summaryrefslogtreecommitdiff
path: root/tools/testing/selftests/bpf/prog_tests/lsm_bdev.c
diff options
context:
space:
mode:
Diffstat (limited to 'tools/testing/selftests/bpf/prog_tests/lsm_bdev.c')
-rw-r--r--tools/testing/selftests/bpf/prog_tests/lsm_bdev.c221
1 files changed, 221 insertions, 0 deletions
diff --git a/tools/testing/selftests/bpf/prog_tests/lsm_bdev.c b/tools/testing/selftests/bpf/prog_tests/lsm_bdev.c
new file mode 100644
index 000000000000..a970798e1173
--- /dev/null
+++ b/tools/testing/selftests/bpf/prog_tests/lsm_bdev.c
@@ -0,0 +1,221 @@
+// SPDX-License-Identifier: GPL-2.0
+/* Copyright (c) 2026 Christian Brauner <brauner@kernel.org> */
+
+/*
+ * Test BPF LSM block device integrity hooks with dm-verity.
+ *
+ * Creates a dm-verity device over loopback, which triggers
+ * security_bdev_setintegrity() during verity_preresume().
+ * Verifies that the BPF program correctly tracks the integrity
+ * metadata in its hashmap.
+ */
+
+#define _GNU_SOURCE
+#include <test_progs.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
+#include "lsm_bdev.skel.h"
+
+/* Must match the definition in progs/lsm_bdev.c. */
+struct verity_info {
+ __u8 has_roothash;
+ __u8 sig_valid;
+ __u32 setintegrity_cnt;
+};
+
+#define DATA_SIZE_MB 8
+#define HASH_SIZE_MB 1
+#define DM_NAME "bpf_test_verity"
+#define DM_DEV_PATH "/dev/mapper/" DM_NAME
+
+/* Run a command and optionally capture the first line of stdout. */
+static int run_cmd(const char *cmd, char *out, size_t out_sz)
+{
+ FILE *fp;
+ int ret;
+
+ fp = popen(cmd, "r");
+ if (!fp)
+ return -1;
+
+ if (out && out_sz > 0) {
+ if (!fgets(out, out_sz, fp))
+ out[0] = '\0';
+ /* strip trailing newline */
+ out[strcspn(out, "\n")] = '\0';
+ }
+
+ ret = pclose(fp);
+ return WIFEXITED(ret) ? WEXITSTATUS(ret) : -1;
+}
+
+static bool has_prerequisites(void)
+{
+ if (getuid() != 0) {
+ printf("SKIP: must be root\n");
+ return false;
+ }
+
+ if (run_cmd("modprobe loop 2>/dev/null", NULL, 0) &&
+ run_cmd("ls /dev/loop-control 2>/dev/null", NULL, 0)) {
+ printf("SKIP: no loop device support\n");
+ return false;
+ }
+
+ if (run_cmd("modprobe dm-verity 2>/dev/null", NULL, 0) &&
+ run_cmd("dmsetup targets 2>/dev/null | grep -q verity", NULL, 0)) {
+ printf("SKIP: dm-verity module not available\n");
+ return false;
+ }
+
+ if (run_cmd("which veritysetup >/dev/null 2>&1", NULL, 0)) {
+ printf("SKIP: veritysetup not found\n");
+ return false;
+ }
+
+ return true;
+}
+
+void test_lsm_bdev(void)
+{
+ char data_img[] = "/tmp/bpf_verity_data_XXXXXX";
+ char hash_img[] = "/tmp/bpf_verity_hash_XXXXXX";
+ char data_loop[64] = {};
+ char hash_loop[64] = {};
+ char roothash[256] = {};
+ char cmd[512];
+ int data_fd = -1, hash_fd = -1;
+ struct lsm_bdev *skel = NULL;
+ struct verity_info val;
+ struct stat st;
+ __u32 dev_key;
+ int err;
+
+ if (!has_prerequisites()) {
+ test__skip();
+ return;
+ }
+
+ /* Clean up any stale device from a previous crashed run. */
+ snprintf(cmd, sizeof(cmd), "dmsetup remove %s 2>/dev/null", DM_NAME);
+ run_cmd(cmd, NULL, 0);
+
+ /* Create temporary image files. */
+ data_fd = mkstemp(data_img);
+ if (!ASSERT_OK_FD(data_fd, "mkstemp data"))
+ return;
+
+ hash_fd = mkstemp(hash_img);
+ if (!ASSERT_OK_FD(hash_fd, "mkstemp hash"))
+ goto cleanup;
+
+ if (!ASSERT_OK(ftruncate(data_fd, DATA_SIZE_MB * 1024 * 1024),
+ "truncate data"))
+ goto cleanup;
+
+ if (!ASSERT_OK(ftruncate(hash_fd, HASH_SIZE_MB * 1024 * 1024),
+ "truncate hash"))
+ goto cleanup;
+
+ close(data_fd);
+ data_fd = -1;
+ close(hash_fd);
+ hash_fd = -1;
+
+ /* Set up loop devices. */
+ snprintf(cmd, sizeof(cmd),
+ "losetup --find --show %s 2>/dev/null", data_img);
+ if (!ASSERT_OK(run_cmd(cmd, data_loop, sizeof(data_loop)),
+ "losetup data"))
+ goto teardown;
+
+ snprintf(cmd, sizeof(cmd),
+ "losetup --find --show %s 2>/dev/null", hash_img);
+ if (!ASSERT_OK(run_cmd(cmd, hash_loop, sizeof(hash_loop)),
+ "losetup hash"))
+ goto teardown;
+
+ /* Format the dm-verity device and capture the root hash. */
+ snprintf(cmd, sizeof(cmd),
+ "veritysetup format %s %s 2>/dev/null | "
+ "grep -i 'root hash' | awk '{print $NF}'",
+ data_loop, hash_loop);
+ if (!ASSERT_OK(run_cmd(cmd, roothash, sizeof(roothash)),
+ "veritysetup format"))
+ goto teardown;
+
+ if (!ASSERT_GT((int)strlen(roothash), 0, "roothash not empty"))
+ goto teardown;
+
+ /* Load and attach BPF program before activating dm-verity. */
+ skel = lsm_bdev__open_and_load();
+ if (!ASSERT_OK_PTR(skel, "skel open_and_load"))
+ goto teardown;
+
+ err = lsm_bdev__attach(skel);
+ if (!ASSERT_OK(err, "skel attach"))
+ goto teardown;
+
+ /* Activate dm-verity — triggers verity_preresume() hooks. */
+ snprintf(cmd, sizeof(cmd),
+ "veritysetup open %s %s %s %s 2>/dev/null",
+ data_loop, DM_NAME, hash_loop, roothash);
+ if (!ASSERT_OK(run_cmd(cmd, NULL, 0), "veritysetup open"))
+ goto teardown;
+
+ /* Get the dm device's dev_t. */
+ if (!ASSERT_OK(stat(DM_DEV_PATH, &st), "stat dm dev"))
+ goto remove_dm;
+
+ dev_key = (__u32)st.st_rdev;
+
+ /* Look up the device in the BPF map and verify. */
+ err = bpf_map__lookup_elem(skel->maps.verity_devices,
+ &dev_key, sizeof(dev_key),
+ &val, sizeof(val), 0);
+ if (!ASSERT_OK(err, "map lookup"))
+ goto remove_dm;
+
+ ASSERT_EQ(val.has_roothash, 1, "has_roothash");
+ ASSERT_EQ(val.sig_valid, 0, "sig_valid (unsigned)");
+ /*
+ * verity_preresume() always calls security_bdev_setintegrity()
+ * for the roothash. The signature-validity call only happens
+ * when CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG is enabled.
+ */
+ ASSERT_GE(val.setintegrity_cnt, 1, "setintegrity_cnt min");
+ ASSERT_LE(val.setintegrity_cnt, 2, "setintegrity_cnt max");
+
+ /* Verify that the alloc hook fired at least once. */
+ ASSERT_GT(skel->bss->alloc_count, 0, "alloc_count");
+
+remove_dm:
+ snprintf(cmd, sizeof(cmd), "dmsetup remove %s 2>/dev/null", DM_NAME);
+ run_cmd(cmd, NULL, 0);
+
+teardown:
+ if (data_loop[0]) {
+ snprintf(cmd, sizeof(cmd), "losetup -d %s 2>/dev/null",
+ data_loop);
+ run_cmd(cmd, NULL, 0);
+ }
+ if (hash_loop[0]) {
+ snprintf(cmd, sizeof(cmd), "losetup -d %s 2>/dev/null",
+ hash_loop);
+ run_cmd(cmd, NULL, 0);
+ }
+
+cleanup:
+ lsm_bdev__destroy(skel);
+ if (data_fd >= 0)
+ close(data_fd);
+ if (hash_fd >= 0)
+ close(hash_fd);
+ unlink(data_img);
+ unlink(hash_img);
+}