BPF List
 help / color / mirror / Atom feed
From: sashiko-bot@kernel.org
To: "Daniel Borkmann" <daniel@iogearbox.net>
Cc: bpf@vger.kernel.org
Subject: Re: [PATCH bpf-next v6 7/8] selftests/bpf: Verify load-time signed loader metadata
Date: Wed, 08 Jul 2026 08:07:05 +0000	[thread overview]
Message-ID: <20260708080705.A1DDD1F00A3D@smtp.kernel.org> (raw)
In-Reply-To: <20260708075343.358712-8-daniel@iogearbox.net>

Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
- [Medium] Missing file descriptor cleanup on unexpected test failure.
--

--- Patch [7]: [PATCH bpf-next v6 7/8] selftests/bpf: Verify load-time signed loader metadata ---
commit 64830bb6cea6aee71f09d788c841cd423f6308e6
Author: Daniel Borkmann <daniel@iogearbox.net>

selftests/bpf: Verify load-time signed loader metadata

This commit updates the signed loader tests to verify load-time signed loader
metadata end to end. It extends the tests with more cases, such as map-less
programs and asserting the LSM admission hook, while retiring the older
subtests that asserted the removed in-loader check.

> diff --git a/tools/testing/selftests/bpf/prog_tests/signed_loader.c b/tools/testing/selftests/bpf/prog_tests/signed_loader.c
> index 5fc417e31fc61..0019492cf07a8 100644
> --- a/tools/testing/selftests/bpf/prog_tests/signed_loader.c
> +++ b/tools/testing/selftests/bpf/prog_tests/signed_loader.c

[ ... ]

> -static void metadata_sha_mismatch(void)
> +static void signature_enforced(void)
>  {
> +	static const __u8 junk[64] = { 0x30, 0x42, 0x13, 0x37, };
>  	struct gen_loader_fixture f;
> -	bool ran;
> -	int r;
> +	int fd;
>  
>  	if (gen_loader_fixture_init(&f) == 0) {
>  		/*
> -		 * blob[0] lives in the loader's fd_array scratch (first add_data in
> -		 * bpf_gen__init); a 0-map program never reads it, so flipping it
> -		 * changes only map->sha. The metadata check is the only thing that
> -		 * can notice -> isolates emit_signature_match.
> +		 * A present-but-invalid signature (the cert bytes are not a
> +		 * PKCS#7 signature) must be rejected at load: the signature
> +		 * path is honored, not ignored. (The valid path is covered by
> +		 * the signed lskels.) Pin -EBADMSG, the PKCS#7 parse failure:
> +		 * a looser fd < 0 check could also be satisfied by the sparse
> +		 * fd_array rejection (-EACCES) that the loader's map reference
> +		 * would trip even if the signature were silently ignored.
>  		 */
> -		f.blob[0] ^= 0xff;
> -		r = run_gen_loader(f.gopts.insns, f.gopts.insns_sz, f.blob,
> -				   f.data_sz, f.excl, sizeof(f.excl), NULL, 0,
> -				   true, f.ctx, f.ctx_sz, &ran);
> -		ASSERT_TRUE(ran, "loader ran");
> -		ASSERT_EQ(r, -EINVAL, "tampered blob rejected by emit_signature_match");
> +		fd = load_loader(f.gopts.insns, f.gopts.insns_sz, -1, junk,
> +				 sizeof(junk), KEY_SPEC_SESSION_KEYRING, 0);
> +		ASSERT_EQ(fd, -EBADMSG, "invalid signature rejected at load");
>  	}
>  	gen_loader_fixture_fini(&f);
>  }

[Severity: Medium]
If the kernel unexpectedly accepts the load during signature_enforced,
load_loader will return a valid file descriptor. Does this file descriptor
leak since the ASSERT_EQ macro allows execution to continue? 

Other tests introduced in this patch, such as signature_failure_logs, use
the following pattern to ensure the file descriptor is closed on test failure:

    if (fd >= 0)
        close(fd);

Would it make sense to include this cleanup here to prevent file descriptor
exhaustion during a cascading test suite failure?

