On Tue, Mar 4, 2025 at 12:31 PM Blaise Boscaccy
<bboscaccy@xxxxxxxxxxxxxxxxxxx> wrote:
>
> The security_bpf LSM hook now contains a boolean parameter specifying
> whether an invocation of the bpf syscall originated from within the
> kernel. Here, we update the function signature of relevant test
> programs to include that new parameter.
>
> Signed-off-by: Blaise Boscaccy bboscaccy@xxxxxxxxxxxxxxxxxxx
^^^ The email address is broken.
> ---
> tools/testing/selftests/bpf/progs/rcu_read_lock.c | 3 ++-
> tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c | 4 ++--
> tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c | 6 +++---
> tools/testing/selftests/bpf/progs/test_lookup_key.c | 2 +-
> tools/testing/selftests/bpf/progs/test_ptr_untrusted.c | 2 +-
> tools/testing/selftests/bpf/progs/test_task_under_cgroup.c | 2 +-
> tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c | 2 +-
> 7 files changed, 11 insertions(+), 10 deletions(-)
It appears you missed a few of these?
tools/testing/selftests/bpf/progs/rcu_read_lock.c:SEC("?lsm.s/bpf")
tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c:SEC("lsm/bpf")
tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c:SEC("lsm.s/bpf")
tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c:SEC("?lsm.s/bpf")
tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c:SEC("?lsm.s/bpf")
tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c:SEC("lsm.s/bpf")
tools/testing/selftests/bpf/progs/test_libbpf_get_fd_by_id_opts.c:SEC("lsm/bpf_map")
tools/testing/selftests/bpf/progs/test_lookup_key.c:SEC("lsm.s/bpf")
tools/testing/selftests/bpf/progs/test_ptr_untrusted.c:SEC("lsm.s/bpf")
tools/testing/selftests/bpf/progs/test_task_under_cgroup.c:SEC("lsm.s/bpf")
tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c:SEC("lsm.s/bpf")
tools/testing/selftests/bpf/progs/token_lsm.c:SEC("lsm/bpf_token_capable")
tools/testing/selftests/bpf/progs/token_lsm.c:SEC("lsm/bpf_token_cmd")
tools/testing/selftests/bpf/progs/verifier_global_subprogs.c:SEC("?lsm/bpf")
tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")
tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")
tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")
tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")
tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")
tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")
tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")
>
> diff --git a/tools/testing/selftests/bpf/progs/rcu_read_lock.c b/tools/testing/selftests/bpf/progs/rcu_read_lock.c
> index ab3a532b7dd6d..f85d0e282f2ae 100644
> --- a/tools/testing/selftests/bpf/progs/rcu_read_lock.c
> +++ b/tools/testing/selftests/bpf/progs/rcu_read_lock.c
> @@ -242,7 +242,8 @@ int inproper_sleepable_helper(void *ctx)
> }
>
> SEC("?lsm.s/bpf")
> -int BPF_PROG(inproper_sleepable_kfunc, int cmd, union bpf_attr *attr, unsigned int size)
> +int BPF_PROG(inproper_sleepable_kfunc, int cmd, union bpf_attr *attr, unsigned int size,
> + bool is_kernel)
> {
> struct bpf_key *bkey;
>
> diff --git a/tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c b/tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c
> index 44628865fe1d4..0e741262138f2 100644
> --- a/tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c
> +++ b/tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c
> @@ -51,13 +51,13 @@ static int bpf_link_create_verify(int cmd)
> }
>
> SEC("lsm/bpf")
> -int BPF_PROG(lsm_run, int cmd, union bpf_attr *attr, unsigned int size)
> +int BPF_PROG(lsm_run, int cmd, union bpf_attr *attr, unsigned int size, bool is_kernel)
> {
> return bpf_link_create_verify(cmd);
> }
>
> SEC("lsm.s/bpf")
> -int BPF_PROG(lsm_s_run, int cmd, union bpf_attr *attr, unsigned int size)
> +int BPF_PROG(lsm_s_run, int cmd, union bpf_attr *attr, unsigned int size, bool is_kernel)
> {
> return bpf_link_create_verify(cmd);
> }
