1. Patchew
  2. linux
  3. [PATCH v2 bpf-next 0/2] Add bpf_get_dentry_xattr
  4. View patch

[PATCH v2 bpf-next 2/2] selftests/bpf: Add tests for bpf_get_dentry_xattr

Song Liu posted 2 patches 1 year, 6 months ago
There is a newer version of this series
[PATCH v2 bpf-next 2/2] selftests/bpf: Add tests for bpf_get_dentry_xattr
Posted by Song Liu 1 year, 6 months ago 
Add test for bpf_get_dentry_xattr on hook security_inode_getxattr.
Verify that the kfunc can read the xattr. Also test failing getxattr
from user space by returning non-zero from the LSM bpf program.

Signed-off-by: Song Liu <song@kernel.org>
---
 .../selftests/bpf/prog_tests/fs_kfuncs.c      |  9 ++++-
 .../selftests/bpf/progs/test_get_xattr.c      | 37 ++++++++++++++++---
 2 files changed, 40 insertions(+), 6 deletions(-)

diff --git a/tools/testing/selftests/bpf/prog_tests/fs_kfuncs.c b/tools/testing/selftests/bpf/prog_tests/fs_kfuncs.c
index 37056ba73847..5a0b51157451 100644
--- a/tools/testing/selftests/bpf/prog_tests/fs_kfuncs.c
+++ b/tools/testing/selftests/bpf/prog_tests/fs_kfuncs.c
@@ -16,6 +16,7 @@ static void test_xattr(void)
 {
 	struct test_get_xattr *skel = NULL;
 	int fd = -1, err;
+	int v[32];
 
 	fd = open(testfile, O_CREAT | O_RDONLY, 0644);
 	if (!ASSERT_GE(fd, 0, "create_file"))
@@ -50,7 +51,13 @@ static void test_xattr(void)
 	if (!ASSERT_GE(fd, 0, "open_file"))
 		goto out;
 
-	ASSERT_EQ(skel->bss->found_xattr, 1, "found_xattr");
+	ASSERT_EQ(skel->bss->found_xattr_from_file, 1, "found_xattr_from_file");
+
+	/* Trigger security_inode_getxattr */
+	err = getxattr(testfile, "user.kfuncs", v, sizeof(v));
+	ASSERT_EQ(err, -1, "getxattr_return");
+	ASSERT_EQ(errno, EINVAL, "getxattr_errno");
+	ASSERT_EQ(skel->bss->found_xattr_from_dentry, 1, "found_xattr_from_dentry");
 
 out:
 	close(fd);
diff --git a/tools/testing/selftests/bpf/progs/test_get_xattr.c b/tools/testing/selftests/bpf/progs/test_get_xattr.c
index 7eb2a4e5a3e5..66e737720f7c 100644
--- a/tools/testing/selftests/bpf/progs/test_get_xattr.c
+++ b/tools/testing/selftests/bpf/progs/test_get_xattr.c
@@ -2,6 +2,7 @@
 /* Copyright (c) 2023 Meta Platforms, Inc. and affiliates. */
 
 #include "vmlinux.h"
+#include <errno.h>
 #include <bpf/bpf_helpers.h>
 #include <bpf/bpf_tracing.h>
 #include "bpf_kfuncs.h"
@@ -9,10 +10,12 @@
 char _license[] SEC("license") = "GPL";
 
 __u32 monitored_pid;
-__u32 found_xattr;
+__u32 found_xattr_from_file;
+__u32 found_xattr_from_dentry;
 
 static const char expected_value[] = "hello";
-char value[32];
+char value1[32];
+char value2[32];
 
 SEC("lsm.s/file_open")
 int BPF_PROG(test_file_open, struct file *f)
@@ -25,13 +28,37 @@ int BPF_PROG(test_file_open, struct file *f)
 	if (pid != monitored_pid)
 		return 0;
 
-	bpf_dynptr_from_mem(value, sizeof(value), 0, &value_ptr);
+	bpf_dynptr_from_mem(value1, sizeof(value1), 0, &value_ptr);
 