[ ... ]

> @@ -495,12 +573,31 @@ static void signature_too_large(void)
>  		 * is rejected before the buffer is read.
>  		 */
>  		fd = load_loader(f.gopts.insns, f.gopts.insns_sz, -1, junk,
> -				 64 << 20, KEY_SPEC_SESSION_KEYRING);
> +				 64 << 20, KEY_SPEC_SESSION_KEYRING, 0);
>  		ASSERT_EQ(fd, -EINVAL, "oversized signature rejected");
>  	}
>  	gen_loader_fixture_fini(&f);
>  }
>  
> +static void signature_zero_size(void)
> +{
> +	static const __u8 junk[64] = {};
> +	struct gen_loader_fixture f;
> +	int fd;
> +
> +	if (gen_loader_fixture_init(&f) == 0) {
> +		/*
> +		 * A present signature with signature_size == 0 is rejected
> +		 * up front, before the keyring is resolved or the signature
> +		 * buffer is read.
> +		 */
> +		fd = load_loader(f.gopts.insns, f.gopts.insns_sz, -1, junk,
> +				 0, KEY_SPEC_SESSION_KEYRING, 0);
> +		ASSERT_EQ(fd, -EINVAL, "zero-size signature rejected");
> +	}
> +	gen_loader_fixture_fini(&f);
> +}
> +
>  static void signature_bad_keyring(void)
>  {
>  	static const __u8 junk[64] = {};
> @@ -515,7 +612,7 @@ static void signature_bad_keyring(void)
>  		 * large positive serial takes the user-keyring path and won't exist.
>  		 */
>  		fd = load_loader(f.gopts.insns, f.gopts.insns_sz, -1, junk,
> -				 sizeof(junk), INT_MAX);
> +				 sizeof(junk), INT_MAX, 0);
>  		ASSERT_EQ(fd, -EINVAL, "signature with bad keyring_id rejected");
>  	}
>  	gen_loader_fixture_fini(&f);

[Severity: Medium]
Similar to signature_enforced, if load_loader unexpectedly succeeds in the
newly added signature_zero_size test, or in the updated signature_too_large
and signature_bad_keyring tests, could this result in leaked file descriptors?

Adding the same close cleanup check here might help prevent test environment
instability if these assertions ever fail.

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/20260708075343.358712-1-daniel@iogearbox.net?part=7

  reply	other threads:[~2026-07-08  8:07 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-07-08  7:53 [PATCH bpf-next v6 0/8] Verify BPF signed loader at load time Daniel Borkmann
2026-07-08  7:53 ` [PATCH bpf-next v6 1/8] bpf: Resolve and cache fd_array objects " Daniel Borkmann
2026-07-08  7:53 ` [PATCH bpf-next v6 2/8] bpf: Verify signed loader metadata " Daniel Borkmann
2026-07-08  7:53 ` [PATCH bpf-next v6 3/8] libbpf: Drop in-loader metadata check for load-time verification Daniel Borkmann
2026-07-08  8:15   ` sashiko-bot
2026-07-08  8:20     ` Daniel Borkmann
2026-07-08  7:53 ` [PATCH bpf-next v6 4/8] bpftool: Check EVP_Digest when computing excl_prog_hash Daniel Borkmann
2026-07-08  8:55   ` Quentin Monnet
2026-07-08  7:53 ` [PATCH bpf-next v6 5/8] bpftool: Cover loader metadata with the program signature Daniel Borkmann
2026-07-08  8:55   ` Quentin Monnet
2026-07-08  7:53 ` [PATCH bpf-next v6 6/8] selftests/bpf: Adjust bpf_map layout in verifier_map_ptr Daniel Borkmann
2026-07-08  8:14   ` sashiko-bot
2026-07-08  8:16     ` Daniel Borkmann
2026-07-08  7:53 ` [PATCH bpf-next v6 7/8] selftests/bpf: Verify load-time signed loader metadata Daniel Borkmann
2026-07-08  8:07   ` sashiko-bot [this message]
2026-07-08  8:26     ` Daniel Borkmann
2026-07-08  7:53 ` [PATCH bpf-next v6 8/8] Documentation/bpf: Add BPF signing and enforcement doc Daniel Borkmann
2026-07-08 18:30 ` [PATCH bpf-next v6 0/8] Verify BPF signed loader at load time patchwork-bot+netdevbpf

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260708080705.A1DDD1F00A3D@smtp.kernel.org \
    --to=sashiko-bot@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=sashiko-reviews@lists.linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox