From: Andrii Nakryiko <andrii@kernel.org>
To: <bpf@vger.kernel.org>
Cc: <linux-security-module@vger.kernel.org>, <keescook@chromium.org>,
<brauner@kernel.org>, <lennart@poettering.net>,
<cyphar@cyphar.com>, <luto@kernel.org>, <kernel-team@meta.com>
Subject: [PATCH v2 bpf-next 18/18] selftests/bpf: add BPF token-enabled BPF_PROG_LOAD tests
Date: Wed, 7 Jun 2023 16:53:52 -0700 [thread overview]
Message-ID: <20230607235352.1723243-19-andrii@kernel.org> (raw)
In-Reply-To: <20230607235352.1723243-1-andrii@kernel.org>
Add a test validating that BPF token can be used to load privileged BPF
program using privileged BPF helpers through delegated BPF token created
by privileged process.
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
---
.../testing/selftests/bpf/prog_tests/token.c | 62 +++++++++++++++++++
1 file changed, 62 insertions(+)
diff --git a/tools/testing/selftests/bpf/prog_tests/token.c b/tools/testing/selftests/bpf/prog_tests/token.c
index ff8ada405576..eea39a91bbaa 100644
--- a/tools/testing/selftests/bpf/prog_tests/token.c
+++ b/tools/testing/selftests/bpf/prog_tests/token.c
@@ -4,6 +4,7 @@
#include <test_progs.h>
#include <bpf/btf.h>
#include "cap_helpers.h"
+#include <linux/filter.h>
static int drop_priv_caps(__u64 *old_caps)
{
@@ -187,6 +188,65 @@ static void subtest_btf_token(void)
ASSERT_OK(restore_priv_caps(old_caps), "restore_caps");
}
+static void subtest_prog_token(void)
+{
+ LIBBPF_OPTS(bpf_token_create_opts, token_opts);
+ LIBBPF_OPTS(bpf_prog_load_opts, prog_opts);
+ int token_fd = 0, prog_fd = 0;
+ __u64 old_caps = 0;
+ struct bpf_insn insns[] = {
+ /* bpf_jiffies64() requires CAP_BPF */
+ BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_jiffies64),
+ /* bpf_get_current_task() requires CAP_PERFMON */
+ BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_get_current_task),
+ /* r0 = 0; exit; */
+ BPF_MOV64_IMM(BPF_REG_0, 0),
+ BPF_EXIT_INSN(),
+ };
+ size_t insn_cnt = ARRAY_SIZE(insns);
+
+ /* create BPF token allowing BPF_PROG_LOAD command */
+ token_opts.flags = 0;
+ token_opts.allowed_cmds = 1ULL << BPF_PROG_LOAD;
+ token_opts.allowed_prog_types = 1ULL << BPF_PROG_TYPE_XDP;
+ token_opts.allowed_attach_types = 1ULL << BPF_XDP;
+ token_fd = bpf_token_create(&token_opts);
+ if (!ASSERT_GT(token_fd, 0, "token_create"))
+ return;
+
+ /* drop privileges to test token_fd passing */
+ if (!ASSERT_OK(drop_priv_caps(&old_caps), "drop_caps"))
+ goto cleanup;
+
+ /* validate we can successfully load BPF program with token; this
+ * being XDP program (CAP_NET_ADMIN) using bpf_jiffies64() (CAP_BPF)
+ * and bpf_get_current_task() (CAP_PERFMON) helpers validates we have
+ * BPF token wired properly in a bunch of places in the kernel
+ */
+ prog_opts.token_fd = token_fd;
+ prog_opts.expected_attach_type = BPF_XDP;
+ prog_fd = bpf_prog_load(BPF_PROG_TYPE_XDP, "token_prog", "GPL",
+ insns, insn_cnt, &prog_opts);
+ if (!ASSERT_GT(prog_fd, 0, "prog_fd"))
+ goto cleanup;
+ close(prog_fd);
+
+ /* now validate that we *cannot* load BPF program without token */
+ prog_opts.token_fd = 0;
+ prog_fd = bpf_prog_load(BPF_PROG_TYPE_XDP, "token_prog", "GPL",
+ insns, insn_cnt, &prog_opts);
+ if (!ASSERT_EQ(prog_fd, -EPERM, "prog_fd_eperm"))
+ goto cleanup;
+
+cleanup:
+ if (prog_fd > 0)
+ close(prog_fd);
+ if (token_fd)
+ close(token_fd);
+ if (old_caps)
+ ASSERT_OK(restore_priv_caps(old_caps), "restore_caps");
+}
+
void test_token(void)
{
if (test__start_subtest("token_create"))
@@ -195,4 +255,6 @@ void test_token(void)
subtest_map_token();
if (test__start_subtest("btf_token"))
subtest_btf_token();
+ if (test__start_subtest("prog_token"))
+ subtest_prog_token();
}
--
2.34.1
next prev parent reply other threads:[~2023-06-07 23:54 UTC|newest]
Thread overview: 72+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-07 23:53 [PATCH v2 bpf-next 00/18] BPF token Andrii Nakryiko
2023-06-07 23:53 ` [PATCH v2 bpf-next 01/18] bpf: introduce BPF token object Andrii Nakryiko
2023-06-07 23:53 ` [PATCH v2 bpf-next 02/18] libbpf: add bpf_token_create() API Andrii Nakryiko
2023-06-07 23:53 ` [PATCH v2 bpf-next 03/18] selftests/bpf: add BPF_TOKEN_CREATE test Andrii Nakryiko
2023-06-07 23:53 ` [PATCH v2 bpf-next 04/18] bpf: move unprivileged checks into map_create() and bpf_prog_load() Andrii Nakryiko
2023-06-07 23:53 ` [PATCH v2 bpf-next 05/18] bpf: inline map creation logic in map_create() function Andrii Nakryiko
2023-06-07 23:53 ` [PATCH v2 bpf-next 06/18] bpf: centralize permissions checks for all BPF map types Andrii Nakryiko
2023-06-07 23:53 ` [PATCH v2 bpf-next 07/18] bpf: add BPF token support to BPF_MAP_CREATE command Andrii Nakryiko
2023-06-07 23:53 ` [PATCH v2 bpf-next 08/18] libbpf: add BPF token support to bpf_map_create() API Andrii Nakryiko
2023-06-07 23:53 ` [PATCH v2 bpf-next 09/18] selftests/bpf: add BPF token-enabled test for BPF_MAP_CREATE command Andrii Nakryiko
2023-06-07 23:53 ` [PATCH v2 bpf-next 10/18] bpf: add BPF token support to BPF_BTF_LOAD command Andrii Nakryiko
2023-06-07 23:53 ` [PATCH v2 bpf-next 11/18] libbpf: add BPF token support to bpf_btf_load() API Andrii Nakryiko
2023-06-07 23:53 ` [PATCH v2 bpf-next 12/18] selftests/bpf: add BPF token-enabled BPF_BTF_LOAD selftest Andrii Nakryiko
2023-06-07 23:53 ` [PATCH v2 bpf-next 13/18] bpf: keep BPF_PROG_LOAD permission checks clear of validations Andrii Nakryiko
2023-06-07 23:53 ` [PATCH v2 bpf-next 14/18] bpf: add BPF token support to BPF_PROG_LOAD command Andrii Nakryiko
2023-06-07 23:53 ` [PATCH v2 bpf-next 15/18] bpf: take into account BPF token when fetching helper protos Andrii Nakryiko
2023-06-07 23:53 ` [PATCH v2 bpf-next 16/18] bpf: consistenly use BPF token throughout BPF verifier logic Andrii Nakryiko
2023-06-07 23:53 ` [PATCH v2 bpf-next 17/18] libbpf: add BPF token support to bpf_prog_load() API Andrii Nakryiko
2023-06-07 23:53 ` Andrii Nakryiko [this message]
2023-06-08 18:49 ` [PATCH v2 bpf-next 00/18] BPF token Stanislav Fomichev
2023-06-08 22:17 ` Andrii Nakryiko
2023-06-09 11:17 ` Toke Høiland-Jørgensen
2023-06-09 18:21 ` Andrii Nakryiko
2023-06-09 21:21 ` Toke Høiland-Jørgensen
2023-06-09 22:03 ` Andrii Nakryiko
2023-06-12 10:49 ` Toke Høiland-Jørgensen
2023-06-12 22:08 ` Andrii Nakryiko
2023-06-13 21:48 ` Hao Luo
2023-06-14 12:06 ` Toke Høiland-Jørgensen
2023-06-15 22:55 ` Andrii Nakryiko
2023-06-09 18:32 ` Andy Lutomirski
2023-06-09 19:08 ` Andrii Nakryiko
2023-06-19 17:40 ` Andy Lutomirski
2023-06-21 23:48 ` Andrii Nakryiko
2023-06-22 8:22 ` Maryam Tahhan
2023-06-22 16:49 ` Andy Lutomirski
[not found] ` <5a75d1f0-4ed9-399c-4851-2df0755de9b5@redhat.com>
2023-06-22 18:40 ` Andrii Nakryiko
2023-06-22 21:04 ` Maryam Tahhan
2023-06-22 23:35 ` Andrii Nakryiko
2023-06-23 1:02 ` Andy Lutomirski
2023-06-23 15:10 ` Andy Lutomirski
2023-06-23 23:23 ` Daniel Borkmann
2023-06-24 13:59 ` Andy Lutomirski
2023-06-24 15:28 ` Andy Lutomirski
2023-06-26 15:23 ` Daniel Borkmann
2023-07-04 20:48 ` Andy Lutomirski
2023-07-04 21:06 ` Andy Lutomirski
2023-06-27 10:22 ` Djalal Harouni
2023-06-26 22:31 ` Andrii Nakryiko
2023-06-26 22:08 ` Andrii Nakryiko
2023-06-22 19:05 ` Andrii Nakryiko
2023-06-23 3:28 ` Andy Lutomirski
2023-06-23 16:13 ` Casey Schaufler
2023-06-26 22:08 ` Andrii Nakryiko
2023-06-22 18:20 ` Andrii Nakryiko
2023-06-23 23:07 ` Toke Høiland-Jørgensen
2023-06-26 22:08 ` Andrii Nakryiko
2023-07-04 21:05 ` Andy Lutomirski
2023-06-09 22:29 ` Djalal Harouni
2023-06-09 22:57 ` Andrii Nakryiko
2023-06-12 12:02 ` Djalal Harouni
2023-06-12 14:31 ` Djalal Harouni
2023-06-12 22:27 ` Andrii Nakryiko
2023-06-14 0:23 ` Djalal Harouni
2023-06-14 9:39 ` Christian Brauner
2023-06-15 22:48 ` Andrii Nakryiko
2023-06-23 22:18 ` Daniel Borkmann
2023-06-26 22:08 ` Andrii Nakryiko
2023-06-15 22:47 ` Andrii Nakryiko
2023-06-12 12:44 ` Dave Tucker
2023-06-12 15:52 ` Djalal Harouni
2023-06-12 23:04 ` Andrii Nakryiko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230607235352.1723243-19-andrii@kernel.org \
--to=andrii@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=brauner@kernel.org \
--cc=cyphar@cyphar.com \
--cc=keescook@chromium.org \
--cc=kernel-team@meta.com \
--cc=lennart@poettering.net \
--cc=linux-security-module@vger.kernel.org \
--cc=luto@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).