Re: [PATCH bpf 2/2] selftests/bpf: Add return value tests for lsm cgroup

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Emil Tsalapatis" <emil@etsalapatis.com>
To: "Xu Kuohai" <xukuohai@huaweicloud.com>, <bpf@vger.kernel.org>,
	<linux-kernel@vger.kernel.org>
Cc: "Alexei Starovoitov" <ast@kernel.org>,
	"Daniel Borkmann" <daniel@iogearbox.net>,
	"Andrii Nakryiko" <andrii@kernel.org>,
	"Martin KaFai Lau" <martin.lau@linux.dev>,
	"Eduard Zingerman" <eddyz87@gmail.com>,
	"Kumar Kartikeya Dwivedi" <memxor@gmail.com>,
	"Yonghong Song" <yonghong.song@linux.dev>,
	"Stanislav Fomichev" <sdf@fomichev.me>,
	"Matt Bobrowski" <mattbobrowski@google.com>,
	"Quan Sun" <2022090917019@std.uestc.edu.cn>
Subject: Re: [PATCH bpf 2/2] selftests/bpf: Add return value tests for lsm cgroup
Date: Mon, 25 May 2026 14:43:51 -0400	[thread overview]
Message-ID: <DIRZ9UKO3BLX.3ARMDFHZ5CQIA@etsalapatis.com> (raw)
In-Reply-To: <20260523085806.417723-3-xukuohai@huaweicloud.com>

On Sat May 23, 2026 at 4:58 AM EDT, Xu Kuohai wrote:
> From: Xu Kuohai <xukuohai@huawei.com>
>
> Add tests to check return values set by bpf_set_retval() helper for lsm
> cgroup programs.

After fixing the task_struct arg feel free to add:

Reviewed-by: Emil Tsalapatis <emil@etsalapatis.com>

Nit: The test messages are kinda obscure, could you replace -4095~0 with "valid errno or
success" or something similar? E.g., test1/2/3/4 could be described as
"success"/"valid errno"/"invalid errno"/invalid value" instead of numbers.

>
> Signed-off-by: Xu Kuohai <xukuohai@huawei.com>
> ---
>  .../selftests/bpf/progs/verifier_lsm.c        | 45 +++++++++++++++++++
>  1 file changed, 45 insertions(+)
>
> diff --git a/tools/testing/selftests/bpf/progs/verifier_lsm.c b/tools/testing/selftests/bpf/progs/verifier_lsm.c
> index 38e8e9176862..2072671ed643 100644
> --- a/tools/testing/selftests/bpf/progs/verifier_lsm.c
> +++ b/tools/testing/selftests/bpf/progs/verifier_lsm.c
> @@ -188,4 +188,49 @@ int BPF_PROG(null_check, struct file *file)
>  	return 0;
>  }
>  
> +SEC("lsm_cgroup/socket_create")
> +__description("lsm_cgroup with -4095~0 retval test 1")
> +__success
> +int BPF_PROG(lsm_cgroup_set_retval_zero_valid, struct task_struct *task)
> +{
> +	bpf_set_retval(0);
> +	return 0;
> +}
> +
> +SEC("lsm_cgroup/socket_create")
> +__description("lsm_cgroup with -4095~0 retval test 2")
> +__success
> +int BPF_PROG(lsm_cgroup_set_retval_negative_valid, struct task_struct *task)
> +{
> +	bpf_set_retval(-12);
> +	return 0;
> +}
> +
> +SEC("lsm_cgroup/socket_create")
> +__description("lsm_cgroup with -4095~0 retval test 3")
> +__failure __msg("should have been in [-4095, 0]")
> +int BPF_PROG(lsm_cgroup_set_retval_negative_invalid, struct task_struct *task)
> +{
> +	bpf_set_retval(-4096);
> +	return 0;
> +}
> +
> +SEC("lsm_cgroup/socket_create")
> +__description("lsm_cgroup with -4095~0 retval test 4")
> +__failure __msg("should have been in [-4095, 0]")
> +int BPF_PROG(lsm_cgroup_set_retval_positive_invalid, struct task_struct *task)
> +{
> +	bpf_set_retval(1);
> +	return 0;
> +}
> +
> +SEC("lsm_cgroup/file_release")
> +__description("lsm_cgroup bpf_set_retval on void hook test")
> +__failure __msg("BPF_LSM_CGROUP that attach to void LSM hooks can't modify return value")
> +int BPF_PROG(lsm_cgroup_set_retval_for_void_hook, struct file *file)
> +{
> +	bpf_set_retval(0);
> +	return 0;
> +}
> +
>  char _license[] SEC("license") = "GPL";

next prev parent reply	other threads:[~2026-05-25 18:43 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-05-23  8:58 [PATCH bpf 0/2] Add return value check for BPF_LSM_CGROUP Xu Kuohai
2026-05-23  8:58 ` [PATCH bpf 1/2] bpf: " Xu Kuohai
2026-05-23  9:48   ` sashiko-bot
2026-05-25  8:57     ` Xu Kuohai
2026-05-23  8:58 ` [PATCH bpf 2/2] selftests/bpf: Add return value tests for lsm cgroup Xu Kuohai
2026-05-23 10:08   ` sashiko-bot
2026-05-25  1:56     ` Xu Kuohai
2026-05-25 18:43   ` Emil Tsalapatis [this message]
2026-05-26  7:56     ` Xu Kuohai

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=DIRZ9UKO3BLX.3ARMDFHZ5CQIA@etsalapatis.com \
    --to=emil@etsalapatis.com \
    --cc=2022090917019@std.uestc.edu.cn \
    --cc=andrii@kernel.org \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=eddyz87@gmail.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=martin.lau@linux.dev \
    --cc=mattbobrowski@google.com \
    --cc=memxor@gmail.com \
    --cc=sdf@fomichev.me \
    --cc=xukuohai@huaweicloud.com \
    --cc=yonghong.song@linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.