lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAPhsuW6hmKjJF5gYvp=9Jue2N6oW8-Mj-LdFbGnQVwW1bTB=qg@mail.gmail.com>
Date: Tue, 2 Dec 2025 10:39:06 -0800
From: Song Liu <song@...nel.org>
To: Shuran Liu <electronlsr@...il.com>
Cc: mattbobrowski@...gle.com, bpf@...r.kernel.org, ast@...nel.org, 
	daniel@...earbox.net, andrii@...nel.org, martin.lau@...ux.dev, 
	eddyz87@...il.com, yonghong.song@...ux.dev, john.fastabend@...il.com, 
	kpsingh@...nel.org, sdf@...ichev.me, haoluo@...gle.com, jolsa@...nel.org, 
	rostedt@...dmis.org, mhiramat@...nel.org, mathieu.desnoyers@...icios.com, 
	linux-kernel@...r.kernel.org, linux-trace-kernel@...r.kernel.org, 
	dxu@...uu.xyz, linux-kselftest@...r.kernel.org, shuah@...nel.org, 
	Zesen Liu <ftyg@...e.com>, Peili Gao <gplhust955@...il.com>, Haoran Ni <haoran.ni.cs@...il.com>
Subject: Re: [PATCH bpf v3 2/2] selftests/bpf: fix and consolidate d_path LSM
 regression test

On Tue, Dec 2, 2025 at 6:20 AM Shuran Liu <electronlsr@...il.com> wrote:
>
> Add a regression test for bpf_d_path() when invoked from an LSM program.
> The test attaches to the bprm_check_security hook, calls bpf_d_path() on
> the binary being executed, and verifies that a simple prefix comparison on
> the returned pathname behaves correctly after the fix in patch 1.

I don't get why we add this selftest here. It doesn't appear to be related to
patch 1/2.

>
> To avoid nondeterminism, the LSM program now filters based on the
> expected PID, which is populated from userspace before the test binary is
> executed. This prevents unrelated processes that also trigger the
> bprm_check_security LSM hook from overwriting test results. Parent and
> child processes are synchronized through a pipe to ensure the PID is set
> before the child execs the test binary.

The paragraph above is not really necessary. Just curious, did some AI
write it?

