From nobody Sat Feb 7 22:06:51 2026 Received: from mail-yx1-f43.google.com (mail-yx1-f43.google.com [74.125.224.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 367D62101AE for ; Tue, 2 Dec 2025 14:20:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.224.43 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764685207; cv=none; b=DXrh9KTxBR/VyUgrvA3lGENQRcX8hKcr6y1FpswOLNjhC8piu7p2IOUNMCmqzaISDuDufkntY0hVwCJVfAxIaAhKep5HGO0o/xp4gDy8BPLdTrmzBtkL94bxQxvQDqNSOEuXiW/WpCdbMVAIpgB18mVLPXCqA7jHGV0F4qI55nY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764685207; c=relaxed/simple; bh=S+igu4aju7EwXWFRbjCCQgO7Bx4KXZSG7GeZGRqJ1fM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=HGppFpo7ngwvtlePCVfw4MzmYJ8PwJQ/5PBLob1AD5MeDXgyYzIF+UNwEevbWimm7DWCPLO/qXW0x6W/8pZH2Y4qKam46br2w5s74hXYsCT0VPykDIgO/jqPhtqHRBUL27ncqR49VZHTeoDuWtp3Pt5n7t0WovvXNqZ9frIVIvk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=iWJGiUt1; arc=none smtp.client-ip=74.125.224.43 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="iWJGiUt1" Received: by mail-yx1-f43.google.com with SMTP id 956f58d0204a3-6442e2dd8bbso928835d50.0 for ; Tue, 02 Dec 2025 06:20:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1764685205; x=1765290005; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=fX6x8dKVuvuScvQG43b+CJnQqhUVfctvBR8HYubZTkk=; b=iWJGiUt10jZa2RDY1pcrGAQvjNpGXz5+epqdPY0SngFhOQiS6APy+XIF+hP8JwU/OF 9guqfNVstXTMJulyPoamVpkTvRIMrYSG6iDRt5X5YY0/h0Hq3ln4jeVgLz+By9LzvD4f q9bjPhLVCtWekxB03k4HgC0NPso/G/xq5j4lVK+q7LiEZb+YQN2HwY24Gg9wR82r4IFE mgZOwsxvYOtGvOX0pKQCSRqPQG1CctPPH7vEplgffWNxhOAcBIoSkwqv1kJ4DtcGEdVM cnPGM8+RK8dD4So+D6bTxc2gHRilJslikhbpK8IBW9XO7/0ZFGN2cFAdxrP7eiv7grrv sfPg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764685205; x=1765290005; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=fX6x8dKVuvuScvQG43b+CJnQqhUVfctvBR8HYubZTkk=; b=AdbZrUujzvYqZqqpl4WFA9mcCEhwA7WgGOJRxqPdKr/yHBinJhV5s9JKlBz3GgQ8K4 XdeqEakjJuu4QYJXT+NEzipjhEx5M6ZZ3l3Ooru1Lso8zP8JuquYQYhIVWj8gGa9B7ui nGtkkNvq4Mdh1t5/ePY8mobIUyZEDRZwuLmbWuN8vA6A+CPW29ybu7+FKAMm0UQCI27a fB31R+UNHup25XMMDc6dKLH7+okaSn9Uun+pKr5X19lIQrdqQwM5XJoZKgKq/TrDJfpI Rnsnd7xoO+X5RBB7C9okuyokohvYBeWjJteXbskbvpz0U2RIzwi+TKd5RMwXCgMxKhtJ CRvg== X-Forwarded-Encrypted: i=1; AJvYcCU6opSzxvOEF9+BM1Ro+5Gn1fTQmIMBnJADpdNvJ1w9eO34YWMiaZEtJFW5ma5F2MsrAm80qmM/PVPkzzQ=@vger.kernel.org X-Gm-Message-State: AOJu0Yzn1fdOV3YDkhVxQ1A8Jd/YzTI6yJYIE/56KA+ZSjG7cyppt+IE 1eunfzBM39jMXBOvn+xgyoCFCZQe7obbOgwoO2zRE8L8Yve/CGaQ/SxV X-Gm-Gg: ASbGnctankIVFDpjs7ahhy/oFk9KgQkBonFsd/uf0itKclDocSFNuDyhZPoGh1qGIsc ZFoptlNsJTG7UaymsDO5j9+fVqLnEc3xkSqpjiQhpfbE3Pu1cMnmdlIBkDn9DB2FNIGAm35Bzi7 nywJu3B/9kzwL3SrRZLHMkC4Iwv3rnlKImgGbHvdEN+Fw+x8qcjp0aUN6yeqG/mKHbLdldOgogV c5ReSAqemT0AvBEqRDind187RLDsiWhQ4ITQJe807PtWovOueUwPsoPREct4bvpnSowvBbwJkun TcaSGiazGolYdP/zb612MDyH0cv5xxtXqFg9sEmoebF5COysSeWGa4UDIZj18U1EhDUNRSwb05C 1XWWA+Dz91G/Fzc4s52VK2C2jqic3Pfj39eD9iY/wWviM7fMAndzJlPoUxiAE70I5YwFPoQKhLP 7CxufWeN7WhNVdaTDP5KP2TFFzW53rSFk5iyRDFVMrueeX0z2noo4= X-Google-Smtp-Source: AGHT+IHnEicOTQPX6opDgFi2vp+1s1HztND01uccNXaYM349XugzEkvCl/XXLQPgtSoOfH7kYyl0Dw== X-Received: by 2002:a05:690e:12c8:b0:643:1ef1:9613 with SMTP id 956f58d0204a3-6431ef199abmr25478296d50.15.1764685204701; Tue, 02 Dec 2025 06:20:04 -0800 (PST) Received: from localhost.localdomain (45.62.117.175.16clouds.com. [45.62.117.175]) by smtp.gmail.com with ESMTPSA id 956f58d0204a3-6433c497768sm6257715d50.25.2025.12.02.06.19.58 (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256); Tue, 02 Dec 2025 06:20:04 -0800 (PST) From: Shuran Liu To: song@kernel.org, mattbobrowski@google.com, bpf@vger.kernel.org Cc: ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org, martin.lau@linux.dev, eddyz87@gmail.com, yonghong.song@linux.dev, john.fastabend@gmail.com, kpsingh@kernel.org, sdf@fomichev.me, haoluo@google.com, jolsa@kernel.org, rostedt@goodmis.org, mhiramat@kernel.org, mathieu.desnoyers@efficios.com, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, dxu@dxuuu.xyz, linux-kselftest@vger.kernel.org, shuah@kernel.org, electronlsr@gmail.com, Zesen Liu , Peili Gao , Haoran Ni Subject: [PATCH bpf v3 1/2] bpf: mark bpf_d_path() buffer as writeable Date: Tue, 2 Dec 2025 22:19:43 +0800 Message-ID: <20251202141944.2209-2-electronlsr@gmail.com> X-Mailer: git-send-email 2.50.1 In-Reply-To: <20251202141944.2209-1-electronlsr@gmail.com> References: <20251202141944.2209-1-electronlsr@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Commit 37cce22dbd51 ("bpf: verifier: Refactor helper access type tracking") started distinguishing read vs write accesses performed by helpers. The second argument of bpf_d_path() is a pointer to a buffer that the helper fills with the resulting path. However, its prototype currently uses ARG_PTR_TO_MEM without MEM_WRITE. Before 37cce22dbd51, helper accesses were conservatively treated as potential writes, so this mismatch did not cause issues. Since that commit, the verifier may incorrectly assume that the buffer contents are unchanged across the helper call and base its optimizations on this wrong assumption. This can lead to misbehaviour in BPF programs that read back the buffer, such as prefix comparisons on the returned path. Fix this by marking the second argument of bpf_d_path() as ARG_PTR_TO_MEM | MEM_WRITE so that the verifier correctly models the write to the caller-provided buffer. Fixes: 37cce22dbd51 ("bpf: verifier: Refactor helper access type tracking") Co-developed-by: Zesen Liu Signed-off-by: Zesen Liu Co-developed-by: Peili Gao Signed-off-by: Peili Gao Co-developed-by: Haoran Ni Signed-off-by: Haoran Ni Signed-off-by: Shuran Liu Reviewed-by: Matt Bobrowski --- kernel/trace/bpf_trace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c index 4f87c16d915a..49e0bdaa7a1b 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c @@ -965,7 +965,7 @@ static const struct bpf_func_proto bpf_d_path_proto =3D= { .ret_type =3D RET_INTEGER, .arg1_type =3D ARG_PTR_TO_BTF_ID, .arg1_btf_id =3D &bpf_d_path_btf_ids[0], - .arg2_type =3D ARG_PTR_TO_MEM, + .arg2_type =3D ARG_PTR_TO_MEM | MEM_WRITE, .arg3_type =3D ARG_CONST_SIZE_OR_ZERO, .allowed =3D bpf_d_path_allowed, }; --=20 2.52.0 From nobody Sat Feb 7 22:06:51 2026 Received: from mail-yx1-f52.google.com (mail-yx1-f52.google.com [74.125.224.