valid_dynptr, int cmd, union bpf_attr *attr, unsigned int size)
> +int BPF_PROG(not_valid_dynptr, int cmd, union bpf_attr *attr, unsigned int size, bool is_kernel)
> {
> unsigned long val;
>
> @@ -46,7 +46,7 @@ int BPF_PROG(not_valid_dynptr, int cmd, union bpf_attr *attr, unsigned int size)
>
> SEC("?lsm.s/bpf")
> __failure __msg("arg#0 expected pointer to stack or const struct bpf_dynptr")
> -int BPF_PROG(not_ptr_to_stack, int cmd, union bpf_attr *attr, unsigned int size)
> +int BPF_PROG(not_ptr_to_stack, int cmd, union bpf_attr *attr, unsigned int size, bool is_kernel)
> {
> unsigned long val = 0;
>
> @@ -55,7 +55,7 @@ int BPF_PROG(not_ptr_to_stack, int cmd, union bpf_attr *attr, unsigned int size)
> }
>
> SEC("lsm.s/bpf")
> -int BPF_PROG(dynptr_data_null, int cmd, union bpf_attr *attr, unsigned int size)
> +int BPF_PROG(dynptr_data_null, int cmd, union bpf_attr *attr, unsigned int size, bool is_kernel)
> {
> struct bpf_key *trusted_keyring;
> struct bpf_dynptr ptr;
> diff --git a/tools/testing/selftests/bpf/progs/test_lookup_key.c b/tools/testing/selftests/bpf/progs/test_lookup_key.c
> index c73776990ae30..c46077e01a4ca 100644
> --- a/tools/testing/selftests/bpf/progs/test_lookup_key.c
> +++ b/tools/testing/selftests/bpf/progs/test_lookup_key.c
> @@ -23,7 +23,7 @@ extern struct bpf_key *bpf_lookup_system_key(__u64 id) __ksym;
> extern void bpf_key_put(struct bpf_key *key) __ksym;
>
> SEC("lsm.s/bpf")
> -int BPF_PROG(bpf, int cmd, union bpf_attr *attr, unsigned int size)
> +int BPF_PROG(bpf, int cmd, union bpf_attr *attr, unsigned int size, bool is_kernel)
> {
> struct bpf_key *bkey;
> __u32 pid;
> diff --git a/tools/testing/selftests/bpf/progs/test_ptr_untrusted.c b/tools/testing/selftests/bpf/progs/test_ptr_untrusted.c
> index 2fdc44e766248..21fce1108a21d 100644
> --- a/tools/testing/selftests/bpf/progs/test_ptr_untrusted.c
> +++ b/tools/testing/selftests/bpf/progs/test_ptr_untrusted.c
> @@ -7,7 +7,7 @@
> char tp_name[128];
>
> SEC("lsm.s/bpf")
> -int BPF_PROG(lsm_run, int cmd, union bpf_attr *attr, unsigned int size)
> +int BPF_PROG(lsm_run, int cmd, union bpf_attr *attr, unsigned int size, bool is_kernel)
> {
> switch (cmd) {
> case BPF_RAW_TRACEPOINT_OPEN:
> diff --git a/tools/testing/selftests/bpf/progs/test_task_under_cgroup.c b/tools/testing/selftests/bpf/progs/test_task_under_cgroup.c
> index 7e750309ce274..18ad24a851c6c 100644
> --- a/tools/testing/selftests/bpf/progs/test_task_under_cgroup.c
> +++ b/tools/testing/selftests/bpf/progs/test_task_under_cgroup.c
> @@ -49,7 +49,7 @@ int BPF_PROG(tp_btf_run, struct task_struct *task, u64 clone_flags)
> }
>
> SEC("lsm.s/bpf")
> -int BPF_PROG(lsm_run, int cmd, union bpf_attr *attr, unsigned int size)
> +int BPF_PROG(lsm_run, int cmd, union bpf_attr *attr, unsigned int size, bool is_kernel)
> {
> struct cgroup *cgrp = NULL;
> struct task_struct *task;
> diff --git a/tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c b/tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c
> index 12034a73ee2d2..135665f011c7e 100644
> --- a/tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c
> +++ b/tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c
> @@ -37,7 +37,7 @@ struct {
> char _license[] SEC("license") = "GPL";
>
> SEC("lsm.s/bpf")
> -int BPF_PROG(bpf, int cmd, union bpf_attr *attr, unsigned int size)
> +int BPF_PROG(bpf, int cmd, union bpf_attr *attr, unsigned int size, bool is_kernel)
> {
> struct bpf_dynptr data_ptr, sig_ptr;
> struct data *data_val;
> --
> 2.48.1
>
Powered by blists - more mailing lists