diff options
| author | Daniel Borkmann <daniel@iogearbox.net> | 2026-06-02 16:30:52 +0300 |
|---|---|---|
| committer | Alexei Starovoitov <ast@kernel.org> | 2026-06-02 19:46:52 +0300 |
| commit | 8dedd34122d0950c6b69785db0fa740fdbbf5b2c (patch) | |
| tree | 580d603b68b6ef69f51cdef50d7725abdb4cd6d8 | |
| parent | 082c412097716b93ff1365689fc4ddcd1ce8296f (diff) | |
| download | linux-8dedd34122d0950c6b69785db0fa740fdbbf5b2c.tar.xz | |
selftests/bpf: Test that exclusive maps are rejected as iter targets
Add a subtest to map_excl that creates an exclusive map and verifies a
bpf_map_elem iterator cannot be attached to it, which would otherwise
let an unrelated program read and overwrite the map's contents through
the iterator's writable value buffer.
# LDLIBS=-static PKG_CONFIG='pkg-config --static' ./vmtest.sh -- ./test_progs -t map_excl
[...]
./test_progs -t map_excl
[ 1.704382] bpf_testmod: loading out-of-tree module taints kernel.
[ 1.706068] bpf_testmod: module verification failed: signature and/or required key missing - tainting kernel
#215/1 map_excl/map_excl_allowed:OK
#215/2 map_excl/map_excl_denied:OK
#215/3 map_excl/map_excl_no_map_in_map:OK
#215/4 map_excl/map_excl_no_map_iter:OK
#215 map_excl:OK
Summary: 1/4 PASSED, 0 SKIPPED, 0 FAILED
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/r/20260602133052.423725-5-daniel@iogearbox.net
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
| -rw-r--r-- | tools/testing/selftests/bpf/prog_tests/map_excl.c | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/tools/testing/selftests/bpf/prog_tests/map_excl.c b/tools/testing/selftests/bpf/prog_tests/map_excl.c index a213dd559aae..3088668e2e45 100644 --- a/tools/testing/selftests/bpf/prog_tests/map_excl.c +++ b/tools/testing/selftests/bpf/prog_tests/map_excl.c @@ -7,6 +7,7 @@ #include <bpf/btf.h> #include "map_excl.skel.h" +#include "bpf_iter_bpf_array_map.skel.h" #ifndef SHA256_DIGEST_SIZE #define SHA256_DIGEST_SIZE 32 @@ -89,6 +90,42 @@ out: close(excl_fd); } +static void test_map_excl_no_map_iter(void) +{ + __u8 hash[SHA256_DIGEST_SIZE] = {}; + LIBBPF_OPTS(bpf_map_create_opts, excl_opts, + .excl_prog_hash = hash, + .excl_prog_hash_size = sizeof(hash)); + DECLARE_LIBBPF_OPTS(bpf_iter_attach_opts, opts); + struct bpf_iter_bpf_array_map *skel = NULL; + union bpf_iter_link_info linfo; + struct bpf_link *link; + int excl_fd; + + excl_fd = bpf_map_create(BPF_MAP_TYPE_ARRAY, "excl_iter", 4, 8, 3, &excl_opts); + if (!ASSERT_OK_FD(excl_fd, "create exclusive map")) + return; + + skel = bpf_iter_bpf_array_map__open_and_load(); + if (!ASSERT_OK_PTR(skel, "bpf_iter_bpf_array_map__open_and_load")) + goto out; + + memset(&linfo, 0, sizeof(linfo)); + linfo.map.map_fd = excl_fd; + opts.link_info = &linfo; + opts.link_info_len = sizeof(linfo); + + link = bpf_program__attach_iter(skel->progs.dump_bpf_array_map, &opts); + if (!ASSERT_ERR_PTR(link, "reject exclusive map as iter target")) { + bpf_link__destroy(link); + goto out; + } + ASSERT_EQ(libbpf_get_error(link), -EPERM, "iter attach errno"); +out: + bpf_iter_bpf_array_map__destroy(skel); + close(excl_fd); +} + void test_map_excl(void) { if (test__start_subtest("map_excl_allowed")) @@ -97,4 +134,6 @@ void test_map_excl(void) test_map_excl_denied(); if (test__start_subtest("map_excl_no_map_in_map")) test_map_excl_no_map_in_map(); + if (test__start_subtest("map_excl_no_map_iter")) + test_map_excl_no_map_iter(); } |