From: Matt Bobrowski <mattbobrowski@google.com>
To: bpf@vger.kernel.org
Cc: Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Andrii Nakryiko <andrii@kernel.org>,
Martin KaFai Lau <martin.lau@linux.dev>,
Eduard Zingerman <eddyz87@gmail.com>, Song Liu <song@kernel.org>,
Yonghong Song <yonghong.song@linux.dev>,
Jiri Olsa <jolsa@kernel.org>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Christian Brauner <brauner@kernel.org>, Jan Kara <jack@suse.cz>,
Kumar Kartikeya Dwivedi <memxor@gmail.com>,
Matt Bobrowski <mattbobrowski@google.com>
Subject: [PATCH bpf-next 2/2] selftests/bpf: add new negative tests for xattr related BPF kfuncs
Date: Sun, 3 May 2026 20:08:19 +0000 [thread overview]
Message-ID: <20260503200819.1530328-2-mattbobrowski@google.com> (raw)
In-Reply-To: <20260503200819.1530328-1-mattbobrowski@google.com>
Add a set of negative tests to verify the newly enforced constraints
applied to xattr related BPF kfuncs.
Signed-off-by: Matt Bobrowski <mattbobrowski@google.com>
---
.../selftests/bpf/prog_tests/fs_kfuncs.c | 13 ++++++++++++
.../bpf/progs/test_set_remove_xattr.c | 21 +++++++++++++++++++
2 files changed, 34 insertions(+)
diff --git a/tools/testing/selftests/bpf/prog_tests/fs_kfuncs.c b/tools/testing/selftests/bpf/prog_tests/fs_kfuncs.c
index 43a26ec69a8e..168ffcdccc4a 100644
--- a/tools/testing/selftests/bpf/prog_tests/fs_kfuncs.c
+++ b/tools/testing/selftests/bpf/prog_tests/fs_kfuncs.c
@@ -128,6 +128,11 @@ static void test_set_remove_xattr(void)
if (!ASSERT_OK_PTR(skel, "test_set_remove_xattr__open_and_load"))
return;
+ /* Prepare the long name for negative test */
+ memset(skel->bss->long_name, 'a', 256);
+ memcpy(skel->bss->long_name, "security.bpf.", 13);
+ skel->bss->long_name[256] = '\0';
+
/* Set security.bpf.foo to "hello" */
err = setxattr(testfile, skel->rodata->xattr_foo, value_foo, strlen(value_foo) + 1, 0);
if (err && errno == EOPNOTSUPP) {
@@ -188,6 +193,14 @@ static void test_set_remove_xattr(void)
ASSERT_TRUE(skel->bss->locked_remove_security_selinux_fail,
"locked_remove_security_selinux_fail");
+ ASSERT_EQ(skel->bss->ret_name_empty, -ERANGE, "ret_code_name_empty");
+ ASSERT_EQ(skel->bss->ret_name_too_long, -ERANGE,
+ "ret_code_name_too_long");
+ ASSERT_EQ(skel->bss->ret_value_too_large, -E2BIG,
+ "ret_code_value_too_large");
+ ASSERT_EQ(skel->bss->ret_invalid_flags, -EINVAL,
+ "ret_code_invalid_flags");
+
out:
close(fd);
test_set_remove_xattr__destroy(skel);
diff --git a/tools/testing/selftests/bpf/progs/test_set_remove_xattr.c b/tools/testing/selftests/bpf/progs/test_set_remove_xattr.c
index 6a612cf168d3..7c857d665eae 100644
--- a/tools/testing/selftests/bpf/progs/test_set_remove_xattr.c
+++ b/tools/testing/selftests/bpf/progs/test_set_remove_xattr.c
@@ -17,6 +17,14 @@ static const char xattr_selinux[] = "security.selinux";
char value_bar[] = "world";
char read_value[32];
+const char xattr_negative[] = "security.bpf.negative";
+int ret_code_name_empty;
+int ret_code_name_too_long;
+int ret_code_value_too_large;
+int ret_code_invalid_flags;
+char long_name[257];
+char large_value[65537];
+
bool set_security_bpf_bar_success;
bool remove_security_bpf_bar_success;
bool set_security_selinux_fail;
@@ -73,6 +81,19 @@ int BPF_PROG(test_inode_getxattr, struct dentry *dentry, char *name)
remove_security_selinux_fail = true;
}
+ bpf_dynptr_from_mem(read_value, sizeof(read_value), 0, &value_ptr);
+ ret_code_name_empty = bpf_get_dentry_xattr(dentry, "", &value_ptr);
+ ret_code_name_too_long =
+ bpf_get_dentry_xattr(dentry, long_name, &value_ptr);
+
+ bpf_dynptr_from_mem(large_value, sizeof(large_value), 0, &value_ptr);
+ ret_code_value_too_large =
+ bpf_set_dentry_xattr(dentry, xattr_negative, &value_ptr, 0);
+
+ bpf_dynptr_from_mem(value_bar, sizeof(value_bar), 0, &value_ptr);
+ ret_code_invalid_flags = bpf_set_dentry_xattr(dentry, xattr_negative,
+ &value_ptr, 0xFFFF);
+
return 0;
}
--
2.54.0.545.g6539524ca2-goog
next prev parent reply other threads:[~2026-05-03 20:08 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-03 20:08 [PATCH bpf-next 1/2] bpf: enforce VFS constraints for xattr related BPF kfuncs Matt Bobrowski
2026-05-03 20:08 ` Matt Bobrowski [this message]
2026-05-03 20:58 ` [PATCH bpf-next 2/2] selftests/bpf: add new negative tests " sashiko-bot
2026-05-03 20:43 ` [PATCH bpf-next 1/2] bpf: enforce VFS constraints " sashiko-bot
2026-05-03 20:44 ` bot+bpf-ci
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260503200819.1530328-2-mattbobrowski@google.com \
--to=mattbobrowski@google.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=brauner@kernel.org \
--cc=daniel@iogearbox.net \
--cc=eddyz87@gmail.com \
--cc=jack@suse.cz \
--cc=jolsa@kernel.org \
--cc=martin.lau@linux.dev \
--cc=memxor@gmail.com \
--cc=song@kernel.org \
--cc=viro@zeniv.linux.org.uk \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.