From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-qk1-f173.google.com (mail-qk1-f173.google.com [209.85.222.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 443B11B78F3 for ; Mon, 27 Apr 2026 00:16:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.222.173 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777248975; cv=none; b=Gdw4Nr/ROopXAuvSIO+maHAxMPZ81KXAFxvtUYisdQuviiBrIvmphDl02GqJIDL5wlESMnwvQCTYWIvWRL42ZfP6LoVv7RueD2yP6zUaNQlC6Fd510EwzeGr6GpWeg1OO4zXGWqqa9n+nfctfAVoJyYV8M7HidM1n4PP0g2Nq6I= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777248975; c=relaxed/simple; bh=NjT6WS99dzsH0BNHG0qiOHBrOhXLz3TwFeCMkEzyuU4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=eFEk348tjk/t4ba9yfH4wl21yAJqP5RAPk5zfARiDBfusHAtW0Wx8hKgMN1PAJ1tD+xgdQZ442XzS8XaGnqcrUnSKGAY3zkBhDLa0YJdp+hCCDw86MgPX8uMTIkwG5NsnftEnGyt/HKmQJSgGCSyjmFtxmFFnRmn5N00EhnD2JQ= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Jeo4rHrz; arc=none smtp.client-ip=209.85.222.173 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Jeo4rHrz" Received: by mail-qk1-f173.google.com with SMTP id af79cd13be357-8f0579401c4so566545685a.3 for ; Sun, 26 Apr 2026 17:16:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777248973; x=1777853773; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=wrEKOElBE1O+qzK7jpp9/RCzGfUO3JW960CxJ57Fjyc=; b=Jeo4rHrzN9MXkd4r4GVp0x1dC9avVGEfwPZoHuX2EMILEDyd99CRUdfSf6G3bmwtqi kTbxVmNEf8lM3F7Q4zb5W9+3YOFphzwQ5hoyqr81oKx5xgvN4svY8lLkB0T9fuUbUTwz SKW9ssU2jh9Zx3D+ghfdTxFi1cAJ19o5MLktdyhJXQ+BhVBBNIXqIijzHEoH2wAJNOnH uiOHhInUF6CT5hnifgzJ6XU1HGctS7D3GizZh1vFXKWatsw+RwzF/f3Pj5crJDJJexDc Qys4WncRswla+GMCr6mWA0wfeJGztcYMtLlBc+Iv9abBfU53bayc04riRuRF5pLwpf/M +BWQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777248973; x=1777853773; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=wrEKOElBE1O+qzK7jpp9/RCzGfUO3JW960CxJ57Fjyc=; b=EiXghNt7497iOSzOrL4s0UjhNlbv6SyACGkvnE/CzlIu2EPFDxQOQuhgXmWV5o0P0O xEaa00MYBF4RUQxt3GW/xmLNmEgaBFYRSfYIZTrQOz0ZG5TEcozAzE/sE3syN5ic4r+M e5PO9X6ZvXW3YxY2nUiJGHiCWnZqmkw6j8pPvkLyfaHdcxcadWRRIFrm9NiFwaZ0dWjp SOraHLIv0FmBeI0yZUilxfRLB7dVYi6V1TU7j8MOL+SEdZ+rvjzyljhy/EFW07IR2Tex l1uf5t5B+tugN/m+zVhdbo536/X1wtKri0ewkPLYKRXwr8RcnCxwi7QvCG+Wa0i/OFaz INPg== X-Forwarded-Encrypted: i=1; AFNElJ/wGH5kznQf7gSCvj4HkxhGgcMD/okMgAdvIpcX4Z+al56gITSiMBzmEyHmaQrH9mZ8rtEGDLxyWynQzB8=@vger.kernel.org X-Gm-Message-State: AOJu0Yx2hIvyU1HvxH73WqMthrV6323kIC/LkLXR+4gtuQ+J4qltIEHx Wm7FyNComEpkjJ1rrpEHtszsjjHrMROqGLaybSurH2cwq/1DoEFjAopb X-Gm-Gg: AeBDiesGzDwpxdnTKMO0n3zEim3GIqzlp/F8ptM79NW736YAwOjLRCsj5KgUYUssSms YiEVrY2L9gog2mQf+vX10iWDxeCWtdJ9g3PCZsjihw625j38HdDbLZsmXFuxo1uelW7LePGhw6b ouArAG2OdZ+dnJYus8dBaRAjkzmSazUKc3jbFQTh4dIDUlrt1kuPaTmPV9env/mKUzCG2/XJOe1 ijuIHNuRZAE9gQ3a8lAQc87MzOkhXeSVPBZ9l3+DCOn67wCN/jLxUymhhZcNYylLY66N90boz6R FLrinugwCA4Ra6HhCQIBLNJo7+xBw6IYGmR9nhYVkXePPDTb/XSS1ZrCUrBzDBEswErT6PmypB6 laDPRZjRfaw/kBMpQDA3VcKwV63Y718iQlinOmOe4RGew4o2meLpiKaK2Jd2TxetvbC2z/2Tv3S x4JnYWE5YFxz7difEf1Oolpb8BGoDjmcr/VCqmQ7uV7Em7C31D1BGJXgEyvTqGV6Ts5qY7I52Ss GSVhwJ2C1zgS6cJsKuF1w9e5HoPzd+vTfOwVURKtC/4CxTSKikn1ItjgzD58GI= X-Received: by 2002:a05:620a:2913:b0:8cd:94f9:1bb1 with SMTP id af79cd13be357-8e79010e10emr5699714285a.27.1777248973121; Sun, 26 Apr 2026 17:16:13 -0700 (PDT) Received: from battery.lan (pool-100-15-227-251.washdc.fios.verizon.net. [100.15.227.251]) by smtp.gmail.com with ESMTPSA id af79cd13be357-8e7d6ba19c3sm2464025485a.21.2026.04.26.17.16.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 26 Apr 2026 17:16:12 -0700 (PDT) From: David Windsor To: Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Eduard Zingerman , Kumar Kartikeya Dwivedi , Shuah Khan Cc: David Windsor , Martin KaFai Lau , Song Liu , Yonghong Song , Jiri Olsa , linux-kernel@vger.kernel.org, bpf@vger.kernel.org, linux-kselftest@vger.kernel.org Subject: [PATCH bpf-next 2/2] selftests/bpf: add tests for bpf_init_inode_xattr kfunc Date: Sun, 26 Apr 2026 20:15:58 -0400 Message-ID: <20260427001602.38353-3-dwindsor@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260427001602.38353-1-dwindsor@gmail.com> References: <20260427001602.38353-1-dwindsor@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Test bpf atomic inode xattr labeling in inode_init_security. Signed-off-by: David Windsor --- tools/testing/selftests/bpf/bpf_kfuncs.h | 3 ++ .../selftests/bpf/prog_tests/fs_kfuncs.c | 49 +++++++++++++++++++ .../bpf/progs/test_init_inode_xattr.c | 32 ++++++++++++ 3 files changed, 84 insertions(+) create mode 100644 tools/testing/selftests/bpf/progs/test_init_inode_xattr.c diff --git a/tools/testing/selftests/bpf/bpf_kfuncs.h b/tools/testing/selftests/bpf/bpf_kfuncs.h index ae71e9b69051..15507a406266 100644 --- a/tools/testing/selftests/bpf/bpf_kfuncs.h +++ b/tools/testing/selftests/bpf/bpf_kfuncs.h @@ -92,4 +92,7 @@ extern int bpf_set_dentry_xattr(struct dentry *dentry, const char *name__str, const struct bpf_dynptr *value_p, int flags) __ksym __weak; extern int bpf_remove_dentry_xattr(struct dentry *dentry, const char *name__str) __ksym __weak; +extern int bpf_init_inode_xattr(const char *name__str, + const struct bpf_dynptr *value_p) __ksym __weak; + #endif diff --git a/tools/testing/selftests/bpf/prog_tests/fs_kfuncs.c b/tools/testing/selftests/bpf/prog_tests/fs_kfuncs.c index 43a26ec69a8e..26daef116ee2 100644 --- a/tools/testing/selftests/bpf/prog_tests/fs_kfuncs.c +++ b/tools/testing/selftests/bpf/prog_tests/fs_kfuncs.c @@ -9,6 +9,7 @@ #include #include "test_get_xattr.skel.h" #include "test_set_remove_xattr.skel.h" +#include "test_init_inode_xattr.skel.h" #include "test_fsverity.skel.h" static const char testfile[] = "/tmp/test_progs_fs_kfuncs"; @@ -268,6 +269,51 @@ static void test_fsverity(void) remove(testfile); } +static void test_init_inode_xattr(void) +{ + struct test_init_inode_xattr *skel = NULL; + int fd = -1, err; + char value_out[32]; + const char *testfile_new = "/tmp/test_progs_fs_kfuncs_new"; + + skel = test_init_inode_xattr__open_and_load(); + if (!ASSERT_OK_PTR(skel, "test_init_inode_xattr__open_and_load")) + return; + + skel->bss->monitored_pid = getpid(); + err = test_init_inode_xattr__attach(skel); + if (!ASSERT_OK(err, "test_init_inode_xattr__attach")) + goto out; + + /* Create a new file — this triggers inode_init_security */ + fd = open(testfile_new, O_CREAT | O_RDWR, 0644); + if (!ASSERT_GE(fd, 0, "create_file")) + goto out; + + ASSERT_EQ(skel->data->init_result, 0, "init_result"); + + /* The initxattrs callback prepends "security." to the name */ + err = getxattr(testfile_new, "security.bpf.test_label", value_out, + sizeof(value_out)); + if (err < 0 && errno == ENODATA) { + printf("%s:SKIP:filesystem did not apply LSM xattrs\n", + __func__); + test__skip(); + goto out; + } + if (!ASSERT_GE(err, 0, "getxattr")) + goto out; + + ASSERT_EQ(err, (int)sizeof(skel->data->xattr_value), "xattr_size"); + ASSERT_EQ(strncmp(value_out, "test_value", + sizeof("test_value")), 0, "xattr_value"); + +out: + close(fd); + test_init_inode_xattr__destroy(skel); + remove(testfile_new); +} + void test_fs_kfuncs(void) { /* Matches xattr_names in progs/test_get_xattr.c */ @@ -286,6 +332,9 @@ void test_fs_kfuncs(void) if (test__start_subtest("set_remove_xattr")) test_set_remove_xattr(); + if (test__start_subtest("init_inode_xattr")) + test_init_inode_xattr(); + if (test__start_subtest("fsverity")) test_fsverity(); } diff --git a/tools/testing/selftests/bpf/progs/test_init_inode_xattr.c b/tools/testing/selftests/bpf/progs/test_init_inode_xattr.c new file mode 100644 index 000000000000..450798893566 --- /dev/null +++ b/tools/testing/selftests/bpf/progs/test_init_inode_xattr.c @@ -0,0 +1,32 @@ +// SPDX-License-Identifier: GPL-2.0 +/* Copyright (c) 2025 Isovalent, a Cisco company. */ + +#include "vmlinux.h" +#include +#include +#include "bpf_kfuncs.h" + +char _license[] SEC("license") = "GPL"; + +__u32 monitored_pid; +int init_result = -1; + +const char xattr_name[] = "bpf.test_label"; +char xattr_value[] = "test_value"; + +SEC("lsm/inode_init_security") +int BPF_PROG(test_init_inode_xattr, struct inode *inode, struct inode *dir, + const struct qstr *qstr, struct xattr *xattrs, int *xattr_count) +{ + struct bpf_dynptr value_ptr; + __u32 pid; + + pid = bpf_get_current_pid_tgid() >> 32; + if (pid != monitored_pid) + return 0; + + bpf_dynptr_from_mem(xattr_value, sizeof(xattr_value), 0, &value_ptr); + init_result = bpf_init_inode_xattr(xattr_name, &value_ptr); + + return 0; +} -- 2.53.0