> diff --git a/tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c b/tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c
> index cd4d752bd089c..ce36a55ba5b8b 100644
> --- a/tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c
> +++ b/tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c
> @@ -36,7 +36,7 @@ char _license[] SEC("license") = "GPL";
>
> SEC("?lsm.s/bpf")
> __failure __msg("cannot pass in dynptr at an offset=-8")
> -int BPF_PROG(not_valid_dynptr, int cmd, union bpf_attr *attr, unsigned int size)
> +int BPF_PROG(not_valid_dynptr, int cmd, union bpf_attr *attr, unsigned int size, bool is_kernel)
> {
> unsigned long val;
>
> @@ -46,7 +46,7 @@ int BPF_PROG(not_valid_dynptr, int cmd, union bpf_attr *attr, unsigned int size)
>
> SEC("?lsm.s/bpf")
> __failure __msg("arg#0 expected pointer to stack or const struct bpf_dynptr")
> -int BPF_PROG(not_ptr_to_stack, int cmd, union bpf_attr *attr, unsigned int size)
> +int BPF_PROG(not_ptr_to_stack, int cmd, union bpf_attr *attr, unsigned int size, bool is_kernel)
> {
> unsigned long val = 0;
>
> @@ -55,7 +55,7 @@ int BPF_PROG(not_ptr_to_stack, int cmd, union bpf_attr *attr, unsigned int size)
> }
>
> SEC("lsm.s/bpf")
> -int BPF_PROG(dynptr_data_null, int cmd, union bpf_attr *attr, unsigned int size)
> +int BPF_PROG(dynptr_data_null, int cmd, union bpf_attr *attr, unsigned int size, bool is_kernel)
> {
> struct bpf_key *trusted_keyring;
> struct bpf_dynptr ptr;
> diff --git a/tools/testing/selftests/bpf/progs/test_lookup_key.c b/tools/testing/selftests/bpf/progs/test_lookup_key.c
> index c73776990ae30..c46077e01a4ca 100644
> --- a/tools/testing/selftests/bpf/progs/test_lookup_key.c
> +++ b/tools/testing/selftests/bpf/progs/test_lookup_key.c
> @@ -23,7 +23,7 @@ extern struct bpf_key *bpf_lookup_system_key(__u64 id) __ksym;
> extern void bpf_key_put(struct bpf_key *key) __ksym;
>
> SEC("lsm.s/bpf")
> -int BPF_PROG(bpf, int cmd, union bpf_attr *attr, unsigned int size)
> +int BPF_PROG(bpf, int cmd, union bpf_attr *attr, unsigned int size, bool is_kernel)
> {
> struct bpf_key *bkey;
> __u32 pid;
> diff --git a/tools/testing/selftests/bpf/progs/test_ptr_untrusted.c b/tools/testing/selftests/bpf/progs/test_ptr_untrusted.c
> index 2fdc44e766248..21fce1108a21d 100644
> --- a/tools/testing/selftests/bpf/progs/test_ptr_untrusted.c
> +++ b/tools/testing/selftests/bpf/progs/test_ptr_untrusted.c
> @@ -7,7 +7,7 @@
> char tp_name[128];
>
> SEC("lsm.s/bpf")
> -int BPF_PROG(lsm_run, int cmd, union bpf_attr *attr, unsigned int size)
> +int BPF_PROG(lsm_run, int cmd, union bpf_attr *attr, unsigned int size, bool is_kernel)
> {
> switch (cmd) {
> case BPF_RAW_TRACEPOINT_OPEN:
> diff --git a/tools/testing/selftests/bpf/progs/test_task_under_cgroup.c b/tools/testing/selftests/bpf/progs/test_task_under_cgroup.c
> index 7e750309ce274..18ad24a851c6c 100644
> --- a/tools/testing/selftests/bpf/progs/test_task_under_cgroup.c
> +++ b/tools/testing/selftests/bpf/progs/test_task_under_cgroup.c
> @@ -49,7 +49,7 @@ int BPF_PROG(tp_btf_run, struct task_struct *task, u64 clone_flags)
> }
>
> SEC("lsm.s/bpf")
> -int BPF_PROG(lsm_run, int cmd, union bpf_attr *attr, unsigned int size)
> +int BPF_PROG(lsm_run, int cmd, union bpf_attr *attr, unsigned int size, bool is_kernel)
> {
> struct cgroup *cgrp = NULL;
> struct task_struct *task;
> diff --git a/tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c b/tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c
> index 12034a73ee2d2..135665f011c7e 100644
> --- a/tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c
> +++ b/tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c
> @@ -37,7 +37,7 @@ struct {
> char _license[] SEC("license") = "GPL";
>
> SEC("lsm.s/bpf")
> -int BPF_PROG(bpf, int cmd, union bpf_attr *attr, unsigned int size)
> +int BPF_PROG(bpf, int cmd, union bpf_attr *attr, unsigned int size, bool is_kernel)
> {
> struct bpf_dynptr data_ptr, sig_ptr;
> struct data *data_val;
> --
> 2.48.1
>
