| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAEf4Bza8FVL55qLds5ZWaKuz5Hw_r+bwg-MeXWX9H7ZsA_8ZJw@mail.gmail.com>
Date: Tue, 15 Jul 2025 14:51:41 -0700
From: Andrii Nakryiko <andrii.nakryiko@...il.com>
To: Tao Chen <chen.dylane@...ux.dev>
Cc: ast@...nel.org, daniel@...earbox.net, andrii@...nel.org,
martin.lau@...ux.dev, eddyz87@...il.com, song@...nel.org,
yonghong.song@...ux.dev, john.fastabend@...il.com, kpsingh@...nel.org,
sdf@...ichev.me, haoluo@...gle.com, jolsa@...nel.org, willemb@...gle.com,
kerneljasonxing@...il.com, bpf@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH bpf-next v2 2/2] bpf/selftests: Add selftests for token info
On Mon, Jul 14, 2025 at 8:59 PM Tao Chen <chen.dylane@...ux.dev> wrote:
>
> A previous change added bpf_token_info to get token info with
> bpf_get_obj_info_by_fd, this patch adds a new test for token info.
>
> #461/12 token/bpf_token_info:OK
>
> Signed-off-by: Tao Chen <chen.dylane@...ux.dev>
> ---
> .../testing/selftests/bpf/prog_tests/token.c | 39 +++++++++++++++++++
> 1 file changed, 39 insertions(+)
>
> diff --git a/tools/testing/selftests/bpf/prog_tests/token.c b/tools/testing/selftests/bpf/prog_tests/token.c
> index cfc032b910c..a16f25bdd4c 100644
> --- a/tools/testing/selftests/bpf/prog_tests/token.c
> +++ b/tools/testing/selftests/bpf/prog_tests/token.c
> @@ -1047,6 +1047,36 @@ static int userns_obj_priv_implicit_token_envvar(int mnt_fd, struct token_lsm *l
>
> #define bit(n) (1ULL << (n))
>
> +static int userns_bpf_token_info(int mnt_fd, struct token_lsm *lsm_skel)
> +{
> + int err, token_fd = -1;
> + struct bpf_token_info info;
> + u32 len = sizeof(struct bpf_token_info);
> +
> + /* create BPF token from BPF FS mount */
> + token_fd = bpf_token_create(mnt_fd, NULL);
> + if (!ASSERT_GT(token_fd, 0, "token_create")) {
> + err = -EINVAL;
> + goto cleanup;
> + }
> +
> + memset(&info, 0, len);
> + err = bpf_obj_get_info_by_fd(token_fd, &info, &len);
> + if (!ASSERT_ERR(err, "bpf_obj_get_token_info"))
> + goto cleanup;
> + if (!ASSERT_EQ(info.allowed_cmds, bit(BPF_MAP_CREATE), "token_info_cmds_map_create"))
> + goto cleanup;
> + if (!ASSERT_EQ(info.allowed_progs, bit(BPF_PROG_TYPE_XDP), "token_info_progs_xdp"))
> + goto cleanup;
nit: there is no harm in just doing a few ASSERT_EQ() checks
unconditionally, it's cleaner and more succinct (and either way you
return err == 0 in this case)
> +
> + /* The BPF_PROG_TYPE_EXT is not set in token */
> + ASSERT_EQ(info.allowed_progs, bit(BPF_PROG_TYPE_EXT), "token_info_progs_ext");
> +
> +cleanup:
> + zclose(token_fd);
> + return err;
> +}
> +
> void test_token(void)
> {
> if (test__start_subtest("map_token")) {
> @@ -1150,4 +1180,13 @@ void test_token(void)
>
> subtest_userns(&opts, userns_obj_priv_implicit_token_envvar);
> }
> + if (test__start_subtest("bpf_token_info")) {
> + struct bpffs_opts opts = {
> + .cmds = bit(BPF_MAP_CREATE),
> + .progs = bit(BPF_PROG_TYPE_XDP),
> + .attachs = ~0ULL,
> + };
> +
> + subtest_userns(&opts, userns_bpf_token_info);
> + }
> }
> --
> 2.48.1
>
Powered by blists - more mailing lists