Re: [PATCH v4 09/10] selftests/hornet: Add a selftest for the Hornet LSM

public inbox for bpf@vger.kernel.org
 help / color / mirror / Atom feed

From: sashiko-bot@kernel.org
To: "Blaise Boscaccy" <bboscaccy@linux.microsoft.com>
Cc: bpf@vger.kernel.org
Subject: Re: [PATCH v4 09/10] selftests/hornet: Add a selftest for the Hornet LSM
Date: Thu, 16 Apr 2026 21:55:53 +0000	[thread overview]
Message-ID: <20260416215554.65D28C2BCAF@smtp.kernel.org> (raw)
In-Reply-To: <20260416173500.176716-10-bboscaccy@linux.microsoft.com>

Sashiko AI review found 5 potential issue(s):
- [Medium] Makefile targets lack the `$(OUTPUT)/` prefix, breaking out-of-tree and standard selftest builds.
- [Medium] Hardcoded use of the host's `/sys/kernel/btf/vmlinux` breaks cross-compilation.
- [Medium] The host tool `gen_sig` is compiled using the target compiler, breaking cross-compilation.
- [Medium] Unconditional build dependency on kernel module signing keys.
- [Medium] Incorrect use of `bpf_probe_read_str()` to read user-space memory.
--

commit d3ed81de44873be8726bc1bb9c61643050622647
Author: Blaise Boscaccy <bboscaccy@linux.microsoft.com>

selftests/hornet: Add a selftest for the Hornet LSM

This commit adds a new selftest for the Hornet LSM. It contains a testcase
that utilizes light skeleton eBPF loaders and exercises hornet's map
validation.

> diff --git a/tools/testing/selftests/hornet/Makefile b/tools/testing/selftests/hornet/Makefile
> new file mode 100644
> index 0000000000000..432bce59f54e7
> --- /dev/null
> +++ b/tools/testing/selftests/hornet/Makefile

[ ... ]

> +TEST_GEN_PROGS := loader
> +TEST_GEN_FILES := vmlinux.h loader.h trivial.bpf.o map.bin sig.bin insn.bin signed_loader.h
> +$(TEST_GEN_PROGS): LDLIBS += -lbpf
> +$(TEST_GEN_PROGS): $(TEST_GEN_FILES)
> +
> +include ../lib.mk
> +
> +BPF_CFLAGS := -target bpf \
> +	-D__TARGET_ARCH_$(ARCH) \
> +	-I/usr/include/$(shell uname -m)-linux-gnu \
> +	$(KHDR_INCLUDES)
> +
> +vmlinux.h:

Since ../lib.mk prepends $(OUTPUT)/ to all entries in TEST_GEN_FILES and
TEST_GEN_PROGS, will the generic build infrastructure look for targets like
$(OUTPUT)/vmlinux.h and fall back to default implicit rules because the
custom targets lack the $(OUTPUT)/ prefix?

> +	$(BPFTOOL) btf dump file /sys/kernel/btf/vmlinux format c > vmlinux.h

Does this extract the BTF from the host machine's running kernel instead
of the target kernel? On cross-compiled builds, could this generate
mismatched architecture types?

> +
> +trivial.bpf.o: trivial.bpf.c vmlinux.h
> +	$(CLANG) $(CFLAGS) $(BPF_CFLAGS) -c $< -o $@
> +
> +loader.h: trivial.bpf.o
> +	$(BPFTOOL) gen skeleton -S -k $(CERTDIR)/signing_key.pem -i $(CERTDIR)/signing_key.x509 \

Does this create an unconditional build dependency on the kernel module
signing keys?

If the target kernel is configured without module signing, or the selftests
are built on a clean source tree before the keys are generated, will this
cause the build to fail?

> +		-L $< name trivial > $@
> +
> +insn.bin: loader.h
> +	$(SCRIPTSDIR)/extract-insn.sh $< > $@
> +
> +map.bin: loader.h
> +	$(SCRIPTSDIR)/extract-map.sh $< > $@
> +
> +$(OUTPUT)/gen_sig: ../../../../scripts/hornet/gen_sig.c
> +	$(call msg,GEN_SIG,,$@)
> +	$(Q)$(CC) $(shell $(PKG_CONFIG) --cflags libcrypto 2> /dev/null) \
> +		  $< -o $@ \
> +		  $(shell $(PKG_CONFIG) --libs libcrypto 2> /dev/null || echo -lcrypto)
> +
> +sig.bin: insn.bin map.bin $(OUTPUT)/gen_sig
> +	$(OUTPUT)/gen_sig --key $(CERTDIR)/signing_key.pem --cert $(CERTDIR)/signing_key.x509 \

Since gen_sig is executed locally on the host to generate sig.bin, will
compiling it with $(CC) and $(PKG_CONFIG) (which point to the target
toolchain) cause an Exec format error during cross-compilation?

Should it be compiled using $(HOSTCC) and host pkg-config instead?

[ ... ]

> diff --git a/tools/testing/selftests/hornet/trivial.bpf.c b/tools/testing/selftests/hornet/trivial.bpf.c
> new file mode 100644
> index 0000000000000..d38c5b53ff932
> --- /dev/null
> +++ b/tools/testing/selftests/hornet/trivial.bpf.c

[ ... ]

> +SEC("tracepoint/syscalls/sys_enter_unlinkat")
> +int handle_enter_unlink(struct trace_event_raw_sys_enter *ctx)
> +{
> +	char filename[128] = { 0 };
> +	struct task_struct *task;
> +	unsigned long start_time = 0;
> +	int pid = bpf_get_current_pid_tgid() >> 32;
> +	char *pathname_ptr = (char *) BPF_CORE_READ(ctx, args[1]);
> +
> +	bpf_probe_read_str(filename, sizeof(filename), pathname_ptr);

Since pathname_ptr is extracted from args[1] of the sys_enter_unlinkat
tracepoint, isn't it a user-space pointer?

On architectures with strict user and kernel address space separation, does
bpf_probe_read_str() fail to read this memory?

Should this use bpf_probe_read_user_str() instead?

> +	task = (struct task_struct *)bpf_get_current_task();
> +	start_time = BPF_CORE_READ(task, start_time);

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/20260416173500.176716-1-bboscaccy@linux.microsoft.com?part=9

next prev parent reply	other threads:[~2026-04-16 21:55 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-04-16 17:33 [PATCH v4 00/10] Reintroduce Hornet LSM Blaise Boscaccy
2026-04-16 17:33 ` [PATCH v4 01/10] crypto: pkcs7: add flag for validated trust on a signed info block Blaise Boscaccy
2026-04-16 19:26   ` sashiko-bot
2026-04-16 17:33 ` [PATCH v4 02/10] crypto: pkcs7: add ability to extract signed attributes by OID Blaise Boscaccy
2026-04-16 19:56   ` sashiko-bot
2026-04-16 17:33 ` [PATCH v4 03/10] crypto: pkcs7: add tests for pkcs7_get_authattr Blaise Boscaccy
2026-04-16 20:17   ` sashiko-bot
2026-04-16 17:33 ` [PATCH v4 04/10] lsm: framework for BPF integrity verification Blaise Boscaccy
2026-04-16 17:33 ` [PATCH v4 05/10] lsm: security: Add additional enum values for bpf integrity checks Blaise Boscaccy
2026-04-16 17:33 ` [PATCH v4 06/10] security: Hornet LSM Blaise Boscaccy
2026-04-16 21:24   ` sashiko-bot
2026-04-16 17:33 ` [PATCH v4 07/10] hornet: Introduce gen_sig Blaise Boscaccy
2026-04-16 21:33   ` sashiko-bot
2026-04-16 17:33 ` [PATCH v4 08/10] hornet: Add a light skeleton data extractor scripts Blaise Boscaccy
2026-04-16 21:44   ` sashiko-bot
2026-04-16 17:33 ` [PATCH v4 09/10] selftests/hornet: Add a selftest for the Hornet LSM Blaise Boscaccy
2026-04-16 21:55   ` sashiko-bot [this message]
2026-04-16 17:33 ` [PATCH v4 10/10] ipe: Add BPF program load policy enforcement via Hornet integration Blaise Boscaccy
2026-04-16 21:03   ` Fan Wu
2026-04-16 22:17   ` sashiko-bot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260416215554.65D28C2BCAF@smtp.kernel.org \
    --to=sashiko-bot@kernel.org \
    --cc=bboscaccy@linux.microsoft.com \
    --cc=bpf@vger.kernel.org \
    --cc=sashiko@lists.linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox