From: Andrii Nakryiko <andrii@kernel.org>
To: <bpf@vger.kernel.org>
Cc: <linux-security-module@vger.kernel.org>, <keescook@chromium.org>,
<brauner@kernel.org>, <lennart@poettering.net>,
<cyphar@cyphar.com>, <luto@kernel.org>
Subject: [PATCH RESEND bpf-next 03/18] selftests/bpf: add BPF_TOKEN_CREATE test
Date: Fri, 2 Jun 2023 07:59:56 -0700 [thread overview]
Message-ID: <20230602150011.1657856-4-andrii@kernel.org> (raw)
In-Reply-To: <20230602150011.1657856-1-andrii@kernel.org>
Add a subtest validating BPF_TOKEN_CREATE command, pinning/getting BPF
token in/from BPF FS, and creating derived BPF tokens using token_fd
parameter.
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
---
.../testing/selftests/bpf/prog_tests/token.c | 95 +++++++++++++++++++
1 file changed, 95 insertions(+)
create mode 100644 tools/testing/selftests/bpf/prog_tests/token.c
diff --git a/tools/testing/selftests/bpf/prog_tests/token.c b/tools/testing/selftests/bpf/prog_tests/token.c
new file mode 100644
index 000000000000..fe78b558d697
--- /dev/null
+++ b/tools/testing/selftests/bpf/prog_tests/token.c
@@ -0,0 +1,95 @@
+// SPDX-License-Identifier: GPL-2.0
+/* Copyright (c) 2023 Meta Platforms, Inc. and affiliates. */
+#include "linux/bpf.h"
+#include <test_progs.h>
+#include <bpf/btf.h>
+#include "cap_helpers.h"
+
+static int drop_priv_caps(__u64 *old_caps)
+{
+ return cap_disable_effective((1ULL << CAP_BPF) |
+ (1ULL << CAP_PERFMON) |
+ (1ULL << CAP_NET_ADMIN) |
+ (1ULL << CAP_SYS_ADMIN), old_caps);
+}
+
+static int restore_priv_caps(__u64 old_caps)
+{
+ return cap_enable_effective(old_caps, NULL);
+}
+
+#define TOKEN_PATH "/sys/fs/bpf/test_token"
+
+static void subtest_token_create(void)
+{
+ LIBBPF_OPTS(bpf_token_create_opts, opts);
+ int token_fd = 0, limited_token_fd = 0, tmp_fd = 0, err;
+ __u64 old_caps = 0;
+
+ /* create BPF token which allows creating derived BPF tokens */
+ opts.allowed_cmds = 1ULL << BPF_TOKEN_CREATE;
+ token_fd = bpf_token_create(&opts);
+ if (!ASSERT_GT(token_fd, 0, "token_create"))
+ return;
+
+ /* check that IGNORE_UNKNOWN_CMDS flag is respected */
+ opts.flags = BPF_F_TOKEN_IGNORE_UNKNOWN_CMDS;
+ opts.allowed_cmds = ~0ULL; /* any current and future cmd is allowed */
+ tmp_fd = bpf_token_create(&opts);
+ if (!ASSERT_GT(token_fd, 0, "token_create_future_proof"))
+ return;
+ close(tmp_fd);
+ tmp_fd = 0;
+
+ /* validate pinning and getting works as expected */
+ err = bpf_obj_pin(token_fd, TOKEN_PATH);
+ if (!ASSERT_OK(err, "token_pin"))
+ goto cleanup;
+
+ tmp_fd = bpf_obj_get(TOKEN_PATH);
+ ASSERT_GT(tmp_fd, 0, "token_get");
+ close(tmp_fd);
+ tmp_fd = 0;
+ unlink(TOKEN_PATH);
+
+ /* drop privileges to test token_fd passing */
+ if (!ASSERT_OK(drop_priv_caps(&old_caps), "drop_caps"))
+ goto cleanup;
+
+ /* unprivileged BPF_TOKEN_CREATE should fail */
+ tmp_fd = bpf_token_create(NULL);
+ if (!ASSERT_LT(tmp_fd, 0, "token_create_unpriv_fail"))
+ goto cleanup;
+
+ /* unprivileged BPF_TOKEN_CREATE with associated BPF token succeeds */
+ opts.flags = 0;
+ opts.allowed_cmds = 0; /* ask for BPF token which doesn't allow new tokens */
+ opts.token_fd = token_fd;
+ limited_token_fd = bpf_token_create(&opts);
+ if (!ASSERT_GT(limited_token_fd, 0, "token_create_limited"))
+ goto cleanup;
+
+ /* creating yet another token using "limited" BPF token should fail */
+ opts.flags = 0;
+ opts.allowed_cmds = 0;
+ opts.token_fd = limited_token_fd;
+ tmp_fd = bpf_token_create(&opts);
+ if (!ASSERT_LT(tmp_fd, 0, "token_create_from_lim_fail"))
+ goto cleanup;
+
+cleanup:
+ if (tmp_fd)
+ close(tmp_fd);
+ if (token_fd)
+ close(token_fd);
+ if (limited_token_fd)
+ close(limited_token_fd);
+ if (old_caps)
+ ASSERT_OK(restore_priv_caps(old_caps), "restore_caps");
+}
+
+void test_token(void)
+{
+ if (test__start_subtest("token_create"))
+ subtest_token_create();
+}
--
2.34.1
next prev parent reply other threads:[~2023-06-02 15:00 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-02 14:59 [PATCH RESEND bpf-next 00/18] BPF token Andrii Nakryiko
2023-06-02 14:59 ` [PATCH RESEND bpf-next 01/18] bpf: introduce BPF token object Andrii Nakryiko
2023-06-02 17:41 ` kernel test robot
2023-06-02 20:41 ` kernel test robot
2023-06-03 1:32 ` Stanislav Fomichev
2023-06-05 20:56 ` Andrii Nakryiko
2023-06-05 21:48 ` Stanislav Fomichev
2023-06-05 23:00 ` Andrii Nakryiko
2023-06-06 16:58 ` Stanislav Fomichev
2023-06-06 17:04 ` Andrii Nakryiko
2023-06-02 14:59 ` [PATCH RESEND bpf-next 02/18] libbpf: add bpf_token_create() API Andrii Nakryiko
2023-06-02 14:59 ` Andrii Nakryiko [this message]
2023-06-02 14:59 ` [PATCH RESEND bpf-next 04/18] bpf: move unprivileged checks into map_create() and bpf_prog_load() Andrii Nakryiko
2023-06-02 14:59 ` [PATCH RESEND bpf-next 05/18] bpf: inline map creation logic in map_create() function Andrii Nakryiko
2023-06-02 14:59 ` [PATCH RESEND bpf-next 06/18] bpf: centralize permissions checks for all BPF map types Andrii Nakryiko
2023-06-02 15:00 ` [PATCH RESEND bpf-next 07/18] bpf: add BPF token support to BPF_MAP_CREATE command Andrii Nakryiko
2023-06-02 15:00 ` [PATCH RESEND bpf-next 08/18] libbpf: add BPF token support to bpf_map_create() API Andrii Nakryiko
2023-06-02 15:00 ` [PATCH RESEND bpf-next 09/18] selftests/bpf: add BPF token-enabled test for BPF_MAP_CREATE command Andrii Nakryiko
2023-06-02 15:00 ` [PATCH RESEND bpf-next 10/18] bpf: add BPF token support to BPF_BTF_LOAD command Andrii Nakryiko
2023-06-02 15:00 ` [PATCH RESEND bpf-next 11/18] libbpf: add BPF token support to bpf_btf_load() API Andrii Nakryiko
2023-06-02 15:00 ` [PATCH RESEND bpf-next 12/18] selftests/bpf: add BPF token-enabled BPF_BTF_LOAD selftest Andrii Nakryiko
2023-06-02 15:00 ` [PATCH RESEND bpf-next 13/18] bpf: keep BPF_PROG_LOAD permission checks clear of validations Andrii Nakryiko
2023-06-02 15:00 ` [PATCH RESEND bpf-next 14/18] bpf: add BPF token support to BPF_PROG_LOAD command Andrii Nakryiko
2023-06-02 15:00 ` [PATCH RESEND bpf-next 15/18] bpf: take into account BPF token when fetching helper protos Andrii Nakryiko
2023-06-02 18:46 ` kernel test robot
2023-06-02 20:07 ` Andrii Nakryiko
2023-06-02 15:00 ` [PATCH RESEND bpf-next 16/18] bpf: consistenly use BPF token throughout BPF verifier logic Andrii Nakryiko
2023-06-02 15:00 ` [PATCH RESEND bpf-next 17/18] libbpf: add BPF token support to bpf_prog_load() API Andrii Nakryiko
2023-06-02 15:00 ` [PATCH RESEND bpf-next 18/18] selftests/bpf: add BPF token-enabled BPF_PROG_LOAD tests Andrii Nakryiko
2023-06-02 15:55 ` [PATCH RESEND bpf-next 00/18] BPF token Casey Schaufler
2023-06-05 20:41 ` Andrii Nakryiko
2023-06-05 22:26 ` Casey Schaufler
2023-06-05 23:12 ` Andrii Nakryiko
2023-06-06 0:05 ` Casey Schaufler
2023-06-06 16:38 ` Andrii Nakryiko
2023-06-06 20:13 ` Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230602150011.1657856-4-andrii@kernel.org \
--to=andrii@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=brauner@kernel.org \
--cc=cyphar@cyphar.com \
--cc=keescook@chromium.org \
--cc=lennart@poettering.net \
--cc=linux-security-module@vger.kernel.org \
--cc=luto@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).