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1E3E62101AE for ; Tue, 2 Dec 2025 14:20:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.224.52 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764685245; cv=none; b=TVgG3Kea5CylBWvVnQWOrJ4jAIvOoxjqAe4nXnzTauPlUqiNjKG/xlJlKaK2wltqiNRE2jTuIhJORmUOoJtC1Pc1HdVScMFLoPokwiOGTgk+L+xMM0eyB+qBwpnpYtkL8t0wNygW+tQOs61M42qF3UW2s+WVSoHldCkcv8Dc4Bc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764685245; c=relaxed/simple; bh=7rNRVsnWPfFx3+IF5zUAQsCTaovZHytc40juokjkxX8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Fxm/NRBkKCzRcRu2a+Avxfr/TwfSw1yu33ktf5QWuUQjW2Xe8s1g/cLjRzXzplQUwvWS9/rTEmuDUvJsEEJyh74DIQP96+0P+TPBDobrAwtr1/7VNa3LUjQ6WIBkMoIkMKH4hQUn4r59mIF9/xjT3EqUtojE50VEyYKoh9lCuTU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=lnhlbduH; arc=none smtp.client-ip=74.125.224.52 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="lnhlbduH" Received: by mail-yx1-f52.google.com with SMTP id 956f58d0204a3-640c9c85255so7085249d50.3 for ; Tue, 02 Dec 2025 06:20:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1764685242; x=1765290042; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=OVNmyf0pWuOFm8GFUHmjQWORKGxH+2nm5rY1pk1lD/A=; b=lnhlbduH/A/gc+80XkbCZnmkBtilJ/XmqhxxW3buysRmJn0OhWi530sHlBek7ap/iX pfkdPzCBmhr3rG9We0u2dQRC5I8TOg9IJeVG5yDaxxUeaIuzp9x4BzQ603k6ZV+Kk2ix mrW8ytd91D//lYWAF+uM9Yzb+po1olqShKaAEvYiWdj2OQE3gDJOuSa1VxagrOcsWPTk EUdReZUNHlac96HrmIXDmoYtwkzL7YF1YF0CAN7inAiTyxeyTRwc8mCkgC60aCBW0Fcj Ru+ESTTEIW9e9CCzk13Uo2vK6/kClWe+LW3C1nHddZewmyKuj6yZ8oZO+HMtApLcjFKi Crsg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764685242; x=1765290042; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=OVNmyf0pWuOFm8GFUHmjQWORKGxH+2nm5rY1pk1lD/A=; b=O/0acjYTBXtmGQxuTM78QPLy/WR4rWhmKL7TOxa+ZC3axeWWlcQ11MEEC0URSvnoWw dVC2DxYj63WKCth5/6WEuNyKK78xSjOKdTZ8sSG5CPEB/R0VZ9+P7M8lj+0uIo40T/+T I3ktT8gsbMlUtMIfazde/8ruVHHdTRkjLa9gziAwzrz3om/t5vIoMgBUnG9jgH+Oh0dF PPKnioA98dhbKBK8TzA5mVKHnfLTHe0oivrSdOnQzP1ldZFm6T39hQut5dh2auRtSWOf BC84l0EICsdhnHxz613PpdQy4e0UtD6l4KaywlwKgTrGmwki4udIkRUzqzCr/NRc+FN0 Felw== X-Forwarded-Encrypted: i=1; AJvYcCXgRfDwTJAXx3+II5LNwydTw2Bd1zuaGjZaKBB31/WKs3WmmOUj8On1Qjt8sbq2pvEuETgc5oRa9nUtTv0=@vger.kernel.org X-Gm-Message-State: AOJu0Yw/ab4JzIMM9ka1hYRSkhRaEaJJ8JIqjr6jDUBfv8/JYZTKimMZ pUSnNY9Y33B+kY0mjQxkDI5f++xZjqq8IohbyJudCDHapVDhVfYhq5pm X-Gm-Gg: ASbGnctosBM+Z1nbXtKnPGJQeT8OCP3w+0D+h030hnSEp8BSIuFvmZtCHmXJT8DZlJp z2qBSstvmomxVIsxXBP+zt5qj0zNi4rERUrzDSNGU3VF6KzYCBO+hl0PbwJHRWGH7HAkk0sRY9p 3MaNroYLOn7KGAlROwVj0R0GE/zehzYmYCFbRWHdVcFJ/KjMW+dZdbQzdgB1hxPPp6N0z/Ct7Ht OBm10/ymuGV8szaxo/xjx306B4OQ41Kx5bUF2Z/xhfnqNlsZYbiJjiZvYNKgXoEw5FjH1SjKVQt ISxurtZ8WR3izbhrEIamglnLkkOrqRP966QUYnYmbAMOVChSB+E+o6790qkH4l53SRNBalfnSaG A/bC53e1Alt7X0ZVPqn+u1FFH/oGYNkruMMnzwvgJHI3f76l4LgtZXVQYZWM05wUygtbzezBUh+ QmEsFk0RRlfJMUHm2U7v22hkTK6vaWAnnhnRbq+v7a8WmYj72UltI= X-Google-Smtp-Source: AGHT+IGXgMLsdqo31zDPO/L8sdWBlgV3+pT1zAXzGDGQV1LdsmvYxvbZjvz0x8ZTJqwbsZUGxS6wuA== X-Received: by 2002:a05:690e:2445:b0:63e:1e08:daa8 with SMTP id 956f58d0204a3-643293b93ccmr17101392d50.62.1764685241823; Tue, 02 Dec 2025 06:20:41 -0800 (PST) Received: from localhost.localdomain (45.62.117.175.16clouds.com. [45.62.117.175]) by smtp.gmail.com with ESMTPSA id 956f58d0204a3-6433c497768sm6257715d50.25.2025.12.02.06.20.36 (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256); Tue, 02 Dec 2025 06:20:41 -0800 (PST) From: Shuran Liu To: song@kernel.org, mattbobrowski@google.com, bpf@vger.kernel.org Cc: ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org, martin.lau@linux.dev, eddyz87@gmail.com, yonghong.song@linux.dev, john.fastabend@gmail.com, kpsingh@kernel.org, sdf@fomichev.me, haoluo@google.com, jolsa@kernel.org, rostedt@goodmis.org, mhiramat@kernel.org, mathieu.desnoyers@efficios.com, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, dxu@dxuuu.xyz, linux-kselftest@vger.kernel.org, shuah@kernel.org, electronlsr@gmail.com, Zesen Liu , Peili Gao , Haoran Ni Subject: [PATCH bpf v3 2/2] selftests/bpf: fix and consolidate d_path LSM regression test Date: Tue, 2 Dec 2025 22:19:44 +0800 Message-ID: <20251202141944.2209-3-electronlsr@gmail.com> X-Mailer: git-send-email 2.50.1 In-Reply-To: <20251202141944.2209-1-electronlsr@gmail.com> References: <20251202141944.2209-1-electronlsr@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add a regression test for bpf_d_path() when invoked from an LSM program. The test attaches to the bprm_check_security hook, calls bpf_d_path() on the binary being executed, and verifies that a simple prefix comparison on the returned pathname behaves correctly after the fix in patch 1. To avoid nondeterminism, the LSM program now filters based on the expected PID, which is populated from userspace before the test binary is executed. This prevents unrelated processes that also trigger the bprm_check_security LSM hook from overwriting test results. Parent and child processes are synchronized through a pipe to ensure the PID is set before the child execs the test binary. Per review feedback, the new LSM coverage is merged into the existing d_path selftest rather than adding new prog_tests/ or progs/ files. The loop that checks the pathname prefix now uses bpf_for(), which is a verifier-friendly way to express a small, fixed-iteration loop, and the temporary /tmp/bpf_d_path_test binary is removed in the test cleanup path. Co-developed-by: Zesen Liu Signed-off-by: Zesen Liu Co-developed-by: Peili Gao Signed-off-by: Peili Gao Co-developed-by: Haoran Ni Signed-off-by: Haoran Ni Signed-off-by: Shuran Liu Reviewed-by: Matt Bobrowski --- .../testing/selftests/bpf/prog_tests/d_path.c | 65 +++++++++++++++++++ .../testing/selftests/bpf/progs/test_d_path.c | 33 ++++++++++ 2 files changed, 98 insertions(+) diff --git a/tools/testing/selftests/bpf/prog_tests/d_path.c b/tools/testin= g/selftests/bpf/prog_tests/d_path.c