Commit 7987f162 authored by Blaise Boscaccy's avatar Blaise Boscaccy Committed by Alexei Starovoitov
Browse files

selftests/bpf: Add a kernel flag test for LSM bpf hook 



This test exercises the kernel flag added to security_bpf by
effectively blocking light-skeletons from loading while allowing
normal skeletons to function as-is. Since this should work with any
arbitrary BPF program, an existing program from LSKELS_EXTRA was
used as a test payload.

Signed-off-by: default avatarBlaise Boscaccy <bboscaccy@linux.microsoft.com>
Acked-by: default avatarSong Liu <song@kernel.org>
Link: https://lore.kernel.org/r/20250310221737.821889-3-bboscaccy@linux.microsoft.com


Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
parent 082f1db0

tools/testing/selftests/bpf/prog_tests/kernel_flag.c

0 → 100644
+43 −0
Original line number Diff line number Diff line 
// SPDX-License-Identifier: GPL-2.0

/* Copyright (c) 2025 Microsoft */

#include <test_progs.h>

#include "kfunc_call_test.skel.h"

#include "kfunc_call_test.lskel.h"

#include "test_kernel_flag.skel.h"



void test_kernel_flag(void)

{

	struct test_kernel_flag *lsm_skel;

	struct kfunc_call_test *skel = NULL;

	struct kfunc_call_test_lskel *lskel = NULL;

	int ret;



	lsm_skel = test_kernel_flag__open_and_load();

	if (!ASSERT_OK_PTR(lsm_skel, "lsm_skel"))

		return;



	lsm_skel->bss->monitored_tid = gettid();



	ret = test_kernel_flag__attach(lsm_skel);

	if (!ASSERT_OK(ret, "test_kernel_flag__attach"))

		goto close_prog;



	/* Test with skel. This should pass the gatekeeper */

	skel = kfunc_call_test__open_and_load();

	if (!ASSERT_OK_PTR(skel, "skel"))

		goto close_prog;



	/* Test with lskel. This should fail due to blocking kernel-based bpf() invocations */

	lskel = kfunc_call_test_lskel__open_and_load();

	if (!ASSERT_ERR_PTR(lskel, "lskel"))

		goto close_prog;



close_prog:

	if (skel)

		kfunc_call_test__destroy(skel);

	if (lskel)

		kfunc_call_test_lskel__destroy(lskel);



	lsm_skel->bss->monitored_tid = 0;

	test_kernel_flag__destroy(lsm_skel);

}

tools/testing/selftests/bpf/progs/test_kernel_flag.c

0 → 100644
+28 −0
Original line number Diff line number Diff line 
// SPDX-License-Identifier: GPL-2.0



/*

 * Copyright (C) 2025 Microsoft Corporation

 *

 * Author: Blaise Boscaccy <bboscaccy@linux.microsoft.com>

 */



#include "vmlinux.h"

#include <errno.h>

#include <bpf/bpf_helpers.h>

#include <bpf/bpf_tracing.h>



char _license[] SEC("license") = "GPL";



__u32 monitored_tid;



SEC("lsm.s/bpf")

int BPF_PROG(bpf, int cmd, union bpf_attr *attr, unsigned int size, bool kernel)

{

	__u32 tid;



	tid = bpf_get_current_pid_tgid() & 0xFFFFFFFF;

	if (!kernel || tid != monitored_tid)

		return 0;

	else

		return -EINVAL;

}