Received: by 2002:a17:90a:1609:0:0:0:0 with SMTP id n9csp2272741pja; Thu, 26 Mar 2020 12:25:37 -0700 (PDT) X-Google-Smtp-Source: ADFU+vtsCdp+tfHthsmXY3JGZ5gEVFRhvdEHkWhzkz5ht0TBol//OyH4diRLSqlNyQlbvbAlSXhX X-Received: by 2002:a05:6830:16d1:: with SMTP id l17mr7929139otr.363.1585250737571; Thu, 26 Mar 2020 12:25:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1585250737; cv=none; d=google.com; s=arc-20160816; b=Ho92m2Ef4WZANYGIAT/k94jpm6jTovvjATiN/kuMJAqk96BEEG6FWifVcOxgGqj+Zo xIeeG/Cx9Nc/BgZ30FpnEPD7NoNk+JnSRqhhfwEZdPQQajuCMVAq3ZNz7Y7cw2tEQXDU 5TXmi7J7gxuBM4xL9HmFplyQptD/UA6+SDHXvPeQJw7rsxwIHeXorHTHQlU7YpzvA0Fy T0A18AfIFuUbL1AgQRbBUI9RBaOHfZL7UkdJjNe9ZUtiKDjR9KKTvgnldL34s0rr+uqX PDPXmwOcnmADUS/TWCspOy5l0EsMEuP4bkGlxISD/qfDv9i4uMR7beQRswA6BXTFN2Q/ OezA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=FEhcUh84bEc/ZJo24v7isk+pCzKy0P8TtrN2Mpn38Rk=; b=sqp0SRyTnBGWpJ9WRYiH/CPtwI6kxmJPEQxeIfvPZUhExl9fUpG6TxV8ISlpBbpOiH mpt5D6L42HfnHfkCuxoLwK4xk5A4Yx1MyLYj+wEwWujv31b1CmaO7r8WsO1EyFRlZBUv bwyJ9y141vAgZs8a1xQvtETsufM5ab4rBcUiMHow1WjuumIUUSRV5zPzIwa9ssJUN1vx sCDUgBk8e1OOS+nJ5Ou4EPaKuutPLqxdIcGLJBx7SFIYwgY8gEiOBxI2NBG2VCIYvqoY eB7XyTz6+fe/MN9/MeQXOQhLaWhQquqFHaZb53UXJ+GlMB8DYCk+bfpp2KhvhfzFX35k bYWw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=U2qxRrFn; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d4si1356200ood.77.2020.03.26.12.25.22; Thu, 26 Mar 2020 12:25:37 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=U2qxRrFn; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728547AbgCZTYc (ORCPT + 99 others); Thu, 26 Mar 2020 15:24:32 -0400 Received: from mail-qt1-f194.google.com ([209.85.160.194]:36240 "EHLO mail-qt1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726067AbgCZTYc (ORCPT ); Thu, 26 Mar 2020 15:24:32 -0400 Received: by mail-qt1-f194.google.com with SMTP id m33so6498599qtb.3; Thu, 26 Mar 2020 12:24:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=FEhcUh84bEc/ZJo24v7isk+pCzKy0P8TtrN2Mpn38Rk=; b=U2qxRrFnbEHa2D9PLecSl88ns17wfHcnQxs4UZAG/TJThEFPKfAFBYutyoISMOgNu4 LuF6aIa3gyACxiKe5JgeccNh+IF7VgjP8jvLBS3USw/7qJNYvTyfUEVV1QMdbrsy5xAp G9RuyqJBF1pemXZhkOwJ0I60G8trXLpk60YJQSz1K+crOf/YvDZqhNQDdDlmsUy76LK5 tGDs/xrnm0dYAVFU8gdOFLKArv1jWWhTKSWHKCcLfVBAq0cKcYygzu5+XzaNgCwjqDqW x5U+amugAIUufvuZ219lDV1SG1g29pvI661bPyNuIyfTUNN723VmYA2e4PO5LqcJ4a7a xikA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=FEhcUh84bEc/ZJo24v7isk+pCzKy0P8TtrN2Mpn38Rk=; b=s6EcxWbkRdg+iKVFbif/MoN+t6rnDjLToakkUmMhiy+JkjXgUl75U7w+tfxEW7iwkl m2NU+Uz/ynWC1jvGhGbNDgw8Fmi5GfRxtYNpbs55S5ngxU9WTWwR5ABx7WGzbi4LA9vo EIb+6J9qrB6ryRwr3G4ljVSRxD4yIu7vMHN+KCidRHx29E6c2/c1MHRgaEwCnjFes55c j5lhDjHGUct67AleIi54xJ2AkHyXb/tJKNSqQjRVvGC2KH+7+4Df+11ZXGZzFdTp7uv7 AR/5kFwEepdL1OHMBDQ8mW2xNSSuvDqJNlhwBgFgTMHNdmI5+5F32/exlYgYT92534nL