-
Notifications
You must be signed in to change notification settings - Fork 123
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
selftests/bpf: Test kfuncs that set and remove xattr from BPF programs
Two sets of tests are added to exercise the not _locked and _locked version of the kfuncs. For both tests, user space accesses xattr security.bpf.foo on a testfile. The BPF program is triggered by user space access (on LSM hook inode_[set|get]_xattr) and sets or removes xattr security.bpf.bar. Then user space then validates that xattr security.bpf.bar is set or removed as expected. Note that, in both tests, the BPF programs use the not _locked kfuncs. The verifier picks the proper kfuncs based on the calling context. Signed-off-by: Song Liu <[email protected]>
- Loading branch information
1 parent
afb6575
commit a90db9c
Showing
3 changed files
with
263 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
133 changes: 133 additions & 0 deletions
133
tools/testing/selftests/bpf/progs/test_set_remove_xattr.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,133 @@ | ||
// SPDX-License-Identifier: GPL-2.0 | ||
/* Copyright (c) 2024 Meta Platforms, Inc. and affiliates. */ | ||
|
||
#include "vmlinux.h" | ||
#include <errno.h> | ||
#include <bpf/bpf_tracing.h> | ||
#include "bpf_kfuncs.h" | ||
#include "bpf_misc.h" | ||
|
||
char _license[] SEC("license") = "GPL"; | ||
|
||
__u32 monitored_pid; | ||
|
||
const char xattr_foo[] = "security.bpf.foo"; | ||
const char xattr_bar[] = "security.bpf.bar"; | ||
const char xattr_linux[] = "security.selinux"; | ||
char value_bar[] = "world"; | ||
char read_value[32]; | ||
|
||
bool set_security_bpf_bar_success; | ||
bool remove_security_bpf_bar_success; | ||
bool set_security_selinux_fail; | ||
bool remove_security_selinux_fail; | ||
|
||
char name_buf[32]; | ||
|
||
static inline bool name_match_foo(const char *name) | ||
{ | ||
bpf_probe_read_kernel(name_buf, sizeof(name_buf), name); | ||
|
||
return !bpf_strncmp(name_buf, sizeof(xattr_foo), xattr_foo); | ||
} | ||
|
||
/* Test bpf_set_dentry_xattr and bpf_remove_dentry_xattr */ | ||
SEC("lsm.s/inode_getxattr") | ||
int BPF_PROG(test_inode_getxattr, struct dentry *dentry, char *name) | ||
{ | ||
struct bpf_dynptr value_ptr; | ||
__u32 pid; | ||
int ret; | ||
|
||
pid = bpf_get_current_pid_tgid() >> 32; | ||
if (pid != monitored_pid) | ||
return 0; | ||
|
||
/* Only do the following for security.bpf.foo */ | ||
if (!name_match_foo(name)) | ||
return 0; | ||
|
||
bpf_dynptr_from_mem(read_value, sizeof(read_value), 0, &value_ptr); | ||
|
||
/* read security.bpf.bar */ | ||
ret = bpf_get_dentry_xattr(dentry, xattr_bar, &value_ptr); | ||
|
||
if (ret < 0) { | ||
/* If security.bpf.bar doesn't exist, set it */ | ||
bpf_dynptr_from_mem(value_bar, sizeof(value_bar), 0, &value_ptr); | ||
|
||
ret = bpf_set_dentry_xattr(dentry, xattr_bar, &value_ptr, 0); | ||
if (!ret) | ||
set_security_bpf_bar_success = true; | ||
ret = bpf_set_dentry_xattr(dentry, xattr_linux, &value_ptr, 0); | ||
if (ret) | ||
set_security_selinux_fail = true; | ||
} else { | ||
/* If security.bpf.bar exists, remove it */ | ||
ret = bpf_remove_dentry_xattr(dentry, xattr_bar); | ||
if (!ret) | ||
remove_security_bpf_bar_success = true; | ||
|
||
ret = bpf_remove_dentry_xattr(dentry, xattr_linux); | ||
if (ret) | ||
remove_security_selinux_fail = true; | ||
} | ||
|
||
return 0; | ||
} | ||
|
||
bool locked_set_security_bpf_bar_success; | ||
bool locked_remove_security_bpf_bar_success; | ||
bool locked_set_security_selinux_fail; | ||
bool locked_remove_security_selinux_fail; | ||
|
||
/* Test bpf_set_dentry_xattr_locked and bpf_remove_dentry_xattr_locked. | ||
* It not necessary to differentiate the _locked version and the | ||
* not-_locked version in the BPF program. The verifier will fix them up | ||
* properly. | ||
*/ | ||
SEC("lsm.s/inode_setxattr") | ||
int BPF_PROG(test_inode_setxattr, struct mnt_idmap *idmap, | ||
struct dentry *dentry, const char *name, | ||
const void *value, size_t size, int flags) | ||
{ | ||
struct bpf_dynptr value_ptr; | ||
__u32 pid; | ||
int ret; | ||
|
||
pid = bpf_get_current_pid_tgid() >> 32; | ||
if (pid != monitored_pid) | ||
return 0; | ||
|
||
/* Only do the following for security.bpf.foo */ | ||
if (!name_match_foo(name)) | ||
return 0; | ||
|
||
bpf_dynptr_from_mem(read_value, sizeof(read_value), 0, &value_ptr); | ||
|
||
/* read security.bpf.bar */ | ||
ret = bpf_get_dentry_xattr(dentry, xattr_bar, &value_ptr); | ||
|
||
if (ret < 0) { | ||
/* If security.bpf.bar doesn't exist, set it */ | ||
bpf_dynptr_from_mem(value_bar, sizeof(value_bar), 0, &value_ptr); | ||
|
||
ret = bpf_set_dentry_xattr(dentry, xattr_bar, &value_ptr, 0); | ||
if (!ret) | ||
locked_set_security_bpf_bar_success = true; | ||
ret = bpf_set_dentry_xattr(dentry, xattr_linux, &value_ptr, 0); | ||
if (ret) | ||
locked_set_security_selinux_fail = true; | ||
} else { | ||
/* If security.bpf.bar exists, remove it */ | ||
ret = bpf_remove_dentry_xattr(dentry, xattr_bar); | ||
if (!ret) | ||
locked_remove_security_bpf_bar_success = true; | ||
|
||
ret = bpf_remove_dentry_xattr(dentry, xattr_linux); | ||
if (ret) | ||
locked_remove_security_selinux_fail = true; | ||
} | ||
|
||
return 0; | ||
} |