selftests/bpf: Add tests for exclusive maps

Check if access is denied to another program for an exclusive map

Signed-off-by: KP Singh <kpsingh@kernel.org>
Link: https://lore.kernel.org/r/20250914215141.15144-6-kpsingh@kernel.org
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

diff --git a/tools/testing/selftests/bpf/prog_tests/map_excl.c b/tools/testing/selftests/bpf/prog_tests/map_excl.c
new file mode 100644 (file)
index 0000000..6bdc6d6
--- /dev/null
+++ b/tools/testing/selftests/bpf/prog_tests/map_excl.c
@@ -0,0 +1,54 @@
+// SPDX-License-Identifier: GPL-2.0
+/* Copyright (C) 2025 Google LLC. */
+#define _GNU_SOURCE
+#include <unistd.h>
+#include <sys/syscall.h>
+#include <test_progs.h>
+#include <bpf/btf.h>
+
+#include "map_excl.skel.h"
+
+static void test_map_excl_allowed(void)
+{
+       struct map_excl *skel = map_excl__open();
+       int err;
+
+       err = bpf_map__set_exclusive_program(skel->maps.excl_map, skel->progs.should_have_access);
+       if (!ASSERT_OK(err, "bpf_map__set_exclusive_program"))
+               goto out;
+
+       bpf_program__set_autoload(skel->progs.should_have_access, true);
+       bpf_program__set_autoload(skel->progs.should_not_have_access, false);
+
+       err = map_excl__load(skel);
+       ASSERT_OK(err, "map_excl__load");
+out:
+       map_excl__destroy(skel);
+}
+
+static void test_map_excl_denied(void)
+{
+       struct map_excl *skel = map_excl__open();
+       int err;
+
+       err = bpf_map__set_exclusive_program(skel->maps.excl_map, skel->progs.should_have_access);
+       if (!ASSERT_OK(err, "bpf_map__make_exclusive"))
+               goto out;
+
+       bpf_program__set_autoload(skel->progs.should_have_access, false);
+       bpf_program__set_autoload(skel->progs.should_not_have_access, true);
+
+       err = map_excl__load(skel);
+       ASSERT_EQ(err, -EACCES, "exclusive map access not denied\n");
+out:
+       map_excl__destroy(skel);
+
+}
+
+void test_map_excl(void)
+{
+       if (test__start_subtest("map_excl_allowed"))
+               test_map_excl_allowed();
+       if (test__start_subtest("map_excl_denied"))
+               test_map_excl_denied();
+}

diff --git a/tools/testing/selftests/bpf/progs/map_excl.c b/tools/testing/selftests/bpf/progs/map_excl.c
new file mode 100644 (file)
index 0000000..d461684
--- /dev/null
+++ b/tools/testing/selftests/bpf/progs/map_excl.c
@@ -0,0 +1,34 @@
+// SPDX-License-Identifier: GPL-2.0
+/* Copyright (C) 2025 Google LLC. */
+#include <linux/bpf.h>
+#include <time.h>
+#include <bpf/bpf_helpers.h>
+
+#include "bpf_misc.h"
+
+struct {
+       __uint(type, BPF_MAP_TYPE_ARRAY);
+       __type(key, __u32);
+       __type(value, __u32);
+       __uint(max_entries, 1);
+} excl_map SEC(".maps");
+
+char _license[] SEC("license") = "GPL";
+
+SEC("?fentry.s/" SYS_PREFIX "sys_getpgid")
+int should_have_access(void *ctx)
+{
+       int key = 0, value = 0xdeadbeef;
+
+       bpf_map_update_elem(&excl_map, &key, &value, 0);
+       return 0;
+}
+
+SEC("?fentry.s/" SYS_PREFIX "sys_getpgid")
+int should_not_have_access(void *ctx)
+{
+       int key = 0, value = 0xdeadbeef;
+
+       bpf_map_update_elem(&excl_map, &key, &value, 0);
+       return 0;
+}