lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAPhsuW6+vrRG57=7sxTjv0J1njJ-H0usx18xx_sWA+U2oZBtDA@mail.gmail.com>
Date: Tue, 4 Mar 2025 19:27:09 -0800
From: Song Liu <song@...nel.org>
To: Blaise Boscaccy <bboscaccy@...ux.microsoft.com>
Cc: Paul Moore <paul@...l-moore.com>, James Morris <jmorris@...ei.org>, 
	"Serge E. Hallyn" <serge@...lyn.com>, Alexei Starovoitov <ast@...nel.org>, 
	Daniel Borkmann <daniel@...earbox.net>, John Fastabend <john.fastabend@...il.com>, 
	Andrii Nakryiko <andrii@...nel.org>, Martin KaFai Lau <martin.lau@...ux.dev>, 
	Eduard Zingerman <eddyz87@...il.com>, Yonghong Song <yonghong.song@...ux.dev>, 
	KP Singh <kpsingh@...nel.org>, Stanislav Fomichev <sdf@...ichev.me>, Hao Luo <haoluo@...gle.com>, 
	Jiri Olsa <jolsa@...nel.org>, Stephen Smalley <stephen.smalley.work@...il.com>, 
	Ondrej Mosnacek <omosnace@...hat.com>, linux-security-module@...r.kernel.org, 
	linux-kernel@...r.kernel.org, bpf@...r.kernel.org, selinux@...r.kernel.org
Subject: Re: [PATCH v4 bpf-next 2/2] selftests/bpf: Add is_kernel parameter to
 LSM/bpf test programs

On Tue, Mar 4, 2025 at 4:36 PM Blaise Boscaccy
<bboscaccy@...ux.microsoft.com> wrote:
>
> Song Liu <song@...nel.org> writes:
>
> > On Tue, Mar 4, 2025 at 12:31 PM Blaise Boscaccy
> > <bboscaccy@...ux.microsoft.com> wrote:
> >>
> >> The security_bpf LSM hook now contains a boolean parameter specifying
> >> whether an invocation of the bpf syscall originated from within the
> >> kernel. Here, we update the function signature of relevant test
> >> programs to include that new parameter.
> >>
> >> Signed-off-by: Blaise Boscaccy bboscaccy@...ux.microsoft.com
> > ^^^ The email address is broken.
> >
>
> Whoops, appologies, will get that fixed.
>
> >> ---
> >>  tools/testing/selftests/bpf/progs/rcu_read_lock.c           | 3 ++-
> >>  tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c  | 4 ++--
> >>  tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c | 6 +++---
> >>  tools/testing/selftests/bpf/progs/test_lookup_key.c         | 2 +-
> >>  tools/testing/selftests/bpf/progs/test_ptr_untrusted.c      | 2 +-
> >>  tools/testing/selftests/bpf/progs/test_task_under_cgroup.c  | 2 +-
> >>  tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c   | 2 +-
> >>  7 files changed, 11 insertions(+), 10 deletions(-)
> >
> > It appears you missed a few of these?
> >
>
> Some of these don't require any changes. I ran into this as well while doing a
> search.
>
> These are all accounted for in the patch.
> > tools/testing/selftests/bpf/progs/rcu_read_lock.c:SEC("?lsm.s/bpf")
> > tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c:SEC("lsm/bpf")
> > tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c:SEC("lsm.s/bpf")
> > tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c:SEC("?lsm.s/bpf")
> > tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c:SEC("?lsm.s/bpf")
> > tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c:SEC("lsm.s/bpf")
>
> security_bpf_map wasn't altered, it can't be called from the kernel. No
> changes needed.
> > tools/testing/selftests/bpf/progs/test_libbpf_get_fd_by_id_opts.c:SEC("lsm/bpf_map")
>
> These are also all accounted for in the patch.
> > tools/testing/selftests/bpf/progs/test_lookup_key.c:SEC("lsm.s/bpf")
> > tools/testing/selftests/bpf/progs/test_ptr_untrusted.c:SEC("lsm.s/bpf")
> > tools/testing/selftests/bpf/progs/test_task_under_cgroup.c:SEC("lsm.s/bpf")
> > tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c:SEC("lsm.s/bpf")
>
> bpf_token_cmd and bpf_token_capabable aren't callable from the kernel,
> no changes to that hook either currently.
>
> > tools/testing/selftests/bpf/progs/token_lsm.c:SEC("lsm/bpf_token_capable")
> > tools/testing/selftests/bpf/progs/token_lsm.c:SEC("lsm/bpf_token_cmd")
>
>
> This program doesn't take any parameters currently.
> > tools/testing/selftests/bpf/progs/verifier_global_subprogs.c:SEC("?lsm/bpf")
>
> These are all naked calls that don't take any explicit parameters.
> > tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")
> > tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")
> > tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")
> > tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")
> > tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")
> > tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")
> > tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")

Thanks for the explanation. I think we can keep this part as-is.

Song

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