From: Blaise Boscaccy <bboscaccy@linux.microsoft.com>
To: Paul Moore <paul@paul-moore.com>
Cc: James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
John Fastabend <john.fastabend@gmail.com>,
Andrii Nakryiko <andrii@kernel.org>,
Martin KaFai Lau <martin.lau@linux.dev>,
Eduard Zingerman <eddyz87@gmail.com>, Song Liu <song@kernel.org>,
Yonghong Song <yonghong.song@linux.dev>,
KP Singh <kpsingh@kernel.org>,
Stanislav Fomichev <sdf@fomichev.me>, Hao Luo <haoluo@google.com>,
Jiri Olsa <jolsa@kernel.org>,
Stephen Smalley <stephen.smalley.work@gmail.com>,
Ondrej Mosnacek <omosnace@redhat.com>,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, bpf@vger.kernel.org,
selinux@vger.kernel.org
Subject: Re: [PATCH v4 bpf-next 2/2] selftests/bpf: Add is_kernel parameter to LSM/bpf test programs
Date: Tue, 04 Mar 2025 17:25:50 -0800 [thread overview]
Message-ID: <877c54jmjl.fsf@microsoft.com> (raw)
In-Reply-To: <CAHC9VhS5Gnj98K4fBCq3hDXjmj1Zt9WWqoOiTrwH85CDSTGEYA@mail.gmail.com>
Paul Moore <paul@paul-moore.com> writes:
> On Tue, Mar 4, 2025 at 3:31 PM Blaise Boscaccy
> <bboscaccy@linux.microsoft.com> wrote:
>>
>> The security_bpf LSM hook now contains a boolean parameter specifying
>> whether an invocation of the bpf syscall originated from within the
>> kernel. Here, we update the function signature of relevant test
>> programs to include that new parameter.
>>
>> Signed-off-by: Blaise Boscaccy bboscaccy@linux.microsoft.com
>> ---
>> tools/testing/selftests/bpf/progs/rcu_read_lock.c | 3 ++-
>> tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c | 4 ++--
>> tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c | 6 +++---
>> tools/testing/selftests/bpf/progs/test_lookup_key.c | 2 +-
>> tools/testing/selftests/bpf/progs/test_ptr_untrusted.c | 2 +-
>> tools/testing/selftests/bpf/progs/test_task_under_cgroup.c | 2 +-
>> tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c | 2 +-
>> 7 files changed, 11 insertions(+), 10 deletions(-)
>
> I see that Song requested that the changes in this patch be split out
> back in the v3 revision, will that cause git bisect issues if patch
> 1/2 is applied but patch 2/2 is not, or is there some BPF magic that
> ensures that the selftests will still run properly?
>
So there isn't any type checking in the bpf program's function
arguments against the LSM hook definitions, so it shouldn't cause any
build issues. To the best of my knowledge, the new is_kernel boolean
flag will end up living in r3. None of the current tests reference
that parameter, so if we bisected and ended up on the previous commit,
the bpf test programs would in a worst-case scenario simply clobber that
register, which shouldn't effect any test outcomes unless a test program
was somehow dependent on an uninitialized value in a scratch register.
-blaise
> --
> paul-moore.com
next prev parent reply other threads:[~2025-03-05 1:26 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-04 20:30 [PATCH v4 bpf-next 0/2] security: Propagate caller information in bpf hooks Blaise Boscaccy
2025-03-04 20:30 ` [PATCH v4 bpf-next 1/2] " Blaise Boscaccy
2025-03-05 0:46 ` Paul Moore
2025-03-04 20:30 ` [PATCH v4 bpf-next 2/2] selftests/bpf: Add is_kernel parameter to LSM/bpf test programs Blaise Boscaccy
2025-03-04 23:19 ` Song Liu
2025-03-05 0:36 ` Blaise Boscaccy
2025-03-05 3:27 ` Song Liu
2025-03-05 0:40 ` Paul Moore
2025-03-05 1:25 ` Blaise Boscaccy [this message]
2025-03-05 2:14 ` Paul Moore
2025-03-05 3:32 ` Song Liu
2025-03-05 16:12 ` Paul Moore
2025-03-05 17:08 ` Alexei Starovoitov
2025-03-05 17:20 ` Song Liu
2025-03-05 20:12 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=877c54jmjl.fsf@microsoft.com \
--to=bboscaccy@linux.microsoft.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=eddyz87@gmail.com \
--cc=haoluo@google.com \
--cc=jmorris@namei.org \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kpsingh@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=martin.lau@linux.dev \
--cc=omosnace@redhat.com \
--cc=paul@paul-moore.com \
--cc=sdf@fomichev.me \
--cc=selinux@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=song@kernel.org \
--cc=stephen.smalley.work@gmail.com \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).