>
> Per review feedback, the new LSM coverage is merged into the existing
> d_path selftest rather than adding new prog_tests/ or progs/ files. The
> loop that checks the pathname prefix now uses bpf_for(), which is a
> verifier-friendly way to express a small, fixed-iteration loop, and the
> temporary /tmp/bpf_d_path_test binary is removed in the test cleanup
> path.
>
> Co-developed-by: Zesen Liu <ftyg@...e.com>
> Signed-off-by: Zesen Liu <ftyg@...e.com>
> Co-developed-by: Peili Gao <gplhust955@...il.com>
> Signed-off-by: Peili Gao <gplhust955@...il.com>
> Co-developed-by: Haoran Ni <haoran.ni.cs@...il.com>
> Signed-off-by: Haoran Ni <haoran.ni.cs@...il.com>
> Signed-off-by: Shuran Liu <electronlsr@...il.com>
> Reviewed-by: Matt Bobrowski <mattbobrowski@...gle.com>
> ---
>  .../testing/selftests/bpf/prog_tests/d_path.c | 65 +++++++++++++++++++
>  .../testing/selftests/bpf/progs/test_d_path.c | 33 ++++++++++
>  2 files changed, 98 insertions(+)
>
> diff --git a/tools/testing/selftests/bpf/prog_tests/d_path.c b/tools/testing/selftests/bpf/prog_tests/d_path.c
> index ccc768592e66..202b44e6f482 100644
> --- a/tools/testing/selftests/bpf/prog_tests/d_path.c
> +++ b/tools/testing/selftests/bpf/prog_tests/d_path.c
> @@ -195,6 +195,68 @@ static void test_d_path_check_types(void)
>         test_d_path_check_types__destroy(skel);
>  }
>
> +static void test_d_path_lsm(void)
> +{
> +       struct test_d_path *skel;
> +       int err;
> +       int pipefd[2];
> +       pid_t pid;
> +
> +       skel = test_d_path__open_and_load();
> +       if (!ASSERT_OK_PTR(skel, "d_path skeleton failed"))
> +               return;
> +
> +       err = test_d_path__attach(skel);
> +       if (!ASSERT_OK(err, "attach failed"))
> +               goto cleanup;
> +
> +       /* Prepare the test binary */
> +       system("cp /bin/true /tmp/bpf_d_path_test 2>/dev/null || :");
> +
> +       if (!ASSERT_OK(pipe(pipefd), "pipe failed"))
> +               goto cleanup;
> +
> +       pid = fork();
> +       if (!ASSERT_GE(pid, 0, "fork failed")) {
> +               close(pipefd[0]);
> +               close(pipefd[1]);
> +               goto cleanup;
> +       }
> +
> +       if (pid == 0) {
> +               /* Child */
> +               char buf;
> +
> +               close(pipefd[1]);
> +               /* Wait for parent to set PID in BPF map */
> +               if (read(pipefd[0], &buf, 1) != 1)
> +                       exit(1);
> +               close(pipefd[0]);
> +               execl("/tmp/bpf_d_path_test", "/tmp/bpf_d_path_test", NULL);
> +               exit(1);
> +       }
> +
> +       /* Parent */
> +       close(pipefd[0]);
> +
> +       /* Update BPF map with child PID */
> +       skel->bss->my_pid = pid;
> +
> +       /* Signal child to proceed */
> +       write(pipefd[1], "G", 1);
> +       close(pipefd[1]);
> +
> +       /* Wait for child */
> +       waitpid(pid, NULL, 0);
> +
> +       ASSERT_EQ(skel->bss->called_lsm, 1, "lsm hook called");
> +       ASSERT_EQ(skel->bss->lsm_match, 1, "lsm match");
> +
> +cleanup:
> +       unlink("/tmp/bpf_d_path_test");
> +       test_d_path__destroy(skel);
> +}
> +
>  void test_d_path(void)
>  {
>         if (test__start_subtest("basic"))
> @@ -205,4 +267,7 @@ void test_d_path(void)
>
>         if (test__start_subtest("check_alloc_mem"))
>                 test_d_path_check_types();
> +
> +       if (test__start_subtest("lsm"))
> +               test_d_path_lsm();
>  }
> diff --git a/tools/testing/selftests/bpf/progs/test_d_path.c b/tools/testing/selftests/bpf/progs/test_d_path.c
> index 84e1f883f97b..9ae36eabcd07 100644
> --- a/tools/testing/selftests/bpf/progs/test_d_path.c
> +++ b/tools/testing/selftests/bpf/progs/test_d_path.c
> @@ -17,6 +17,8 @@ int rets_close[MAX_FILES] = {};
>
>  int called_stat = 0;
>  int called_close = 0;
> +int called_lsm = 0;
> +int lsm_match = 0;
>
>  SEC("fentry/security_inode_getattr")
>  int BPF_PROG(prog_stat, struct path *path, struct kstat *stat,
> @@ -62,4 +64,35 @@ int BPF_PROG(prog_close, struct file *file, void *id)
>         return 0;
>  }
>
> +SEC("lsm/bprm_check_security")
> +int BPF_PROG(prog_lsm, struct linux_binprm *bprm)
> +{
> +       pid_t pid = bpf_get_current_pid_tgid() >> 32;
> +       char path[MAX_PATH_LEN] = {};
> +       int ret;
> +
> +       if (pid != my_pid)
> +               return 0;
> +
> +       called_lsm = 1;
> +       ret = bpf_d_path(&bprm->file->f_path, path, MAX_PATH_LEN);
> +       if (ret < 0)
> +               return 0;
> +
> +       {

This {} block is not necessary.

> +               static const char target_dir[] = "/tmp/";
> +               int i;
> +
> +               bpf_for(i, 0, sizeof(target_dir) - 1) {
> +                       if (path[i] != target_dir[i]) {
> +                               lsm_match = -1; /* mismatch */
> +                               return 0;
> +                       }
> +               }
> +       }
> +
> +       lsm_match = 1; /* prefix match */
> +       return 0;
> +}
> +
>  char _license[] SEC("license") = "GPL";
> --
> 2.52.0
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