summaryrefslogtreecommitdiff
path: root/tools/testing/selftests/bpf/progs/lsm_bdev.c
diff options
context:
space:
mode:
Diffstat (limited to 'tools/testing/selftests/bpf/progs/lsm_bdev.c')
-rw-r--r--tools/testing/selftests/bpf/progs/lsm_bdev.c96
1 files changed, 96 insertions, 0 deletions
diff --git a/tools/testing/selftests/bpf/progs/lsm_bdev.c b/tools/testing/selftests/bpf/progs/lsm_bdev.c
new file mode 100644
index 000000000000..45554e6db605
--- /dev/null
+++ b/tools/testing/selftests/bpf/progs/lsm_bdev.c
@@ -0,0 +1,96 @@
+// SPDX-License-Identifier: GPL-2.0
+/* Copyright (c) 2026 Christian Brauner <brauner@kernel.org> */
+
+/*
+ * BPF LSM block device integrity tracker for dm-verity.
+ *
+ * Tracks block devices in a hashmap keyed by bd_dev. When dm-verity
+ * calls security_bdev_setintegrity() during verity_preresume(), the
+ * setintegrity hook records the roothash and signature-validity data.
+ * The free hook cleans up when the device goes away. The alloc hook
+ * counts allocations for test validation.
+ *
+ * The sleepable hooks exercise bpf_copy_from_user() to verify that
+ * the sleepable classification actually permits sleepable helpers.
+ */
+
+#include "vmlinux.h"
+#include <bpf/bpf_helpers.h>
+#include <bpf/bpf_tracing.h>
+
+struct verity_info {
+ __u8 has_roothash; /* LSM_INT_DMVERITY_ROOTHASH seen */
+ __u8 sig_valid; /* LSM_INT_DMVERITY_SIG_VALID value (non-NULL = valid) */
+ __u32 setintegrity_cnt; /* total setintegrity calls for this dev */
+};
+
+struct {
+ __uint(type, BPF_MAP_TYPE_HASH);
+ __uint(max_entries, 64);
+ __type(key, __u32); /* dev_t from bdev->bd_dev */
+ __type(value, struct verity_info);
+} verity_devices SEC(".maps");
+
+/* Global counters exposed to userspace via skeleton bss. */
+int alloc_count;
+
+char _license[] SEC("license") = "GPL";
+
+SEC("lsm.s/bdev_setintegrity")
+int BPF_PROG(bdev_setintegrity, struct block_device *bdev,
+ enum lsm_integrity_type type, const void *value, size_t size)
+{
+ struct verity_info zero = {};
+ struct verity_info *info;
+ __u32 dev;
+ char buf;
+
+ /*
+ * Exercise a sleepable helper to confirm the verifier
+ * allows it in this sleepable hook.
+ */
+ (void)bpf_copy_from_user(&buf, sizeof(buf), NULL);
+
+ dev = bdev->bd_dev;
+
+ info = bpf_map_lookup_elem(&verity_devices, &dev);
+ if (!info) {
+ bpf_map_update_elem(&verity_devices, &dev, &zero, BPF_NOEXIST);
+ info = bpf_map_lookup_elem(&verity_devices, &dev);
+ if (!info)
+ return 0;
+ }
+
+ if (type == LSM_INT_DMVERITY_ROOTHASH)
+ info->has_roothash = 1;
+ else if (type == LSM_INT_DMVERITY_SIG_VALID)
+ info->sig_valid = (value != NULL);
+
+ __sync_fetch_and_add(&info->setintegrity_cnt, 1);
+
+ return 0;
+}
+
+SEC("lsm/bdev_free_security")
+void BPF_PROG(bdev_free_security, struct block_device *bdev)
+{
+ __u32 dev = bdev->bd_dev;
+
+ bpf_map_delete_elem(&verity_devices, &dev);
+}
+
+SEC("lsm.s/bdev_alloc_security")
+int BPF_PROG(bdev_alloc_security, struct block_device *bdev)
+{
+ char buf;
+
+ /*
+ * Exercise a sleepable helper to confirm the verifier
+ * allows it in this sleepable hook.
+ */
+ (void)bpf_copy_from_user(&buf, sizeof(buf), NULL);
+
+ __sync_fetch_and_add(&alloc_count, 1);
+
+ return 0;
+}