selftests/bpf: Add a kernel flag test for LSM bpf hook

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

This test exercises the kernel flag added to security_bpf by
effectively blocking light-skeletons from loading while allowing
normal skeletons to function as-is. Since this should work with any
arbitrary BPF program, an existing program from LSKELS_EXTRA was
used as a test payload.

Signed-off-by: Blaise Boscaccy <bboscaccy@linux.microsoft.com>
Acked-by: Song Liu <song@kernel.org>
Link: https://lore.kernel.org/r/20250310221737.821889-3-bboscaccy@linux.microsoft.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

authored by

Blaise Boscaccy and committed by

Alexei Starovoitov 1 year ago 7987f162 082f1db0

+71

2 changed files

expand all

tools

testing

selftests

bpf

prog_tests

kernel_flag.c

progs

test_kernel_flag.c

+43

tools/testing/selftests/bpf/prog_tests/kernel_flag.c

··· 1 + // SPDX-License-Identifier: GPL-2.0 2 + /* Copyright (c) 2025 Microsoft */ 3 + #include <test_progs.h> 4 + #include "kfunc_call_test.skel.h" 5 + #include "kfunc_call_test.lskel.h" 6 + #include "test_kernel_flag.skel.h" 7 + 8 + void test_kernel_flag(void) 9 + { 10 + struct test_kernel_flag *lsm_skel; 11 + struct kfunc_call_test *skel = NULL; 12 + struct kfunc_call_test_lskel *lskel = NULL; 13 + int ret; 14 + 15 + lsm_skel = test_kernel_flag__open_and_load(); 16 + if (!ASSERT_OK_PTR(lsm_skel, "lsm_skel")) 17 + return; 18 + 19 + lsm_skel->bss->monitored_tid = gettid(); 20 + 21 + ret = test_kernel_flag__attach(lsm_skel); 22 + if (!ASSERT_OK(ret, "test_kernel_flag__attach")) 23 + goto close_prog; 24 + 25 + /* Test with skel. This should pass the gatekeeper */ 26 + skel = kfunc_call_test__open_and_load(); 27 + if (!ASSERT_OK_PTR(skel, "skel")) 28 + goto close_prog; 29 + 30 + /* Test with lskel. This should fail due to blocking kernel-based bpf() invocations */ 31 + lskel = kfunc_call_test_lskel__open_and_load(); 32 + if (!ASSERT_ERR_PTR(lskel, "lskel")) 33 + goto close_prog; 34 + 35 + close_prog: 36 + if (skel) 37 + kfunc_call_test__destroy(skel); 38 + if (lskel) 39 + kfunc_call_test_lskel__destroy(lskel); 40 + 41 + lsm_skel->bss->monitored_tid = 0; 42 + test_kernel_flag__destroy(lsm_skel); 43 + }

+28

tools/testing/selftests/bpf/progs/test_kernel_flag.c

··· 1 + // SPDX-License-Identifier: GPL-2.0 2 + 3 + /* 4 + * Copyright (C) 2025 Microsoft Corporation 5 + * 6 + * Author: Blaise Boscaccy <bboscaccy@linux.microsoft.com> 7 + */ 8 + 9 + #include "vmlinux.h" 10 + #include <errno.h> 11 + #include <bpf/bpf_helpers.h> 12 + #include <bpf/bpf_tracing.h> 13 + 14 + char _license[] SEC("license") = "GPL"; 15 + 16 + __u32 monitored_tid; 17 + 18 + SEC("lsm.s/bpf") 19 + int BPF_PROG(bpf, int cmd, union bpf_attr *attr, unsigned int size, bool kernel) 20 + { 21 + __u32 tid; 22 + 23 + tid = bpf_get_current_pid_tgid() & 0xFFFFFFFF; 24 + if (!kernel || tid != monitored_tid) 25 + return 0; 26 + else 27 + return -EINVAL; 28 + }