selftests/bpf: Test that exclusive maps are rejected as iter targets

Add a subtest to map_excl that creates an exclusive map and verifies a
bpf_map_elem iterator cannot be attached to it, which would otherwise
let an unrelated program read and overwrite the map's contents through
the iterator's writable value buffer.

  # LDLIBS=-static PKG_CONFIG='pkg-config --static' ./vmtest.sh -- ./test_progs -t map_excl
  [...]
  ./test_progs -t map_excl
  [    1.704382] bpf_testmod: loading out-of-tree module taints kernel.
  [    1.706068] bpf_testmod: module verification failed: signature and/or required key missing - tainting kernel
  #215/1   map_excl/map_excl_allowed:OK
  #215/2   map_excl/map_excl_denied:OK
  #215/3   map_excl/map_excl_no_map_in_map:OK
  #215/4   map_excl/map_excl_no_map_iter:OK
  #215     map_excl:OK
  Summary: 1/4 PASSED, 0 SKIPPED, 0 FAILED

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/r/20260602133052.423725-5-daniel@iogearbox.net
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

diff --git a/tools/testing/selftests/bpf/prog_tests/map_excl.c b/tools/testing/selftests/bpf/prog_tests/map_excl.c
index a213dd559aaecefed6ecd734718a8c754453d00a..3088668e2e450b1131273a294cefee9941ff5011 100644 (file)
--- a/tools/testing/selftests/bpf/prog_tests/map_excl.c
+++ b/tools/testing/selftests/bpf/prog_tests/map_excl.c
@@ -7,6 +7,7 @@
 #include <bpf/btf.h>
 
 #include "map_excl.skel.h"
+#include "bpf_iter_bpf_array_map.skel.h"
 
 #ifndef SHA256_DIGEST_SIZE
 #define SHA256_DIGEST_SIZE     32
@@ -89,6 +90,42 @@ out:
        close(excl_fd);
 }
 
+static void test_map_excl_no_map_iter(void)
+{
+       __u8 hash[SHA256_DIGEST_SIZE] = {};
+       LIBBPF_OPTS(bpf_map_create_opts, excl_opts,
+                   .excl_prog_hash = hash,
+                   .excl_prog_hash_size = sizeof(hash));
+       DECLARE_LIBBPF_OPTS(bpf_iter_attach_opts, opts);
+       struct bpf_iter_bpf_array_map *skel = NULL;
+       union bpf_iter_link_info linfo;
+       struct bpf_link *link;
+       int excl_fd;
+
+       excl_fd = bpf_map_create(BPF_MAP_TYPE_ARRAY, "excl_iter", 4, 8, 3, &excl_opts);
+       if (!ASSERT_OK_FD(excl_fd, "create exclusive map"))
+               return;
+
+       skel = bpf_iter_bpf_array_map__open_and_load();
+       if (!ASSERT_OK_PTR(skel, "bpf_iter_bpf_array_map__open_and_load"))
+               goto out;
+
+       memset(&linfo, 0, sizeof(linfo));
+       linfo.map.map_fd = excl_fd;
+       opts.link_info = &linfo;
+       opts.link_info_len = sizeof(linfo);
+
+       link = bpf_program__attach_iter(skel->progs.dump_bpf_array_map, &opts);
+       if (!ASSERT_ERR_PTR(link, "reject exclusive map as iter target")) {
+               bpf_link__destroy(link);
+               goto out;
+       }
+       ASSERT_EQ(libbpf_get_error(link), -EPERM, "iter attach errno");
+out:
+       bpf_iter_bpf_array_map__destroy(skel);
+       close(excl_fd);
+}
+
 void test_map_excl(void)
 {
        if (test__start_subtest("map_excl_allowed"))
@@ -97,4 +134,6 @@ void test_map_excl(void)
                test_map_excl_denied();
        if (test__start_subtest("map_excl_no_map_in_map"))
                test_map_excl_no_map_in_map();
+       if (test__start_subtest("map_excl_no_map_iter"))
+               test_map_excl_no_map_iter();
 }