Received: by 2002:a25:ef43:0:0:0:0:0 with SMTP id w3csp16646ybm; Tue, 26 May 2020 09:38:17 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwHd9ul9Go5fEw572PAA3oQN2p94l3AMKXhE7hudsxQko+VIGu3sWlUpXUmWS+zOUFzgnTF X-Received: by 2002:a05:6402:308f:: with SMTP id de15mr21062505edb.108.1590511097284; Tue, 26 May 2020 09:38:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1590511097; cv=none; d=google.com; s=arc-20160816; b=Iia38NKMu8FJGcwK0YAHMc2zRZdEbygrLvJeJomP9iRvmugsDD2gq+MnQOsBoGfdWH MKZQ1LGST/M9NvCN6MGISEvHg1L00GUY9PHHzCMD8iXwgTAZkCGFpV15p09QCxTafP51 rvys76g5ouTCSRnq0B4vtjmIIHXmxeeisDzEVhqro+tbuaCEKWw0fz2tfphSykS0dWjR dS/MX9iDVy09LkCu6JBKp/MlDn4m6Xqgv9Au900uMCpmy6SM5whqqX6rS8nAR8J/DZkM 4hLcrE9MDNFS9HG+NWIk7ETC8fXv2dtgja0diBK5PRPxHZzkkP2XFbWMQ7FymDcIP9Rl TIeA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=9T+fGYjIrocHoQn9oSoKsGF0H0c8LTiGR/HJIjGGQ5g=; b=pKOKdrrR+bxQ3kIxs+hbN+WH7Q6ylseV5d6GrxZWuejRh/GIQXIYLQfDx8ro/qA5+T /dDs0/VFqT2tECqdIV2vILZJhm9GjgHpSCxOoOcCLAeFkwqwpYMoZssAS8WiJLTxXFkR 2G9/xet9jFxCB3yW4qZquPRI1zqGzxE6bTD8HIgCRZVkl7UUSuFt6mwj4fge8dzQqVC4 WTlZbEl2/63b/XXPkzGQ1fE/gVuaUKYYXzNXwDrmZrt3r1tnzfLZ9BD5LBHy80ZD37c5 T94GSqNisPhiw7pItaT18kZUjG3AD2cXtqUJKvSwVHaMXYL1X3JwnstwmYeTESW1Lm12 +6ug== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=ISHwOJQ7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id j93si193308edb.331.2020.05.26.09.37.53; Tue, 26 May 2020 09:38:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=ISHwOJQ7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729936AbgEZQdz (ORCPT + 99 others); Tue, 26 May 2020 12:33:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37820 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729594AbgEZQdn (ORCPT ); Tue, 26 May 2020 12:33:43 -0400 Received: from mail-wr1-x443.google.com (mail-wr1-x443.google.com [IPv6:2a00:1450:4864:20::443]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A9B9CC03E96E for ; Tue, 26 May 2020 09:33:43 -0700 (PDT) Received: by mail-wr1-x443.google.com with SMTP id x14so15672916wrp.2 for ; Tue, 26 May 2020 09:33:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=9T+fGYjIrocHoQn9oSoKsGF0H0c8LTiGR/HJIjGGQ5g=; b=ISHwOJQ7yoeAXDeJtipliYMuixJLDbAElS0n6+t1RahhJtPN89RjWNH9EOeljBsLob PXqSItnQqPaIy728CYXqTtEVNM3vk9cRNckkyBageIcVYaURgARYyWNkJ8gsRfQK09Ns nJym9aDYzIY+PKh1eSVsNpE/3fEmoXYUn2CKE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=9T+fGYjIrocHoQn9oSoKsGF0H0c8LTiGR/HJIjGGQ5g=; b=Cfq7d4Rf5jtFJwqVFbSs2rHLxqIv39icCixHeg5pwk1P6lbl0G1QfEIbp/D/LeIW9d Bjui2RqGqEVTbE4yFoGa6Kcu1dpqED33sDgMtwOEvXIOCuFEQdwctqr0KBu1+7t0m+Aw cnwwcesIxjFXe16IET2xtZVh/NUBrmeXjqgYURnBj8OsXLwz5Af5oK+8jyTVJCzgGV39 lLMRrwJP2Kza2XA5vpted7yNzsEc9cv8+OJ3+4H3LO6IFnom22x6AgVtbfqsG2uTvTK0 LWlbDW3i1hEIqKsyHRgObE7lFMUT9sceJuyY9J8T7MvZRhRJnGzSGJVvfeRLNbOdvWLB Mm8Q== X-Gm-Message-State: AOAM530xqD4trdLjlS9qVtiUncTRPMqyU3QumyPR1/J1sphs/zIECsWU WP0uleWSgA0+E7Au1R/zXqvHA0vuzNM= X-Received: by 2002:a5d:6986:: with SMTP id g6mr15440924wru.27.1590510822179; Tue, 26 May 2020 09:33:42 -0700 (PDT) Received: from kpsingh.zrh.corp.google.com ([81.6.44.51]) by smtp.gmail.com with ESMTPSA id k17sm48654wmj.15.2020.05.26.09.33.