QVdQ== X-Gm-Message-State: ANhLgQ0RBIDGZO35EmthRX0kIZ0dypTVpAWVFQl+L/iCc0TvMQL3aCUY EcxzSN4CDevR9I/6nrZ4usziUvQtEK8Mmw+aYYE= X-Received: by 2002:ac8:7cb0:: with SMTP id z16mr9954834qtv.59.1585250671361; Thu, 26 Mar 2020 12:24:31 -0700 (PDT) MIME-Version: 1.0 References: <20200326142823.26277-1-kpsingh@chromium.org> <20200326142823.26277-8-kpsingh@chromium.org> In-Reply-To: <20200326142823.26277-8-kpsingh@chromium.org> From: Andrii Nakryiko Date: Thu, 26 Mar 2020 12:24:20 -0700 Message-ID: Subject: Re: [PATCH bpf-next v7 7/8] bpf: lsm: Add selftests for BPF_PROG_TYPE_LSM To: KP Singh Cc: open list , bpf , linux-security-module@vger.kernel.org, Brendan Jackman , Florent Revest , Thomas Garnier , Alexei Starovoitov , Daniel Borkmann , James Morris , Kees Cook , Paul Turner , Jann Horn , Florent Revest , Brendan Jackman , Greg Kroah-Hartman Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Mar 26, 2020 at 7:30 AM KP Singh wrote: > > From: KP Singh > > * Load/attach a BPF program that hooks to file_mprotect (int) > and bprm_committed_creds (void). > * Perform an action that triggers the hook. > * Verify if the audit event was received using the shared global > variables for the process executed. > * Verify if the mprotect returns a -EPERM. > > Signed-off-by: KP Singh > Reviewed-by: Brendan Jackman > Reviewed-by: Florent Revest > Reviewed-by: Thomas Garnier > --- Please fix endlines below. With that: Acked-by: Andrii Nakryiko > tools/testing/selftests/bpf/config | 2 + > .../selftests/bpf/prog_tests/test_lsm.c | 86 +++++++++++++++++++ > tools/testing/selftests/bpf/progs/lsm.c | 48 +++++++++++ > 3 files changed, 136 insertions(+) > create mode 100644 tools/testing/selftests/bpf/prog_tests/test_lsm.c > create mode 100644 tools/testing/selftests/bpf/progs/lsm.c > [...] > +void test_test_lsm(void) > +{ > + struct lsm *skel = NULL; > + int err, duration = 0; > + > + skel = lsm__open_and_load(); > + if (CHECK(!skel, "skel_load", "lsm skeleton failed\n")) > + goto close_prog; > + > + err = lsm__attach(skel); > + if (CHECK(err, "attach", "lsm attach failed: %d\n", err)) > + goto close_prog; > + > + err = exec_cmd(&skel->bss->monitored_pid); > + if (CHECK(err < 0, "exec_cmd", "err %d errno %d\n", err, errno)) > + goto close_prog; > + > + CHECK(skel->bss->bprm_count != 1, "bprm_count", "bprm_count = %d", \n is missing > + skel->bss->bprm_count); > + > + skel->bss->monitored_pid = getpid(); > + > + err = heap_mprotect(); > + if (CHECK(errno != EPERM, "heap_mprotect", "want errno=EPERM, got %d\n", > + errno)) > + goto close_prog; > + > + CHECK(skel->bss->mprotect_count != 1, "mprotect_count", > + "mprotect_count = %d", skel->bss->mprotect_count); \n is missing > + > +close_prog: > + lsm__destroy(skel); > +} [...]