index ccc768592e66..202b44e6f482 100644 --- a/tools/testing/selftests/bpf/prog_tests/d_path.c +++ b/tools/testing/selftests/bpf/prog_tests/d_path.c @@ -195,6 +195,68 @@ static void test_d_path_check_types(void) test_d_path_check_types__destroy(skel); } =20 +static void test_d_path_lsm(void) +{ + struct test_d_path *skel; + int err; + int pipefd[2]; + pid_t pid; + + skel =3D test_d_path__open_and_load(); + if (!ASSERT_OK_PTR(skel, "d_path skeleton failed")) + return; + + err =3D test_d_path__attach(skel); + if (!ASSERT_OK(err, "attach failed")) + goto cleanup; + + /* Prepare the test binary */ + system("cp /bin/true /tmp/bpf_d_path_test 2>/dev/null || :"); + + if (!ASSERT_OK(pipe(pipefd), "pipe failed")) + goto cleanup; + + pid =3D fork(); + if (!ASSERT_GE(pid, 0, "fork failed")) { + close(pipefd[0]); + close(pipefd[1]); + goto cleanup; + } + + if (pid =3D=3D 0) { + /* Child */ + char buf; + + close(pipefd[1]); + /* Wait for parent to set PID in BPF map */ + if (read(pipefd[0], &buf, 1) !=3D 1) + exit(1); + close(pipefd[0]); + execl("/tmp/bpf_d_path_test", "/tmp/bpf_d_path_test", NULL); + exit(1); + } + + /* Parent */ + close(pipefd[0]); + + /* Update BPF map with child PID */ + skel->bss->my_pid =3D pid; + + /* Signal child to proceed */ + write(pipefd[1], "G", 1); + close(pipefd[1]); + + /* Wait for child */ + waitpid(pid, NULL, 0); + + ASSERT_EQ(skel->bss->called_lsm, 1, "lsm hook called"); + ASSERT_EQ(skel->bss->lsm_match, 1, "lsm match"); + +cleanup: + unlink("/tmp/bpf_d_path_test"); + test_d_path__destroy(skel); +} + void test_d_path(void) { if (test__start_subtest("basic")) @@ -205,4 +267,7 @@ void test_d_path(void) =20 if (test__start_subtest("check_alloc_mem")) test_d_path_check_types(); + + if (test__start_subtest("lsm")) + test_d_path_lsm(); } diff --git a/tools/testing/selftests/bpf/progs/test_d_path.c b/tools/testin= g/selftests/bpf/progs/test_d_path.c index 84e1f883f97b..9ae36eabcd07 100644 --- a/tools/testing/selftests/bpf/progs/test_d_path.c +++ b/tools/testing/selftests/bpf/progs/test_d_path.c @@ -17,6 +17,8 @@ int rets_close[MAX_FILES] =3D {}; =20 int called_stat =3D 0; int called_close =3D 0; +int called_lsm =3D 0; +int lsm_match =3D 0; =20 SEC("fentry/security_inode_getattr") int BPF_PROG(prog_stat, struct path *path, struct kstat *stat, @@ -62,4 +64,35 @@ int BPF_PROG(prog_close, struct file *file, void *id) return 0; } =20 +SEC("lsm/bprm_check_security") +int BPF_PROG(prog_lsm, struct linux_binprm *bprm) +{ + pid_t pid =3D bpf_get_current_pid_tgid() >> 32; + char path[MAX_PATH_LEN] =3D {}; + int ret; + + if (pid !=3D my_pid) + return 0; + + called_lsm =3D 1; + ret =3D bpf_d_path(&bprm->file->f_path, path, MAX_PATH_LEN); + if (ret < 0) + return 0; + + { + static const char target_dir[] =3D "/tmp/"; + int i; + + bpf_for(i, 0, sizeof(target_dir) - 1) { + if (path[i] !=3D target_dir[i]) { + lsm_match =3D -1; /* mismatch */ + return 0; + } + } + } + + lsm_match =3D 1; /* prefix match */ + return 0; +} + char _license[] SEC("license") =3D "GPL"; --=20 2.52.0