341f06fddd
Add selftests for two new filesystem kfuncs: 1. bpf_get_file_xattr 2. bpf_get_fsverity_digest These tests simply make sure the two kfuncs work. Another selftest will be added to demonstrate how to use these kfuncs to verify file signature. CONFIG_FS_VERITY is added to selftests config. However, this is not sufficient to guarantee bpf_get_fsverity_digest works. This is because fsverity need to be enabled at file system level (for example, with tune2fs on ext4). If local file system doesn't have this feature enabled, just skip the test. Signed-off-by: Song Liu <song@kernel.org> Link: https://lore.kernel.org/r/20231129234417.856536-6-song@kernel.org Signed-off-by: Alexei Starovoitov <ast@kernel.org>
37 lines
806 B
C
37 lines
806 B
C
// SPDX-License-Identifier: GPL-2.0
|
|
/* Copyright (c) 2023 Meta Platforms, Inc. and affiliates. */
|
|
|
|
#include "vmlinux.h"
|
|
#include <bpf/bpf_helpers.h>
|
|
#include <bpf/bpf_tracing.h>
|
|
#include "bpf_kfuncs.h"
|
|
|
|
char _license[] SEC("license") = "GPL";
|
|
|
|
__u32 monitored_pid;
|
|
__u32 found_xattr;
|
|
|
|
static const char expected_value[] = "hello";
|
|
char value[32];
|
|
|
|
SEC("lsm.s/file_open")
|
|
int BPF_PROG(test_file_open, struct file *f)
|
|
{
|
|
struct bpf_dynptr value_ptr;
|
|
__u32 pid;
|
|
int ret;
|
|
|
|
pid = bpf_get_current_pid_tgid() >> 32;
|
|
if (pid != monitored_pid)
|
|
return 0;
|
|
|
|
bpf_dynptr_from_mem(value, sizeof(value), 0, &value_ptr);
|
|
|
|
ret = bpf_get_file_xattr(f, "user.kfuncs", &value_ptr);
|
|
if (ret != sizeof(expected_value))
|
|
return 0;
|
|
if (bpf_strncmp(value, ret, expected_value))
|
|
return 0;
|
|
found_xattr = 1;
|
|
return 0;
|
|
}
|