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 26 May 2020 09:33:41 -0700 (PDT) From: KP Singh To: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, bpf@vger.kernel.org, linux-security-module@vger.kernel.org Cc: Alexei Starovoitov , Daniel Borkmann , James Morris , Alexander Viro , Martin KaFai Lau , Florent Revest Subject: [PATCH bpf-next 4/4] bpf: Add selftests for local_storage Date: Tue, 26 May 2020 18:33:36 +0200 Message-Id: <20200526163336.63653-5-kpsingh@chromium.org> X-Mailer: git-send-email 2.27.0.rc0.183.gde8f92d652-goog In-Reply-To: <20200526163336.63653-1-kpsingh@chromium.org> References: <20200526163336.63653-1-kpsingh@chromium.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: KP Singh inode_local_storage: * Hook to the file_open and inode_unlink LSM hooks. * Create and unlink a temporary file. * Store some information in the inode's bpf_local_storage during file_open. * Verify that this information exists when the file is unlinked. sk_local_storage: * Hook to the socket_post_create and socket_bind LSM hooks. * Open and bind a socket and set the sk_storage in the socket_post_create hook using the start_server helper. * Verify if the information is set in the socket_bind hook. Signed-off-by: KP Singh --- .../bpf/prog_tests/test_local_storage.c | 60 ++++++++ .../selftests/bpf/progs/local_storage.c | 139 ++++++++++++++++++ 2 files changed, 199 insertions(+) create mode 100644 tools/testing/selftests/bpf/prog_tests/test_local_storage.c create mode 100644 tools/testing/selftests/bpf/progs/local_storage.c diff --git a/tools/testing/selftests/bpf/prog_tests/test_local_storage.c b/tools/testing/selftests/bpf/prog_tests/test_local_storage.c new file mode 100644 index 000000000000..ee4e27473c1d --- /dev/null +++ b/tools/testing/selftests/bpf/prog_tests/test_local_storage.c @@ -0,0 +1,60 @@ +// SPDX-License-Identifier: GPL-2.0 + +/* + * Copyright (C) 2020 Google LLC. + */ + +#include +#include + +#include "local_storage.skel.h" +#include "network_helpers.h" + +int create_and_unlink_file(void) +{ + char fname[PATH_MAX] = "/tmp/fileXXXXXX"; + int fd; + + fd = mkstemp(fname); + if (fd < 0) + return fd; + + close(fd); + unlink(fname); + return 0; +} + +void test_test_local_storage(void) +{ + struct local_storage *skel = NULL; + int err, duration = 0, serv_sk = -1; + + skel = local_storage__open_and_load(); + if (CHECK(!skel, "skel_load", "lsm skeleton failed\n")) + goto close_prog; + + err = local_storage__attach(skel); + if (CHECK(err, "attach", "lsm attach failed: %d\n", err)) + goto close_prog; + + skel->bss->monitored_pid = getpid(); + + err = create_and_unlink_file(); + if (CHECK(err < 0, "exec_cmd", "err %d errno %d\n", err, errno)) + goto close_prog; + + CHECK(!skel->bss->inode_storage_result, "inode_storage_result", + "inode_local_storage not set"); + + serv_sk = start_server(AF_INET6, SOCK_STREAM); + if (CHECK(serv_sk < 0, "start_server", "failed to start server\n")) + goto close_prog; + + CHECK(!skel->bss->sk_storage_result, "sk_storage_result", + "sk_local_storage not set"); + + close(serv_sk); + +close_prog: + local_storage__destroy(skel); +} diff --git a/tools/testing/selftests/bpf/progs/local_storage.c b/tools/testing/selftests/bpf/progs/local_storage.c new file mode 100644 index 000000000000..1aa4ccbe0369 --- /dev/null +++ b/tools/testing/selftests/bpf/progs/local_storage.c @@ -0,0 +1,139 @@ +// SPDX-License-Identifier: GPL-2.0 + +/* + * Copyright 2020 Google LLC. + */ + +#include +#include +#include +#include +#include +#include + +char _license[] SEC("license") = "GPL"; +__u32 _version SEC("version") = 1; + +#define DUMMY_STORAGE_VALUE 0xdeadbeef + +int monitored_pid = 0; +bool inode_storage_result = false; +bool sk_storage_result = false; + +struct dummy_storage { + __u32 value; +}; + +struct { + __uint(type, BPF_MAP_TYPE_INODE_STORAGE); + __uint(map_flags, BPF_F_NO_PREALLOC); + __type(key, int); + __type(value, struct dummy_storage); +} inode_storage_map SEC(".maps"); + +struct { + __uint(type, BPF_MAP_TYPE_SK_STORAGE); + __uint(map_flags, BPF_F_NO_PREALLOC | BPF_F_CLONE); + __type(key, int); + __type(value, struct dummy_storage); +} sk_storage_map SEC(".maps"); + +/* Using vmlinux.h causes the generated BTF to be so big that the object + * load fails at btf__load. + */ +struct sock {} __attribute__((preserve_access_index)); +struct sockaddr {} __attribute__((preserve_access_index)); +struct socket { + struct sock *sk; +} __attribute__((preserve_access_index)); + +struct inode {} __attribute__((preserve_access_index)); +struct dentry { + struct inode *d_inode; +} __attribute__((preserve_access_index)); +struct file { + struct inode *f_inode; +} __attribute__((preserve_access_index)); + + +SEC("lsm/inode_unlink") +int BPF_PROG(unlink_hook, struct inode *dir, struct dentry *victim) +{ + __u32 pid = bpf_get_current_pid_tgid() >> 32; + struct dummy_storage *storage; + + if (pid != monitored_pid) + return 0; + + storage = bpf_inode_storage_get(&inode_storage_map, victim->d_inode, 0, + BPF_SK_STORAGE_GET_F_CREATE); + if (!storage) + return 0; + + if (storage->value == DUMMY_STORAGE_VALUE) + inode_storage_result = true; + + return 0; +} + +SEC("lsm/socket_bind") +int BPF_PROG(socket_bind, struct socket *sock, struct sockaddr *address, + int addrlen) +{ + __u32 pid = bpf_get_current_pid_tgid() >> 32; + struct dummy_storage *storage; + + if (pid != monitored_pid) + return 0; + + storage = bpf_sk_storage_get(&sk_storage_map, sock->sk, 0, + BPF_SK_STORAGE_GET_F_CREATE); + if (!storage) + return 0; + + if (storage->value == DUMMY_STORAGE_VALUE) + sk_storage_result = true; + + return 0; +} + +SEC("lsm/socket_post_create") +int BPF_PROG(socket_post_create, struct socket *sock, int family, int type, + int protocol, int kern) +{ + __u32 pid = bpf_get_current_pid_tgid() >> 32; + struct dummy_storage *storage; + + if (pid != monitored_pid) + return 0; + + storage = bpf_sk_storage_get(&sk_storage_map, sock->sk, 0, + BPF_SK_STORAGE_GET_F_CREATE); + if (!storage) + return 0; + + storage->value = DUMMY_STORAGE_VALUE; + + return 0; +} + +SEC("lsm/file_open") +int BPF_PROG(test_int_hook, struct file *file) +{ + __u32 pid = bpf_get_current_pid_tgid() >> 32; + struct dummy_storage *storage; + + if (pid != monitored_pid) + return 0; + + if (!file->f_inode) + return 0; + + storage = bpf_inode_storage_get(&inode_storage_map, file->f_inode, 0, + BPF_LOCAL_STORAGE_GET_F_CREATE); + if (!storage) + return 0; + + storage->value = DUMMY_STORAGE_VALUE; + return 0; +} -- 2.27.0.rc0.183.gde8f92d652-goog