Ensure that the verifier detects the attempt of acquiring a reference of a key through the helper bpf_lookup_user_key(), without releasing that reference with bpf_key_put(), and refuses to load the program. Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxxx> --- .../prog_tests/lookup_user_key_norelease.c | 52 +++++++++++++++++++ .../progs/test_lookup_user_key_norelease.c | 24 +++++++++ 2 files changed, 76 insertions(+) create mode 100644 tools/testing/selftests/bpf/prog_tests/lookup_user_key_norelease.c create mode 100644 tools/testing/selftests/bpf/progs/test_lookup_user_key_norelease.c diff --git a/tools/testing/selftests/bpf/prog_tests/lookup_user_key_norelease.c b/tools/testing/selftests/bpf/prog_tests/lookup_user_key_norelease.c new file mode 100644 index 000000000000..6753c4f591e3 --- /dev/null +++ b/tools/testing/selftests/bpf/prog_tests/lookup_user_key_norelease.c @@ -0,0 +1,52 @@ +// SPDX-License-Identifier: GPL-2.0 + +/* + * Copyright (C) 2022 Huawei Technologies Duesseldorf GmbH + * + * Author: Roberto Sassu <roberto.sassu@xxxxxxxxxx> + */ + +#include <test_progs.h> + +#include "test_lookup_user_key_norelease.skel.h" + +#define LOG_BUF_SIZE 16384 + +void test_lookup_user_key_norelease(void) +{ + char *buf = NULL, *result; + struct test_lookup_user_key_norelease *skel = NULL; + int ret; + + LIBBPF_OPTS(bpf_object_open_opts, opts); + + buf = malloc(LOG_BUF_SIZE); + if (!ASSERT_OK_PTR(buf, "malloc")) + goto close_prog; + + opts.kernel_log_buf = buf; + opts.kernel_log_size = LOG_BUF_SIZE; + opts.kernel_log_level = 1; + + skel = test_lookup_user_key_norelease__open_opts(&opts); + if (!ASSERT_OK_PTR(skel, "test_lookup_user_key_norelease__open_opts")) + goto close_prog; + + ret = test_lookup_user_key_norelease__load(skel); + if (!ASSERT_LT(ret, 0, "test_lookup_user_key_norelease__load\n")) + goto close_prog; + + if (strstr(buf, "unknown func bpf_lookup_user_key")) { + printf("%s:SKIP:bpf_lookup_user_key() helper not supported\n", + __func__); + test__skip(); + goto close_prog; + } + + result = strstr(buf, "Unreleased reference"); + ASSERT_OK_PTR(result, "Error message not found"); + +close_prog: + free(buf); + test_lookup_user_key_norelease__destroy(skel); +} diff --git a/tools/testing/selftests/bpf/progs/test_lookup_user_key_norelease.c b/tools/testing/selftests/bpf/progs/test_lookup_user_key_norelease.c new file mode 100644 index 000000000000..cfe474c77886 --- /dev/null +++ b/tools/testing/selftests/bpf/progs/test_lookup_user_key_norelease.c @@ -0,0 +1,24 @@ +// SPDX-License-Identifier: GPL-2.0 + +/* + * Copyright (C) 2022 Huawei Technologies Duesseldorf GmbH + * + * Author: Roberto Sassu <roberto.sassu@xxxxxxxxxx> + */ + +#include <errno.h> +#include <stdlib.h> +#include <limits.h> +#include <linux/bpf.h> +#include <linux/keyctl.h> +#include <bpf/bpf_helpers.h> +#include <bpf/bpf_tracing.h> + +char _license[] SEC("license") = "GPL"; + +SEC("lsm.s/bpf") +int BPF_PROG(bpf, int cmd, union bpf_attr *attr, unsigned int size) +{ + bpf_lookup_user_key(KEY_SPEC_SESSION_KEYRING, 0); + return 0; +} -- 2.25.1