Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
MIME-Version: 1.0
References: <20200326142823.26277-1-kpsingh@chromium.org> <20200326142823.26277-8-kpsingh@chromium.org>
In-Reply-To: <20200326142823.26277-8-kpsingh@chromium.org>
From:   Andrii Nakryiko <andrii.nakryiko@gmail.com>
Date:   Thu, 26 Mar 2020 12:24:20 -0700
Message-ID: <CAEf4BzZRe_kFR4yzhPFGgauvYLKvre1reuGp=5=jq_nvQGAayw@mail.gmail.com>
Subject: Re: [PATCH bpf-next v7 7/8] bpf: lsm: Add selftests for BPF_PROG_TYPE_LSM
To:     KP Singh <kpsingh@chromium.org>
Cc:     open list <linux-kernel@vger.kernel.org>,
        bpf <bpf@vger.kernel.org>, linux-security-module@vger.kernel.org,
        Brendan Jackman <jackmanb@google.com>,
        Florent Revest <revest@google.com>,
        Thomas Garnier <thgarnie@google.com>,
        Alexei Starovoitov <ast@kernel.org>,
        Daniel Borkmann <daniel@iogearbox.net>,
        James Morris <jmorris@namei.org>,
        Kees Cook <keescook@chromium.org>,
        Paul Turner <pjt@google.com>, Jann Horn <jannh@google.com>,
        Florent Revest <revest@chromium.org>,
        Brendan Jackman <jackmanb@chromium.org>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk

On Thu, Mar 26, 2020 at 7:30 AM KP Singh <kpsingh@chromium.org> wrote:
>
> From: KP Singh <kpsingh@google.com>
>
> * Load/attach a BPF program that hooks to file_mprotect (int)
>   and bprm_committed_creds (void).
> * Perform an action that triggers the hook.
> * Verify if the audit event was received using the shared global
>   variables for the process executed.
> * Verify if the mprotect returns a -EPERM.
>
> Signed-off-by: KP Singh <kpsingh@google.com>
> Reviewed-by: Brendan Jackman <jackmanb@google.com>
> Reviewed-by: Florent Revest <revest@google.com>
> Reviewed-by: Thomas Garnier <thgarnie@google.com>
> ---

Please fix endlines below. With that:

Acked-by: Andrii Nakryiko <andriin@fb.com>

>  tools/testing/selftests/bpf/config            |  2 +
>  .../selftests/bpf/prog_tests/test_lsm.c       | 86 +++++++++++++++++++
>  tools/testing/selftests/bpf/progs/lsm.c       | 48 +++++++++++
>  3 files changed, 136 insertions(+)
>  create mode 100644 tools/testing/selftests/bpf/prog_tests/test_lsm.c
>  create mode 100644 tools/testing/selftests/bpf/progs/lsm.c
>

[...]

> +void test_test_lsm(void)
> +{
> +       struct lsm *skel = NULL;
> +       int err, duration = 0;
> +
> +       skel = lsm__open_and_load();
> +       if (CHECK(!skel, "skel_load", "lsm skeleton failed\n"))
> +               goto close_prog;
> +
> +       err = lsm__attach(skel);
> +       if (CHECK(err, "attach", "lsm attach failed: %d\n", err))
> +               goto close_prog;
> +
> +       err = exec_cmd(&skel->bss->monitored_pid);
> +       if (CHECK(err < 0, "exec_cmd", "err %d errno %d\n", err, errno))
> +               goto close_prog;
> +
> +       CHECK(skel->bss->bprm_count != 1, "bprm_count", "bprm_count = %d",

\n is missing

> +             skel->bss->bprm_count);
> +
> +       skel->bss->monitored_pid = getpid();
> +
> +       err = heap_mprotect();
> +       if (CHECK(errno != EPERM, "heap_mprotect", "want errno=EPERM, got %d\n",
> +                 errno))
> +               goto close_prog;
> +
> +       CHECK(skel->bss->mprotect_count != 1, "mprotect_count",
> +             "mprotect_count = %d", skel->bss->mprotect_count);

\n is missing

> +
> +close_prog:
> +       lsm__destroy(skel);
> +}

[...]