selftests/bpf: add positive tests for new VFS based BPF kfuncs

Add a bunch of positive selftests which extensively cover the various
contexts and parameters in which the new VFS based BPF kfuncs may be
used from.

Again, the following VFS based BPF kfuncs are thoroughly tested within
this new selftest:
* struct file *bpf_get_task_exe_file(struct task_struct *);
* void bpf_put_file(struct file *);
* int bpf_path_d_path(struct path *, char *, size_t);

Acked-by: Christian Brauner <brauner@kernel.org>
Acked-by: Song Liu <song@kernel.org>
Signed-off-by: Matt Bobrowski <mattbobrowski@google.com>
Link: https://lore.kernel.org/r/20240731110833.1834742-4-mattbobrowski@google.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

diff --git a/tools/testing/selftests/bpf/prog_tests/verifier.c b/tools/testing/selftests/bpf/prog_tests/verifier.c
index 14d74ba2188e76b4dc2998635596ffc8328d5514..f8f546eba4885473693662f8d9bb69b3e5d3e839 100644 (file)
--- a/tools/testing/selftests/bpf/prog_tests/verifier.c
+++ b/tools/testing/selftests/bpf/prog_tests/verifier.c
@@ -85,6 +85,7 @@
 #include "verifier_value_or_null.skel.h"
 #include "verifier_value_ptr_arith.skel.h"
 #include "verifier_var_off.skel.h"
+#include "verifier_vfs_accept.skel.h"
 #include "verifier_vfs_reject.skel.h"
 #include "verifier_xadd.skel.h"
 #include "verifier_xdp.skel.h"
@@ -206,6 +207,7 @@ void test_verifier_value(void)                { RUN(verifier_value); }
 void test_verifier_value_illegal_alu(void)    { RUN(verifier_value_illegal_alu); }
 void test_verifier_value_or_null(void)        { RUN(verifier_value_or_null); }
 void test_verifier_var_off(void)              { RUN(verifier_var_off); }
+void test_verifier_vfs_accept(void)          { RUN(verifier_vfs_accept); }
 void test_verifier_vfs_reject(void)          { RUN(verifier_vfs_reject); }
 void test_verifier_xadd(void)                 { RUN(verifier_xadd); }
 void test_verifier_xdp(void)                  { RUN(verifier_xdp); }

diff --git a/tools/testing/selftests/bpf/progs/verifier_vfs_accept.c b/tools/testing/selftests/bpf/progs/verifier_vfs_accept.c
new file mode 100644 (file)
index 0000000..a7c0a55
--- /dev/null
+++ b/tools/testing/selftests/bpf/progs/verifier_vfs_accept.c
@@ -0,0 +1,85 @@
+// SPDX-License-Identifier: GPL-2.0
+/* Copyright (c) 2024 Google LLC. */
+
+#include <vmlinux.h>
+#include <bpf/bpf_helpers.h>
+#include <bpf/bpf_tracing.h>
+
+#include "bpf_misc.h"
+#include "bpf_experimental.h"
+
+static char buf[64];
+
+SEC("lsm.s/file_open")
+__success
+int BPF_PROG(get_task_exe_file_and_put_kfunc_from_current_sleepable)
+{
+       struct file *acquired;
+
+       acquired = bpf_get_task_exe_file(bpf_get_current_task_btf());
+       if (!acquired)
+               return 0;
+
+       bpf_put_file(acquired);
+       return 0;
+}
+
+SEC("lsm/file_open")
+__success
+int BPF_PROG(get_task_exe_file_and_put_kfunc_from_current_non_sleepable, struct file *file)
+{
+       struct file *acquired;
+
+       acquired = bpf_get_task_exe_file(bpf_get_current_task_btf());
+       if (!acquired)
+               return 0;
+
+       bpf_put_file(acquired);
+       return 0;
+}
+
+SEC("lsm.s/task_alloc")
+__success
+int BPF_PROG(get_task_exe_file_and_put_kfunc_from_argument,
+            struct task_struct *task)
+{
+       struct file *acquired;
+
+       acquired = bpf_get_task_exe_file(task);
+       if (!acquired)
+               return 0;
+
+       bpf_put_file(acquired);
+       return 0;
+}
+
+SEC("lsm.s/inode_getattr")
+__success
+int BPF_PROG(path_d_path_from_path_argument, struct path *path)
+{
+       int ret;
+
+       ret = bpf_path_d_path(path, buf, sizeof(buf));
+       __sink(ret);
+       return 0;
+}
+
+SEC("lsm.s/file_open")
+__success
+int BPF_PROG(path_d_path_from_file_argument, struct file *file)
+{
+       int ret;
+       struct path *path;
+
+       /* The f_path member is a path which is embedded directly within a
+        * file. Therefore, a pointer to such embedded members are still
+        * recognized by the BPF verifier as being PTR_TRUSTED as it's
+        * essentially PTR_TRUSTED w/ a non-zero fixed offset.
+        */
+       path = &file->f_path;
+       ret = bpf_path_d_path(path, buf, sizeof(buf));
+       __sink(ret);
+       return 0;
+}
+
+char _license[] SEC("license") = "GPL";