 	ret = bpf_get_file_xattr(f, "user.kfuncs", &value_ptr);
 	if (ret != sizeof(expected_value))
 		return 0;
-	if (bpf_strncmp(value, ret, expected_value))
+	if (bpf_strncmp(value1, ret, expected_value))
 		return 0;
-	found_xattr = 1;
+	found_xattr_from_file = 1;
 	return 0;
 }
+
+SEC("lsm.s/inode_getxattr")
+int BPF_PROG(test_inode_getxattr, struct dentry *dentry, char *name)
+{
+	struct bpf_dynptr value_ptr;
+	__u32 pid;
+	int ret;
+
+	pid = bpf_get_current_pid_tgid() >> 32;
+	if (pid != monitored_pid)
+		return 0;
+
+	bpf_dynptr_from_mem(value2, sizeof(value2), 0, &value_ptr);
+
+	ret = bpf_get_dentry_xattr(dentry, "user.kfuncs", &value_ptr);
+	if (ret != sizeof(expected_value))
+		return 0;
+	if (bpf_strncmp(value2, ret, expected_value))
+		return 0;
+	found_xattr_from_dentry = 1;
+
+	/* return non-zero to fail getxattr from user space */
+	return -EINVAL;
+}
-- 
2.43.0
Re: [PATCH v2 bpf-next 2/2] selftests/bpf: Add tests for bpf_get_dentry_xattr
Posted by Alexei Starovoitov 1 year, 6 months ago 
On Tue, Jul 30, 2024 at 4:08 PM Song Liu <song@kernel.org> wrote:
>
> Add test for bpf_get_dentry_xattr on hook security_inode_getxattr.
> Verify that the kfunc can read the xattr. Also test failing getxattr
> from user space by returning non-zero from the LSM bpf program.
>
> Signed-off-by: Song Liu <song@kernel.org>
> ---
>  .../selftests/bpf/prog_tests/fs_kfuncs.c      |  9 ++++-
>  .../selftests/bpf/progs/test_get_xattr.c      | 37 ++++++++++++++++---
>  2 files changed, 40 insertions(+), 6 deletions(-)
>
> diff --git a/tools/testing/selftests/bpf/prog_tests/fs_kfuncs.c b/tools/testing/selftests/bpf/prog_tests/fs_kfuncs.c
> index 37056ba73847..5a0b51157451 100644
> --- a/tools/testing/selftests/bpf/prog_tests/fs_kfuncs.c
> +++ b/tools/testing/selftests/bpf/prog_tests/fs_kfuncs.c
> @@ -16,6 +16,7 @@ static void test_xattr(void)
>  {
>         struct test_get_xattr *skel = NULL;
>         int fd = -1, err;
> +       int v[32];
>
>         fd = open(testfile, O_CREAT | O_RDONLY, 0644);
>         if (!ASSERT_GE(fd, 0, "create_file"))
> @@ -50,7 +51,13 @@ static void test_xattr(void)
>         if (!ASSERT_GE(fd, 0, "open_file"))
>                 goto out;
>
> -       ASSERT_EQ(skel->bss->found_xattr, 1, "found_xattr");
> +       ASSERT_EQ(skel->bss->found_xattr_from_file, 1, "found_xattr_from_file");
> +
> +       /* Trigger security_inode_getxattr */
> +       err = getxattr(testfile, "user.kfuncs", v, sizeof(v));
> +       ASSERT_EQ(err, -1, "getxattr_return");
> +       ASSERT_EQ(errno, EINVAL, "getxattr_errno");
> +       ASSERT_EQ(skel->bss->found_xattr_from_dentry, 1, "found_xattr_from_dentry");
>
>  out:
>         close(fd);
> diff --git a/tools/testing/selftests/bpf/progs/test_get_xattr.c b/tools/testing/selftests/bpf/progs/test_get_xattr.c
> index 7eb2a4e5a3e5..66e737720f7c 100644
> --- a/tools/testing/selftests/bpf/progs/test_get_xattr.c
> +++ b/tools/testing/selftests/bpf/progs/test_get_xattr.c
> @@ -2,6 +2,7 @@
>  /* Copyright (c) 2023 Meta Platforms, Inc. and affiliates. */
>
>  #include "vmlinux.h"
> +#include <errno.h>
>  #include <bpf/bpf_helpers.h>
>  #include <bpf/bpf_tracing.h>
>  #include "bpf_kfuncs.h"
> @@ -9,10 +10,12 @@
>  char _license[] SEC("license") = "GPL";
>
>  __u32 monitored_pid;
> -__u32 found_xattr;
> +__u32 found_xattr_from_file;
> +__u32 found_xattr_from_dentry;
>
>  static const char expected_value[] = "hello";
> -char value[32];
> +char value1[32];
> +char value2[32];
>
>  SEC("lsm.s/file_open")
>  int BPF_PROG(test_file_open, struct file *f)
> @@ -25,13 +28,37 @@ int BPF_PROG(test_file_open, struct file *f)
>         if (pid != monitored_pid)
>                 return 0;
>
> -       bpf_dynptr_from_mem(value, sizeof(value), 0, &value_ptr);
> +       bpf_dynptr_from_mem(value1, sizeof(value1), 0, &value_ptr);
>
>         ret = bpf_get_file_xattr(f, "user.kfuncs", &value_ptr);
>         if (ret != sizeof(expected_value))
>                 return 0;
> -       if (bpf_strncmp(value, ret, expected_value))
> +       if (bpf_strncmp(value1, ret, expected_value))
>                 return 0;
> -       found_xattr = 1;
> +       found_xattr_from_file = 1;
>         return 0;
>  }
> +
> +SEC("lsm.s/inode_getxattr")
> +int BPF_PROG(test_inode_getxattr, struct dentry *dentry, char *name)
> +{
> +       struct bpf_dynptr value_ptr;
> +       __u32 pid;
> +       int ret;
> +
> +       pid = bpf_get_current_pid_tgid() >> 32;
> +       if (pid != monitored_pid)
> +               return 0;
> +
> +       bpf_dynptr_from_mem(value2, sizeof(value2), 0, &value_ptr);
> +
> +       ret = bpf_get_dentry_xattr(dentry, "user.kfuncs", &value_ptr);

Song,

See CI failure on s390.
I think you need to update bpf_kfuncs.h, since s390 doesn't emit
kfuncs into vmlinux.h

Also pls add a patch to move these kfuncs to fs/bpf_fs_kfuncs.c

pw-bot: cr

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.