Re: [RESEND][PATCH v4 4/4] selftests/bpf: Add test for bpf_verify_pkcs7_signature() helper

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jun 14, 2022 at 03:06:21PM +0200, Roberto Sassu wrote:
> +
> +	if (child_pid == 0) {
> +		snprintf(path, sizeof(path), "%s/signing_key.pem", tmp_dir);
> +
> +		return execlp("./sign-file", "./sign-file", "sha256",
> +			      path, path, signed_file_template, NULL);

Please use sign_only option,
so it saves the signature and doesn't do 'struct module_signature' append.
Parsing of that is unnecessary for the purpose of the helper.
Checking MODULE_SIG_STRING is unnecessary, etc, etc.
Long term we won't be following mod sig approach anyway.
bpf maps and progs will have a different format.

> +	}
> +
> +	waitpid(child_pid, &child_status, 0);
> +
> +	ret = WEXITSTATUS(child_status);
> +	if (ret)
> +		goto out;
> +
> +	ret = stat(signed_file_template, &st);
> +	if (ret == -1) {
> +		ret = -errno;
> +		goto out;
> +	}
> +
> +	if (st.st_size > sizeof(data_item->payload) - sizeof(u32)) {
> +		ret = -EINVAL;
> +		goto out;
> +	}
> +
> +	*(u32 *)data_item->payload = __cpu_to_be32(st.st_size);
> +
> +	fd = open(signed_file_template, O_RDONLY);
> +	if (fd == -1) {
> +		ret = -errno;
> +		goto out;
> +	}
> +
> +	ret = read(fd, data_item->payload + sizeof(u32), st.st_size);
> +
> +	close(fd);
> +
> +	if (ret != st.st_size) {
> +		ret = -EIO;
> +		goto out;
> +	}
> +
> +	ret = 0;
> +out:
> +	unlink(signed_file_template);
> +	return ret;
> +}
> +
> +void test_verify_pkcs7_sig(void)
> +{
> +	char tmp_dir_template[] = "/tmp/verify_sigXXXXXX";
> +	char *tmp_dir;
> +	char *buf = NULL;
> +	struct test_verify_pkcs7_sig *skel = NULL;
> +	struct bpf_map *map;
> +	struct data data;
> +	u32 saved_len;
> +	int ret, zero = 0;
> +
> +	LIBBPF_OPTS(bpf_object_open_opts, opts);
> +
> +	/* Trigger creation of session keyring. */
> +	syscall(__NR_request_key, "keyring", "_uid.0", NULL,
> +		KEY_SPEC_SESSION_KEYRING);

My understanding that user space can receive a specific id here.
It should pass it to bpf prog via global variable and prog
should use that id instead of max_ulong hack.




[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux