diff mbox series

[v4,bpf-next,2/2] selftests/bpf: Add is_kernel parameter to LSM/bpf test programs

Message ID 20250304203123.3935371-3-bboscaccy@linux.microsoft.com (mailing list archive)
State New
Delegated to: BPF
Headers show
Series security: Propagate caller information in bpf hooks | expand

Checks

Context Check Description
bpf/vmtest-bpf-next-PR success PR summary
netdev/series_format success Posting correctly formatted
netdev/tree_selection success Clearly marked for bpf-next
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 0 this patch: 0
netdev/build_tools success Errors and warnings before: 26 (+0) this patch: 26 (+0)
netdev/cc_maintainers warning 5 maintainers not CCed: mykolal@fb.com memxor@gmail.com linux-kselftest@vger.kernel.org shuah@kernel.org xukuohai@huawei.com
netdev/build_clang success Errors and warnings before: 0 this patch: 0
netdev/verify_signedoff fail author Signed-off-by missing
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 0 this patch: 0
netdev/checkpatch fail ERROR: Unrecognized email address: 'Blaise Boscaccy bboscaccy@linux.microsoft.com' WARNING: line length of 83 exceeds 80 columns WARNING: line length of 87 exceeds 80 columns WARNING: line length of 88 exceeds 80 columns WARNING: line length of 89 exceeds 80 columns WARNING: line length of 96 exceeds 80 columns
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
bpf/vmtest-bpf-next-VM_Test-8 success Logs for aarch64-gcc / test (test_progs, false, 360) / test_progs on aarch64 with gcc
bpf/vmtest-bpf-next-VM_Test-38 success Logs for x86_64-llvm-17 / test (test_progs_no_alu32, false, 360) / test_progs_no_alu32 on x86_64 with llvm-17
bpf/vmtest-bpf-next-VM_Test-37 success Logs for x86_64-llvm-17 / test (test_progs, false, 360) / test_progs on x86_64 with llvm-17
bpf/vmtest-bpf-next-VM_Test-9 success Logs for aarch64-gcc / test (test_progs_no_alu32, false, 360) / test_progs_no_alu32 on aarch64 with gcc
bpf/vmtest-bpf-next-VM_Test-16 success Logs for s390x-gcc / test (test_progs, false, 360) / test_progs on s390x with gcc
bpf/vmtest-bpf-next-VM_Test-17 success Logs for s390x-gcc / test (test_progs_no_alu32, false, 360) / test_progs_no_alu32 on s390x with gcc
bpf/vmtest-bpf-next-VM_Test-12 success Logs for aarch64-gcc / veristat-meta
bpf/vmtest-bpf-next-VM_Test-15 success Logs for s390x-gcc / build-release
bpf/vmtest-bpf-next-VM_Test-0 success Logs for Lint
bpf/vmtest-bpf-next-VM_Test-13 success Logs for s390x-gcc / GCC BPF
bpf/vmtest-bpf-next-VM_Test-2 success Logs for Unittests
bpf/vmtest-bpf-next-VM_Test-25 success Logs for x86_64-gcc / test (test_maps, false, 360) / test_maps on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-1 success Logs for ShellCheck
bpf/vmtest-bpf-next-VM_Test-3 success Logs for Validate matrix.py
bpf/vmtest-bpf-next-VM_Test-5 success Logs for aarch64-gcc / build / build for aarch64 with gcc
bpf/vmtest-bpf-next-VM_Test-19 success Logs for s390x-gcc / veristat-kernel
bpf/vmtest-bpf-next-VM_Test-34 success Logs for x86_64-llvm-17 / build / build for x86_64 with llvm-17
bpf/vmtest-bpf-next-VM_Test-35 success Logs for x86_64-llvm-17 / build-release / build for x86_64 with llvm-17-O2
bpf/vmtest-bpf-next-VM_Test-31 success Logs for x86_64-gcc / veristat-kernel / x86_64-gcc veristat_kernel
bpf/vmtest-bpf-next-VM_Test-23 success Logs for x86_64-gcc / build / build for x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-41 success Logs for x86_64-llvm-17 / veristat-meta
bpf/vmtest-bpf-next-VM_Test-40 success Logs for x86_64-llvm-17 / veristat-kernel
bpf/vmtest-bpf-next-VM_Test-21 success Logs for set-matrix
bpf/vmtest-bpf-next-VM_Test-30 success Logs for x86_64-gcc / test (test_verifier, false, 360) / test_verifier on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-24 success Logs for x86_64-gcc / build-release
bpf/vmtest-bpf-next-VM_Test-20 success Logs for s390x-gcc / veristat-meta
bpf/vmtest-bpf-next-VM_Test-44 success Logs for x86_64-llvm-18 / build-release / build for x86_64 with llvm-18-O2
bpf/vmtest-bpf-next-VM_Test-14 success Logs for s390x-gcc / build / build for s390x with gcc
bpf/vmtest-bpf-next-VM_Test-11 success Logs for aarch64-gcc / veristat-kernel
bpf/vmtest-bpf-next-VM_Test-43 success Logs for x86_64-llvm-18 / build / build for x86_64 with llvm-18
bpf/vmtest-bpf-next-VM_Test-6 success Logs for aarch64-gcc / build-release
bpf/vmtest-bpf-next-VM_Test-4 success Logs for aarch64-gcc / GCC BPF
bpf/vmtest-bpf-next-VM_Test-50 success Logs for x86_64-llvm-18 / veristat-kernel
bpf/vmtest-bpf-next-VM_Test-51 success Logs for x86_64-llvm-18 / veristat-meta
bpf/vmtest-bpf-next-VM_Test-49 success Logs for x86_64-llvm-18 / test (test_verifier, false, 360) / test_verifier on x86_64 with llvm-18
bpf/vmtest-bpf-next-VM_Test-28 success Logs for x86_64-gcc / test (test_progs_no_alu32_parallel, true, 30) / test_progs_no_alu32_parallel on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-27 success Logs for x86_64-gcc / test (test_progs_no_alu32, false, 360) / test_progs_no_alu32 on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-33 success Logs for x86_64-llvm-17 / GCC BPF / GCC BPF
bpf/vmtest-bpf-next-VM_Test-46 success Logs for x86_64-llvm-18 / test (test_progs, false, 360) / test_progs on x86_64 with llvm-18
bpf/vmtest-bpf-next-VM_Test-18 success Logs for s390x-gcc / test (test_verifier, false, 360) / test_verifier on s390x with gcc
bpf/vmtest-bpf-next-VM_Test-47 success Logs for x86_64-llvm-18 / test (test_progs_cpuv4, false, 360) / test_progs_cpuv4 on x86_64 with llvm-18
bpf/vmtest-bpf-next-VM_Test-42 success Logs for x86_64-llvm-18 / GCC BPF / GCC BPF
bpf/vmtest-bpf-next-VM_Test-48 success Logs for x86_64-llvm-18 / test (test_progs_no_alu32, false, 360) / test_progs_no_alu32 on x86_64 with llvm-18
bpf/vmtest-bpf-next-VM_Test-45 success Logs for x86_64-llvm-18 / test (test_maps, false, 360) / test_maps on x86_64 with llvm-18
bpf/vmtest-bpf-next-VM_Test-39 success Logs for x86_64-llvm-17 / test (test_verifier, false, 360) / test_verifier on x86_64 with llvm-17
bpf/vmtest-bpf-next-VM_Test-7 success Logs for aarch64-gcc / test (test_maps, false, 360) / test_maps on aarch64 with gcc
bpf/vmtest-bpf-next-VM_Test-36 success Logs for x86_64-llvm-17 / test (test_maps, false, 360) / test_maps on x86_64 with llvm-17
bpf/vmtest-bpf-next-VM_Test-10 success Logs for aarch64-gcc / test (test_verifier, false, 360) / test_verifier on aarch64 with gcc
bpf/vmtest-bpf-next-VM_Test-29 success Logs for x86_64-gcc / test (test_progs_parallel, true, 30) / test_progs_parallel on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-22 success Logs for x86_64-gcc / GCC BPF / GCC BPF
bpf/vmtest-bpf-next-VM_Test-32 success Logs for x86_64-gcc / veristat-meta / x86_64-gcc veristat_meta
bpf/vmtest-bpf-next-VM_Test-26 success Logs for x86_64-gcc / test (test_progs, false, 360) / test_progs on x86_64 with gcc

Commit Message

Blaise Boscaccy March 4, 2025, 8:30 p.m. UTC 
The security_bpf LSM hook now contains a boolean parameter specifying
whether an invocation of the bpf syscall originated from within the
kernel. Here, we update the function signature of relevant test
programs to include that new parameter.

Signed-off-by: Blaise Boscaccy bboscaccy@linux.microsoft.com
---
 tools/testing/selftests/bpf/progs/rcu_read_lock.c           | 3 ++-
 tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c  | 4 ++--
 tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c | 6 +++---
 tools/testing/selftests/bpf/progs/test_lookup_key.c         | 2 +-
 tools/testing/selftests/bpf/progs/test_ptr_untrusted.c      | 2 +-
 tools/testing/selftests/bpf/progs/test_task_under_cgroup.c  | 2 +-
 tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c   | 2 +-
 7 files changed, 11 insertions(+), 10 deletions(-)

Comments

Song Liu March 4, 2025, 11:19 p.m. UTC | #1 
On Tue, Mar 4, 2025 at 12:31 PM Blaise Boscaccy
<bboscaccy@linux.microsoft.com> wrote:
>
> The security_bpf LSM hook now contains a boolean parameter specifying
> whether an invocation of the bpf syscall originated from within the
> kernel. Here, we update the function signature of relevant test
> programs to include that new parameter.
>
> Signed-off-by: Blaise Boscaccy bboscaccy@linux.microsoft.com
^^^ The email address is broken.

> ---
>  tools/testing/selftests/bpf/progs/rcu_read_lock.c           | 3 ++-
>  tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c  | 4 ++--
>  tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c | 6 +++---
>  tools/testing/selftests/bpf/progs/test_lookup_key.c         | 2 +-
>  tools/testing/selftests/bpf/progs/test_ptr_untrusted.c      | 2 +-
>  tools/testing/selftests/bpf/progs/test_task_under_cgroup.c  | 2 +-
>  tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c   | 2 +-
>  7 files changed, 11 insertions(+), 10 deletions(-)

It appears you missed a few of these?

tools/testing/selftests/bpf/progs/rcu_read_lock.c:SEC("?lsm.s/bpf")
tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c:SEC("lsm/bpf")
tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c:SEC("lsm.s/bpf")
tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c:SEC("?lsm.s/bpf")
tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c:SEC("?lsm.s/bpf")
tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c:SEC("lsm.s/bpf")
tools/testing/selftests/bpf/progs/test_libbpf_get_fd_by_id_opts.c:SEC("lsm/bpf_map")
tools/testing/selftests/bpf/progs/test_lookup_key.c:SEC("lsm.s/bpf")
tools/testing/selftests/bpf/progs/test_ptr_untrusted.c:SEC("lsm.s/bpf")
tools/testing/selftests/bpf/progs/test_task_under_cgroup.c:SEC("lsm.s/bpf")
tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c:SEC("lsm.s/bpf")
tools/testing/selftests/bpf/progs/token_lsm.c:SEC("lsm/bpf_token_capable")
tools/testing/selftests/bpf/progs/token_lsm.c:SEC("lsm/bpf_token_cmd")
tools/testing/selftests/bpf/progs/verifier_global_subprogs.c:SEC("?lsm/bpf")
tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")
tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")
tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")
tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")
tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")
tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")
tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")

>
> diff --git a/tools/testing/selftests/bpf/progs/rcu_read_lock.c b/tools/testing/selftests/bpf/progs/rcu_read_lock.c
> index ab3a532b7dd6d..f85d0e282f2ae 100644
> --- a/tools/testing/selftests/bpf/progs/rcu_read_lock.c
> +++ b/tools/testing/selftests/bpf/progs/rcu_read_lock.c
> @@ -242,7 +242,8 @@ int inproper_sleepable_helper(void *ctx)
>  }
>
>  SEC("?lsm.s/bpf")
> -int BPF_PROG(inproper_sleepable_kfunc, int cmd, union bpf_attr *attr, unsigned int size)
> +int BPF_PROG(inproper_sleepable_kfunc, int cmd, union bpf_attr *attr, unsigned int size,
> +            bool is_kernel)
>  {
>         struct bpf_key *bkey;
>
> diff --git a/tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c b/tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c
> index 44628865fe1d4..0e741262138f2 100644
> --- a/tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c
> +++ b/tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c
> @@ -51,13 +51,13 @@ static int bpf_link_create_verify(int cmd)
>  }
>
>  SEC("lsm/bpf")
> -int BPF_PROG(lsm_run, int cmd, union bpf_attr *attr, unsigned int size)
> +int BPF_PROG(lsm_run, int cmd, union bpf_attr *attr, unsigned int size, bool is_kernel)
>  {
>         return bpf_link_create_verify(cmd);
>  }
>
>  SEC("lsm.s/bpf")
> -int BPF_PROG(lsm_s_run, int cmd, union bpf_attr *attr, unsigned int size)
> +int BPF_PROG(lsm_s_run, int cmd, union bpf_attr *attr, unsigned int size, bool is_kernel)
>  {
>         return bpf_link_create_verify(cmd);
>  }
> diff --git a/tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c b/tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c
> index cd4d752bd089c..ce36a55ba5b8b 100644
> --- a/tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c
> +++ b/tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c
> @@ -36,7 +36,7 @@ char _license[] SEC("license") = "GPL";
>
>  SEC("?lsm.s/bpf")
>  __failure __msg("cannot pass in dynptr at an offset=-8")
> -int BPF_PROG(not_valid_dynptr, int cmd, union bpf_attr *attr, unsigned int size)
> +int BPF_PROG(not_valid_dynptr, int cmd, union bpf_attr *attr, unsigned int size, bool is_kernel)
>  {
>         unsigned long val;
>
> @@ -46,7 +46,7 @@ int BPF_PROG(not_valid_dynptr, int cmd, union bpf_attr *attr, unsigned int size)
>
>  SEC("?lsm.s/bpf")
>  __failure __msg("arg#0 expected pointer to stack or const struct bpf_dynptr")
> -int BPF_PROG(not_ptr_to_stack, int cmd, union bpf_attr *attr, unsigned int size)
> +int BPF_PROG(not_ptr_to_stack, int cmd, union bpf_attr *attr, unsigned int size, bool is_kernel)
>  {
>         unsigned long val = 0;
>
> @@ -55,7 +55,7 @@ int BPF_PROG(not_ptr_to_stack, int cmd, union bpf_attr *attr, unsigned int size)
>  }
>
>  SEC("lsm.s/bpf")
> -int BPF_PROG(dynptr_data_null, int cmd, union bpf_attr *attr, unsigned int size)
> +int BPF_PROG(dynptr_data_null, int cmd, union bpf_attr *attr, unsigned int size, bool is_kernel)
>  {
>         struct bpf_key *trusted_keyring;
>         struct bpf_dynptr ptr;
> diff --git a/tools/testing/selftests/bpf/progs/test_lookup_key.c b/tools/testing/selftests/bpf/progs/test_lookup_key.c
> index c73776990ae30..c46077e01a4ca 100644
> --- a/tools/testing/selftests/bpf/progs/test_lookup_key.c
> +++ b/tools/testing/selftests/bpf/progs/test_lookup_key.c
> @@ -23,7 +23,7 @@ extern struct bpf_key *bpf_lookup_system_key(__u64 id) __ksym;
>  extern void bpf_key_put(struct bpf_key *key) __ksym;
>
>  SEC("lsm.s/bpf")
> -int BPF_PROG(bpf, int cmd, union bpf_attr *attr, unsigned int size)
> +int BPF_PROG(bpf, int cmd, union bpf_attr *attr, unsigned int size, bool is_kernel)
>  {
>         struct bpf_key *bkey;
>         __u32 pid;
> diff --git a/tools/testing/selftests/bpf/progs/test_ptr_untrusted.c b/tools/testing/selftests/bpf/progs/test_ptr_untrusted.c
> index 2fdc44e766248..21fce1108a21d 100644
> --- a/tools/testing/selftests/bpf/progs/test_ptr_untrusted.c
> +++ b/tools/testing/selftests/bpf/progs/test_ptr_untrusted.c
> @@ -7,7 +7,7 @@
>  char tp_name[128];
>
>  SEC("lsm.s/bpf")
> -int BPF_PROG(lsm_run, int cmd, union bpf_attr *attr, unsigned int size)
> +int BPF_PROG(lsm_run, int cmd, union bpf_attr *attr, unsigned int size, bool is_kernel)
>  {
>         switch (cmd) {
>         case BPF_RAW_TRACEPOINT_OPEN:
> diff --git a/tools/testing/selftests/bpf/progs/test_task_under_cgroup.c b/tools/testing/selftests/bpf/progs/test_task_under_cgroup.c
> index 7e750309ce274..18ad24a851c6c 100644
> --- a/tools/testing/selftests/bpf/progs/test_task_under_cgroup.c
> +++ b/tools/testing/selftests/bpf/progs/test_task_under_cgroup.c
> @@ -49,7 +49,7 @@ int BPF_PROG(tp_btf_run, struct task_struct *task, u64 clone_flags)
>  }
>
>  SEC("lsm.s/bpf")
> -int BPF_PROG(lsm_run, int cmd, union bpf_attr *attr, unsigned int size)
> +int BPF_PROG(lsm_run, int cmd, union bpf_attr *attr, unsigned int size, bool is_kernel)
>  {
>         struct cgroup *cgrp = NULL;
>         struct task_struct *task;
> diff --git a/tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c b/tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c
> index 12034a73ee2d2..135665f011c7e 100644
> --- a/tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c
> +++ b/tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c
> @@ -37,7 +37,7 @@ struct {
>  char _license[] SEC("license") = "GPL";
>
>  SEC("lsm.s/bpf")
> -int BPF_PROG(bpf, int cmd, union bpf_attr *attr, unsigned int size)
> +int BPF_PROG(bpf, int cmd, union bpf_attr *attr, unsigned int size, bool is_kernel)
>  {
>         struct bpf_dynptr data_ptr, sig_ptr;
>         struct data *data_val;
> --
> 2.48.1
>
Blaise Boscaccy March 5, 2025, 12:36 a.m. UTC | #2 
Song Liu <song@kernel.org> writes:

> On Tue, Mar 4, 2025 at 12:31 PM Blaise Boscaccy
> <bboscaccy@linux.microsoft.com> wrote:
>>
>> The security_bpf LSM hook now contains a boolean parameter specifying
>> whether an invocation of the bpf syscall originated from within the
>> kernel. Here, we update the function signature of relevant test
>> programs to include that new parameter.
>>
>> Signed-off-by: Blaise Boscaccy bboscaccy@linux.microsoft.com
> ^^^ The email address is broken.
>

Whoops, appologies, will get that fixed. 

>> ---
>>  tools/testing/selftests/bpf/progs/rcu_read_lock.c           | 3 ++-
>>  tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c  | 4 ++--
>>  tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c | 6 +++---
>>  tools/testing/selftests/bpf/progs/test_lookup_key.c         | 2 +-
>>  tools/testing/selftests/bpf/progs/test_ptr_untrusted.c      | 2 +-
>>  tools/testing/selftests/bpf/progs/test_task_under_cgroup.c  | 2 +-
>>  tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c   | 2 +-
>>  7 files changed, 11 insertions(+), 10 deletions(-)
>
> It appears you missed a few of these?
>

Some of these don't require any changes. I ran into this as well while doing a
search. 

These are all accounted for in the patch. 
> tools/testing/selftests/bpf/progs/rcu_read_lock.c:SEC("?lsm.s/bpf")
> tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c:SEC("lsm/bpf")
> tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c:SEC("lsm.s/bpf")
> tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c:SEC("?lsm.s/bpf")
> tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c:SEC("?lsm.s/bpf")
> tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c:SEC("lsm.s/bpf")

security_bpf_map wasn't altered, it can't be called from the kernel. No
changes needed.
> tools/testing/selftests/bpf/progs/test_libbpf_get_fd_by_id_opts.c:SEC("lsm/bpf_map")

These are also all accounted for in the patch. 
> tools/testing/selftests/bpf/progs/test_lookup_key.c:SEC("lsm.s/bpf")
> tools/testing/selftests/bpf/progs/test_ptr_untrusted.c:SEC("lsm.s/bpf")
> tools/testing/selftests/bpf/progs/test_task_under_cgroup.c:SEC("lsm.s/bpf")
> tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c:SEC("lsm.s/bpf")

bpf_token_cmd and bpf_token_capabable aren't callable from the kernel,
no changes to that hook either currently.

> tools/testing/selftests/bpf/progs/token_lsm.c:SEC("lsm/bpf_token_capable")
> tools/testing/selftests/bpf/progs/token_lsm.c:SEC("lsm/bpf_token_cmd")


This program doesn't take any parameters currently.
> tools/testing/selftests/bpf/progs/verifier_global_subprogs.c:SEC("?lsm/bpf")

These are all naked calls that don't take any explicit parameters.
> tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")
> tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")
> tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")
> tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")
> tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")
> tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")
> tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")
>

-blaise

>>
>> diff --git a/tools/testing/selftests/bpf/progs/rcu_read_lock.c b/tools/testing/selftests/bpf/progs/rcu_read_lock.c
>> index ab3a532b7dd6d..f85d0e282f2ae 100644
>> --- a/tools/testing/selftests/bpf/progs/rcu_read_lock.c
>> +++ b/tools/testing/selftests/bpf/progs/rcu_read_lock.c
>> @@ -242,7 +242,8 @@ int inproper_sleepable_helper(void *ctx)
>>  }
>>
>>  SEC("?lsm.s/bpf")
>> -int BPF_PROG(inproper_sleepable_kfunc, int cmd, union bpf_attr *attr, unsigned int size)
>> +int BPF_PROG(inproper_sleepable_kfunc, int cmd, union bpf_attr *attr, unsigned int size,
>> +            bool is_kernel)
>>  {
>>         struct bpf_key *bkey;
>>
>> diff --git a/tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c b/tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c
>> index 44628865fe1d4..0e741262138f2 100644
>> --- a/tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c
>> +++ b/tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c
>> @@ -51,13 +51,13 @@ static int bpf_link_create_verify(int cmd)
>>  }
>>
>>  SEC("lsm/bpf")
>> -int BPF_PROG(lsm_run, int cmd, union bpf_attr *attr, unsigned int size)
>> +int BPF_PROG(lsm_run, int cmd, union bpf_attr *attr, unsigned int size, bool is_kernel)
>>  {
>>         return bpf_link_create_verify(cmd);
>>  }
>>
>>  SEC("lsm.s/bpf")
>> -int BPF_PROG(lsm_s_run, int cmd, union bpf_attr *attr, unsigned int size)
>> +int BPF_PROG(lsm_s_run, int cmd, union bpf_attr *attr, unsigned int size, bool is_kernel)
>>  {
>>         return bpf_link_create_verify(cmd);
>>  }
>> diff --git a/tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c b/tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c
>> index cd4d752bd089c..ce36a55ba5b8b 100644
>> --- a/tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c
>> +++ b/tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c
>> @@ -36,7 +36,7 @@ char _license[] SEC("license") = "GPL";
>>
>>  SEC("?lsm.s/bpf")
>>  __failure __msg("cannot pass in dynptr at an offset=-8")
>> -int BPF_PROG(not_valid_dynptr, int cmd, union bpf_attr *attr, unsigned int size)
>> +int BPF_PROG(not_valid_dynptr, int cmd, union bpf_attr *attr, unsigned int size, bool is_kernel)
>>  {
>>         unsigned long val;
>>
>> @@ -46,7 +46,7 @@ int BPF_PROG(not_valid_dynptr, int cmd, union bpf_attr *attr, unsigned int size)
>>
>>  SEC("?lsm.s/bpf")
>>  __failure __msg("arg#0 expected pointer to stack or const struct bpf_dynptr")
>> -int BPF_PROG(not_ptr_to_stack, int cmd, union bpf_attr *attr, unsigned int size)
>> +int BPF_PROG(not_ptr_to_stack, int cmd, union bpf_attr *attr, unsigned int size, bool is_kernel)
>>  {
>>         unsigned long val = 0;
>>
>> @@ -55,7 +55,7 @@ int BPF_PROG(not_ptr_to_stack, int cmd, union bpf_attr *attr, unsigned int size)
>>  }
>>
>>  SEC("lsm.s/bpf")
>> -int BPF_PROG(dynptr_data_null, int cmd, union bpf_attr *attr, unsigned int size)
>> +int BPF_PROG(dynptr_data_null, int cmd, union bpf_attr *attr, unsigned int size, bool is_kernel)
>>  {
>>         struct bpf_key *trusted_keyring;
>>         struct bpf_dynptr ptr;
>> diff --git a/tools/testing/selftests/bpf/progs/test_lookup_key.c b/tools/testing/selftests/bpf/progs/test_lookup_key.c
>> index c73776990ae30..c46077e01a4ca 100644
>> --- a/tools/testing/selftests/bpf/progs/test_lookup_key.c
>> +++ b/tools/testing/selftests/bpf/progs/test_lookup_key.c
>> @@ -23,7 +23,7 @@ extern struct bpf_key *bpf_lookup_system_key(__u64 id) __ksym;
>>  extern void bpf_key_put(struct bpf_key *key) __ksym;
>>
>>  SEC("lsm.s/bpf")
>> -int BPF_PROG(bpf, int cmd, union bpf_attr *attr, unsigned int size)
>> +int BPF_PROG(bpf, int cmd, union bpf_attr *attr, unsigned int size, bool is_kernel)
>>  {
>>         struct bpf_key *bkey;
>>         __u32 pid;
>> diff --git a/tools/testing/selftests/bpf/progs/test_ptr_untrusted.c b/tools/testing/selftests/bpf/progs/test_ptr_untrusted.c
>> index 2fdc44e766248..21fce1108a21d 100644
>> --- a/tools/testing/selftests/bpf/progs/test_ptr_untrusted.c
>> +++ b/tools/testing/selftests/bpf/progs/test_ptr_untrusted.c
>> @@ -7,7 +7,7 @@
>>  char tp_name[128];
>>
>>  SEC("lsm.s/bpf")
>> -int BPF_PROG(lsm_run, int cmd, union bpf_attr *attr, unsigned int size)
>> +int BPF_PROG(lsm_run, int cmd, union bpf_attr *attr, unsigned int size, bool is_kernel)
>>  {
>>         switch (cmd) {
>>         case BPF_RAW_TRACEPOINT_OPEN:
>> diff --git a/tools/testing/selftests/bpf/progs/test_task_under_cgroup.c b/tools/testing/selftests/bpf/progs/test_task_under_cgroup.c
>> index 7e750309ce274..18ad24a851c6c 100644
>> --- a/tools/testing/selftests/bpf/progs/test_task_under_cgroup.c
>> +++ b/tools/testing/selftests/bpf/progs/test_task_under_cgroup.c
>> @@ -49,7 +49,7 @@ int BPF_PROG(tp_btf_run, struct task_struct *task, u64 clone_flags)
>>  }
>>
>>  SEC("lsm.s/bpf")
>> -int BPF_PROG(lsm_run, int cmd, union bpf_attr *attr, unsigned int size)
>> +int BPF_PROG(lsm_run, int cmd, union bpf_attr *attr, unsigned int size, bool is_kernel)
>>  {
>>         struct cgroup *cgrp = NULL;
>>         struct task_struct *task;
>> diff --git a/tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c b/tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c
>> index 12034a73ee2d2..135665f011c7e 100644
>> --- a/tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c
>> +++ b/tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c
>> @@ -37,7 +37,7 @@ struct {
>>  char _license[] SEC("license") = "GPL";
>>
>>  SEC("lsm.s/bpf")
>> -int BPF_PROG(bpf, int cmd, union bpf_attr *attr, unsigned int size)
>> +int BPF_PROG(bpf, int cmd, union bpf_attr *attr, unsigned int size, bool is_kernel)
>>  {
>>         struct bpf_dynptr data_ptr, sig_ptr;
>>         struct data *data_val;
>> --
>> 2.48.1
>>
Paul Moore March 5, 2025, 12:40 a.m. UTC | #3 
On Tue, Mar 4, 2025 at 3:31 PM Blaise Boscaccy
<bboscaccy@linux.microsoft.com> wrote:
>
> The security_bpf LSM hook now contains a boolean parameter specifying
> whether an invocation of the bpf syscall originated from within the
> kernel. Here, we update the function signature of relevant test
> programs to include that new parameter.
>
> Signed-off-by: Blaise Boscaccy bboscaccy@linux.microsoft.com
> ---
>  tools/testing/selftests/bpf/progs/rcu_read_lock.c           | 3 ++-
>  tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c  | 4 ++--
>  tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c | 6 +++---
>  tools/testing/selftests/bpf/progs/test_lookup_key.c         | 2 +-
>  tools/testing/selftests/bpf/progs/test_ptr_untrusted.c      | 2 +-
>  tools/testing/selftests/bpf/progs/test_task_under_cgroup.c  | 2 +-
>  tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c   | 2 +-
>  7 files changed, 11 insertions(+), 10 deletions(-)

I see that Song requested that the changes in this patch be split out
back in the v3 revision, will that cause git bisect issues if patch
1/2 is applied but patch 2/2 is not, or is there some BPF magic that
ensures that the selftests will still run properly?
Blaise Boscaccy March 5, 2025, 1:25 a.m. UTC | #4 
Paul Moore <paul@paul-moore.com> writes:

> On Tue, Mar 4, 2025 at 3:31 PM Blaise Boscaccy
> <bboscaccy@linux.microsoft.com> wrote:
>>
>> The security_bpf LSM hook now contains a boolean parameter specifying
>> whether an invocation of the bpf syscall originated from within the
>> kernel. Here, we update the function signature of relevant test
>> programs to include that new parameter.
>>
>> Signed-off-by: Blaise Boscaccy bboscaccy@linux.microsoft.com
>> ---
>>  tools/testing/selftests/bpf/progs/rcu_read_lock.c           | 3 ++-
>>  tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c  | 4 ++--
>>  tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c | 6 +++---
>>  tools/testing/selftests/bpf/progs/test_lookup_key.c         | 2 +-
>>  tools/testing/selftests/bpf/progs/test_ptr_untrusted.c      | 2 +-
>>  tools/testing/selftests/bpf/progs/test_task_under_cgroup.c  | 2 +-
>>  tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c   | 2 +-
>>  7 files changed, 11 insertions(+), 10 deletions(-)
>
> I see that Song requested that the changes in this patch be split out
> back in the v3 revision, will that cause git bisect issues if patch
> 1/2 is applied but patch 2/2 is not, or is there some BPF magic that
> ensures that the selftests will still run properly?
>

So there isn't any type checking in the bpf program's function
arguments against the LSM hook definitions, so it shouldn't cause any
build issues. To the best of my knowledge, the new is_kernel boolean
flag will end up living in r3. None of the current tests reference
that parameter, so if we bisected and ended up on the previous commit,
the bpf test programs would in a worst-case scenario simply clobber that
register, which shouldn't effect any test outcomes unless a test program
was somehow dependent on an uninitialized value in a scratch register. 

-blaise

> -- 
> paul-moore.com
Paul Moore March 5, 2025, 2:14 a.m. UTC | #5 
On Tue, Mar 4, 2025 at 8:26 PM Blaise Boscaccy
<bboscaccy@linux.microsoft.com> wrote:
> Paul Moore <paul@paul-moore.com> writes:
> > On Tue, Mar 4, 2025 at 3:31 PM Blaise Boscaccy
> > <bboscaccy@linux.microsoft.com> wrote:
> >>
> >> The security_bpf LSM hook now contains a boolean parameter specifying
> >> whether an invocation of the bpf syscall originated from within the
> >> kernel. Here, we update the function signature of relevant test
> >> programs to include that new parameter.
> >>
> >> Signed-off-by: Blaise Boscaccy bboscaccy@linux.microsoft.com
> >> ---
> >>  tools/testing/selftests/bpf/progs/rcu_read_lock.c           | 3 ++-
> >>  tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c  | 4 ++--
> >>  tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c | 6 +++---
> >>  tools/testing/selftests/bpf/progs/test_lookup_key.c         | 2 +-
> >>  tools/testing/selftests/bpf/progs/test_ptr_untrusted.c      | 2 +-
> >>  tools/testing/selftests/bpf/progs/test_task_under_cgroup.c  | 2 +-
> >>  tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c   | 2 +-
> >>  7 files changed, 11 insertions(+), 10 deletions(-)
> >
> > I see that Song requested that the changes in this patch be split out
> > back in the v3 revision, will that cause git bisect issues if patch
> > 1/2 is applied but patch 2/2 is not, or is there some BPF magic that
> > ensures that the selftests will still run properly?
> >
>
> So there isn't any type checking in the bpf program's function
> arguments against the LSM hook definitions, so it shouldn't cause any
> build issues. To the best of my knowledge, the new is_kernel boolean
> flag will end up living in r3. None of the current tests reference
> that parameter, so if we bisected and ended up on the previous commit,
> the bpf test programs would in a worst-case scenario simply clobber that
> register, which shouldn't effect any test outcomes unless a test program
> was somehow dependent on an uninitialized value in a scratch register.

Esh.  With that in mind, I'd argue that the two patches really should
just be one patch as you did before.  The patches are both pretty
small and obviously related so it really shouldn't be an issue.

However, since we need this patchset in order to properly implement
BPF signature verification I'm not going to make a fuss if Song feels
strongly that the selftest changes should be split into their own
patch.
Song Liu March 5, 2025, 3:27 a.m. UTC | #6 
On Tue, Mar 4, 2025 at 4:36 PM Blaise Boscaccy
<bboscaccy@linux.microsoft.com> wrote:
>
> Song Liu <song@kernel.org> writes:
>
> > On Tue, Mar 4, 2025 at 12:31 PM Blaise Boscaccy
> > <bboscaccy@linux.microsoft.com> wrote:
> >>
> >> The security_bpf LSM hook now contains a boolean parameter specifying
> >> whether an invocation of the bpf syscall originated from within the
> >> kernel. Here, we update the function signature of relevant test
> >> programs to include that new parameter.
> >>
> >> Signed-off-by: Blaise Boscaccy bboscaccy@linux.microsoft.com
> > ^^^ The email address is broken.
> >
>
> Whoops, appologies, will get that fixed.
>
> >> ---
> >>  tools/testing/selftests/bpf/progs/rcu_read_lock.c           | 3 ++-
> >>  tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c  | 4 ++--
> >>  tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c | 6 +++---
> >>  tools/testing/selftests/bpf/progs/test_lookup_key.c         | 2 +-
> >>  tools/testing/selftests/bpf/progs/test_ptr_untrusted.c      | 2 +-
> >>  tools/testing/selftests/bpf/progs/test_task_under_cgroup.c  | 2 +-
> >>  tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c   | 2 +-
> >>  7 files changed, 11 insertions(+), 10 deletions(-)
> >
> > It appears you missed a few of these?
> >
>
> Some of these don't require any changes. I ran into this as well while doing a
> search.
>
> These are all accounted for in the patch.
> > tools/testing/selftests/bpf/progs/rcu_read_lock.c:SEC("?lsm.s/bpf")
> > tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c:SEC("lsm/bpf")
> > tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c:SEC("lsm.s/bpf")
> > tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c:SEC("?lsm.s/bpf")
> > tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c:SEC("?lsm.s/bpf")
> > tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c:SEC("lsm.s/bpf")
>
> security_bpf_map wasn't altered, it can't be called from the kernel. No
> changes needed.
> > tools/testing/selftests/bpf/progs/test_libbpf_get_fd_by_id_opts.c:SEC("lsm/bpf_map")
>
> These are also all accounted for in the patch.
> > tools/testing/selftests/bpf/progs/test_lookup_key.c:SEC("lsm.s/bpf")
> > tools/testing/selftests/bpf/progs/test_ptr_untrusted.c:SEC("lsm.s/bpf")
> > tools/testing/selftests/bpf/progs/test_task_under_cgroup.c:SEC("lsm.s/bpf")
> > tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c:SEC("lsm.s/bpf")
>
> bpf_token_cmd and bpf_token_capabable aren't callable from the kernel,
> no changes to that hook either currently.
>
> > tools/testing/selftests/bpf/progs/token_lsm.c:SEC("lsm/bpf_token_capable")
> > tools/testing/selftests/bpf/progs/token_lsm.c:SEC("lsm/bpf_token_cmd")
>
>
> This program doesn't take any parameters currently.
> > tools/testing/selftests/bpf/progs/verifier_global_subprogs.c:SEC("?lsm/bpf")
>
> These are all naked calls that don't take any explicit parameters.
> > tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")
> > tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")
> > tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")
> > tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")
> > tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")
> > tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")
> > tools/testing/selftests/bpf/progs/verifier_ref_tracking.c:SEC("lsm.s/bpf")

Thanks for the explanation. I think we can keep this part as-is.

Song
Song Liu March 5, 2025, 3:32 a.m. UTC | #7 
On Tue, Mar 4, 2025 at 6:14 PM Paul Moore <paul@paul-moore.com> wrote:
>
> On Tue, Mar 4, 2025 at 8:26 PM Blaise Boscaccy
> <bboscaccy@linux.microsoft.com> wrote:
> > Paul Moore <paul@paul-moore.com> writes:
> > > On Tue, Mar 4, 2025 at 3:31 PM Blaise Boscaccy
> > > <bboscaccy@linux.microsoft.com> wrote:
> > >>
> > >> The security_bpf LSM hook now contains a boolean parameter specifying
> > >> whether an invocation of the bpf syscall originated from within the
> > >> kernel. Here, we update the function signature of relevant test
> > >> programs to include that new parameter.
> > >>
> > >> Signed-off-by: Blaise Boscaccy bboscaccy@linux.microsoft.com
> > >> ---
> > >>  tools/testing/selftests/bpf/progs/rcu_read_lock.c           | 3 ++-
> > >>  tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c  | 4 ++--
> > >>  tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c | 6 +++---
> > >>  tools/testing/selftests/bpf/progs/test_lookup_key.c         | 2 +-
> > >>  tools/testing/selftests/bpf/progs/test_ptr_untrusted.c      | 2 +-
> > >>  tools/testing/selftests/bpf/progs/test_task_under_cgroup.c  | 2 +-
> > >>  tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c   | 2 +-
> > >>  7 files changed, 11 insertions(+), 10 deletions(-)
> > >
> > > I see that Song requested that the changes in this patch be split out
> > > back in the v3 revision, will that cause git bisect issues if patch
> > > 1/2 is applied but patch 2/2 is not, or is there some BPF magic that
> > > ensures that the selftests will still run properly?
> > >
> >
> > So there isn't any type checking in the bpf program's function
> > arguments against the LSM hook definitions, so it shouldn't cause any
> > build issues. To the best of my knowledge, the new is_kernel boolean
> > flag will end up living in r3. None of the current tests reference
> > that parameter, so if we bisected and ended up on the previous commit,
> > the bpf test programs would in a worst-case scenario simply clobber that
> > register, which shouldn't effect any test outcomes unless a test program
> > was somehow dependent on an uninitialized value in a scratch register.
>
> Esh.  With that in mind, I'd argue that the two patches really should
> just be one patch as you did before.  The patches are both pretty
> small and obviously related so it really shouldn't be an issue.
>
> However, since we need this patchset in order to properly implement
> BPF signature verification I'm not going to make a fuss if Song feels
> strongly that the selftest changes should be split into their own
> patch.

On second thought, I think it makes sense to merge the two patches.

Blasie, please update 1/2 based on Paul's comment, merge the two
patches, and resend. You can keep my Acked-by.

Do we need this in the LSM tree before the upcoming merge window?
If not, we would prefer to carry it in bpf-next.

Thanks,
Song
Paul Moore March 5, 2025, 4:12 p.m. UTC | #8 
On Tue, Mar 4, 2025 at 10:32 PM Song Liu <song@kernel.org> wrote:
> On Tue, Mar 4, 2025 at 6:14 PM Paul Moore <paul@paul-moore.com> wrote:
> > On Tue, Mar 4, 2025 at 8:26 PM Blaise Boscaccy
> > <bboscaccy@linux.microsoft.com> wrote:
> > > Paul Moore <paul@paul-moore.com> writes:
> > > > On Tue, Mar 4, 2025 at 3:31 PM Blaise Boscaccy
> > > > <bboscaccy@linux.microsoft.com> wrote:

...

> Do we need this in the LSM tree before the upcoming merge window?
> If not, we would prefer to carry it in bpf-next.

As long as we can send this up to Linus during the upcoming merge
window I'll be happy; if you feel strongly and want to take it via the
BPF tree, that's fine by me.  I'm currently helping someone draft a
patchset to implement the LSM/SELinux access control LSM callbacks for
the BPF tokens and I'm also working on a fix for the LSM framework
initialization code, both efforts may land in a development tree
during the next dev cycle and may cause a merge conflict with Blaise's
changes.  Not that a merge conflict is a terrible thing that we can't
work around, but if we can avoid it I'd be much happier :)

Please do make the /is_kernel/kernel/ change I mentioned in patch 1/2,
and feel free to keep my ACK from this patchset revision.

Thanks everyone!
Alexei Starovoitov March 5, 2025, 5:08 p.m. UTC | #9 
On Wed, Mar 5, 2025 at 8:12 AM Paul Moore <paul@paul-moore.com> wrote:
>
> On Tue, Mar 4, 2025 at 10:32 PM Song Liu <song@kernel.org> wrote:
> > On Tue, Mar 4, 2025 at 6:14 PM Paul Moore <paul@paul-moore.com> wrote:
> > > On Tue, Mar 4, 2025 at 8:26 PM Blaise Boscaccy
> > > <bboscaccy@linux.microsoft.com> wrote:
> > > > Paul Moore <paul@paul-moore.com> writes:
> > > > > On Tue, Mar 4, 2025 at 3:31 PM Blaise Boscaccy
> > > > > <bboscaccy@linux.microsoft.com> wrote:
>
> ...
>
> > Do we need this in the LSM tree before the upcoming merge window?
> > If not, we would prefer to carry it in bpf-next.
>
> As long as we can send this up to Linus during the upcoming merge
> window I'll be happy; if you feel strongly and want to take it via the
> BPF tree, that's fine by me.  I'm currently helping someone draft a
> patchset to implement the LSM/SELinux access control LSM callbacks for
> the BPF tokens and I'm also working on a fix for the LSM framework
> initialization code, both efforts may land in a development tree
> during the next dev cycle and may cause a merge conflict with Blaise's
> changes.  Not that a merge conflict is a terrible thing that we can't
> work around, but if we can avoid it I'd be much happier :)
>
> Please do make the /is_kernel/kernel/ change I mentioned in patch 1/2,
> and feel free to keep my ACK from this patchset revision.

My preference is to go via bpf-next, since changes are bigger
on bpf side than on lsm side.

Re: selftest.

Why change them at all if 'bool kernel' attribute is unused ?
Addition of the attr should be backward compatible change,
so all tests should still pass as-is.

You probably should add a new test where 'kernel' arg is actually
used for something. That would be patch 2.
Song Liu March 5, 2025, 5:20 p.m. UTC | #10 
On Wed, Mar 5, 2025 at 9:08 AM Alexei Starovoitov
<alexei.starovoitov@gmail.com> wrote:
[...]
> My preference is to go via bpf-next, since changes are bigger
> on bpf side than on lsm side.
>
> Re: selftest.
>
> Why change them at all if 'bool kernel' attribute is unused ?
> Addition of the attr should be backward compatible change,
> so all tests should still pass as-is.

I was thinking of keeping the argument list in the selftests up
to date, so that the users can use selftests as examples when
writing their BPF programs.

OTOH, with the "bool kernel" at the end of the argument list,
it is backward compatible.

> You probably should add a new test where 'kernel' arg is actually
> used for something. That would be patch 2.

+1. This is a great idea.

Thanks,
Song
diff mbox series

Patch

diff --git a/tools/testing/selftests/bpf/progs/rcu_read_lock.c b/tools/testing/selftests/bpf/progs/rcu_read_lock.c
index ab3a532b7dd6d..f85d0e282f2ae 100644
--- a/tools/testing/selftests/bpf/progs/rcu_read_lock.c
+++ b/tools/testing/selftests/bpf/progs/rcu_read_lock.c
@@ -242,7 +242,8 @@  int inproper_sleepable_helper(void *ctx)
 }
 
 SEC("?lsm.s/bpf")
-int BPF_PROG(inproper_sleepable_kfunc, int cmd, union bpf_attr *attr, unsigned int size)
+int BPF_PROG(inproper_sleepable_kfunc, int cmd, union bpf_attr *attr, unsigned int size,
+	     bool is_kernel)
 {
 	struct bpf_key *bkey;
 
diff --git a/tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c b/tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c
index 44628865fe1d4..0e741262138f2 100644
--- a/tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c
+++ b/tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c
@@ -51,13 +51,13 @@  static int bpf_link_create_verify(int cmd)
 }
 
 SEC("lsm/bpf")
-int BPF_PROG(lsm_run, int cmd, union bpf_attr *attr, unsigned int size)
+int BPF_PROG(lsm_run, int cmd, union bpf_attr *attr, unsigned int size, bool is_kernel)
 {
 	return bpf_link_create_verify(cmd);
 }
 
 SEC("lsm.s/bpf")
-int BPF_PROG(lsm_s_run, int cmd, union bpf_attr *attr, unsigned int size)
+int BPF_PROG(lsm_s_run, int cmd, union bpf_attr *attr, unsigned int size, bool is_kernel)
 {
 	return bpf_link_create_verify(cmd);
 }
diff --git a/tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c b/tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c
index cd4d752bd089c..ce36a55ba5b8b 100644
--- a/tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c
+++ b/tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c
@@ -36,7 +36,7 @@  char _license[] SEC("license") = "GPL";
 
 SEC("?lsm.s/bpf")
 __failure __msg("cannot pass in dynptr at an offset=-8")
-int BPF_PROG(not_valid_dynptr, int cmd, union bpf_attr *attr, unsigned int size)
+int BPF_PROG(not_valid_dynptr, int cmd, union bpf_attr *attr, unsigned int size, bool is_kernel)
 {
 	unsigned long val;
 
@@ -46,7 +46,7 @@  int BPF_PROG(not_valid_dynptr, int cmd, union bpf_attr *attr, unsigned int size)
 
 SEC("?lsm.s/bpf")
 __failure __msg("arg#0 expected pointer to stack or const struct bpf_dynptr")
-int BPF_PROG(not_ptr_to_stack, int cmd, union bpf_attr *attr, unsigned int size)
+int BPF_PROG(not_ptr_to_stack, int cmd, union bpf_attr *attr, unsigned int size, bool is_kernel)
 {
 	unsigned long val = 0;
 
@@ -55,7 +55,7 @@  int BPF_PROG(not_ptr_to_stack, int cmd, union bpf_attr *attr, unsigned int size)
 }
 
 SEC("lsm.s/bpf")
-int BPF_PROG(dynptr_data_null, int cmd, union bpf_attr *attr, unsigned int size)
+int BPF_PROG(dynptr_data_null, int cmd, union bpf_attr *attr, unsigned int size, bool is_kernel)
 {
 	struct bpf_key *trusted_keyring;
 	struct bpf_dynptr ptr;
diff --git a/tools/testing/selftests/bpf/progs/test_lookup_key.c b/tools/testing/selftests/bpf/progs/test_lookup_key.c
index c73776990ae30..c46077e01a4ca 100644
--- a/tools/testing/selftests/bpf/progs/test_lookup_key.c
+++ b/tools/testing/selftests/bpf/progs/test_lookup_key.c
@@ -23,7 +23,7 @@  extern struct bpf_key *bpf_lookup_system_key(__u64 id) __ksym;
 extern void bpf_key_put(struct bpf_key *key) __ksym;
 
 SEC("lsm.s/bpf")
-int BPF_PROG(bpf, int cmd, union bpf_attr *attr, unsigned int size)
+int BPF_PROG(bpf, int cmd, union bpf_attr *attr, unsigned int size, bool is_kernel)
 {
 	struct bpf_key *bkey;
 	__u32 pid;
diff --git a/tools/testing/selftests/bpf/progs/test_ptr_untrusted.c b/tools/testing/selftests/bpf/progs/test_ptr_untrusted.c
index 2fdc44e766248..21fce1108a21d 100644
--- a/tools/testing/selftests/bpf/progs/test_ptr_untrusted.c
+++ b/tools/testing/selftests/bpf/progs/test_ptr_untrusted.c
@@ -7,7 +7,7 @@ 
 char tp_name[128];
 
 SEC("lsm.s/bpf")
-int BPF_PROG(lsm_run, int cmd, union bpf_attr *attr, unsigned int size)
+int BPF_PROG(lsm_run, int cmd, union bpf_attr *attr, unsigned int size, bool is_kernel)
 {
 	switch (cmd) {
 	case BPF_RAW_TRACEPOINT_OPEN:
diff --git a/tools/testing/selftests/bpf/progs/test_task_under_cgroup.c b/tools/testing/selftests/bpf/progs/test_task_under_cgroup.c
index 7e750309ce274..18ad24a851c6c 100644
--- a/tools/testing/selftests/bpf/progs/test_task_under_cgroup.c
+++ b/tools/testing/selftests/bpf/progs/test_task_under_cgroup.c
@@ -49,7 +49,7 @@  int BPF_PROG(tp_btf_run, struct task_struct *task, u64 clone_flags)
 }
 
 SEC("lsm.s/bpf")
-int BPF_PROG(lsm_run, int cmd, union bpf_attr *attr, unsigned int size)
+int BPF_PROG(lsm_run, int cmd, union bpf_attr *attr, unsigned int size, bool is_kernel)
 {
 	struct cgroup *cgrp = NULL;
 	struct task_struct *task;
diff --git a/tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c b/tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c
index 12034a73ee2d2..135665f011c7e 100644
--- a/tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c
+++ b/tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c
@@ -37,7 +37,7 @@  struct {
 char _license[] SEC("license") = "GPL";
 
 SEC("lsm.s/bpf")
-int BPF_PROG(bpf, int cmd, union bpf_attr *attr, unsigned int size)
+int BPF_PROG(bpf, int cmd, union bpf_attr *attr, unsigned int size, bool is_kernel)
 {
 	struct bpf_dynptr data_ptr, sig_ptr;
 	struct data *data_val;