tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

selftests/bpf: Add test for bpf_ima_file_hash()

Add new test to ensure that bpf_ima_file_hash() returns the digest of the
executed files.

Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20220302111404.193900-6-roberto.sassu@huawei.com

authored by

Roberto Sassu and committed by
Alexei Starovoitov 27a77d0d 2746de3c

+47 -6
+39 -4
tools/testing/selftests/bpf/prog_tests/test_ima.c
··· 13 13 14 14 #include "ima.skel.h" 15 15 16 + #define MAX_SAMPLES 2 17 + 16 18 static int run_measured_process(const char *measured_dir, u32 *monitored_pid) 17 19 { 18 20 int child_pid, child_status; ··· 34 32 return -EINVAL; 35 33 } 36 34 37 - static u64 ima_hash_from_bpf; 35 + static u64 ima_hash_from_bpf[MAX_SAMPLES]; 36 + static int ima_hash_from_bpf_idx; 38 37 39 38 static int process_sample(void *ctx, void *data, size_t len) 40 39 { 41 - ima_hash_from_bpf = *((u64 *)data); 40 + if (ima_hash_from_bpf_idx >= MAX_SAMPLES) 41 + return -ENOSPC; 42 + 43 + ima_hash_from_bpf[ima_hash_from_bpf_idx++] = *((u64 *)data); 42 44 return 0; 45 + } 46 + 47 + static void test_init(struct ima__bss *bss) 48 + { 49 + ima_hash_from_bpf_idx = 0; 50 + 51 + bss->use_ima_file_hash = false; 43 52 } 44 53 45 54 void test_test_ima(void) ··· 85 72 if (CHECK(err, "failed to run command", "%s, errno = %d\n", cmd, errno)) 86 73 goto close_clean; 87 74 75 + /* 76 + * Test #1 77 + * - Goal: obtain a sample with the bpf_ima_inode_hash() helper 78 + * - Expected result: 1 sample (/bin/true) 79 + */ 80 + test_init(skel->bss); 88 81 err = run_measured_process(measured_dir, &skel->bss->monitored_pid); 89 - if (CHECK(err, "run_measured_process", "err = %d\n", err)) 82 + if (CHECK(err, "run_measured_process #1", "err = %d\n", err)) 90 83 goto close_clean; 91 84 92 85 err = ring_buffer__consume(ringbuf); 93 86 ASSERT_EQ(err, 1, "num_samples_or_err"); 94 - ASSERT_NEQ(ima_hash_from_bpf, 0, "ima_hash"); 87 + ASSERT_NEQ(ima_hash_from_bpf[0], 0, "ima_hash"); 88 + 89 + /* 90 + * Test #2 91 + * - Goal: obtain samples with the bpf_ima_file_hash() helper 92 + * - Expected result: 2 samples (./ima_setup.sh, /bin/true) 93 + */ 94 + test_init(skel->bss); 95 + skel->bss->use_ima_file_hash = true; 96 + err = run_measured_process(measured_dir, &skel->bss->monitored_pid); 97 + if (CHECK(err, "run_measured_process #2", "err = %d\n", err)) 98 + goto close_clean; 99 + 100 + err = ring_buffer__consume(ringbuf); 101 + ASSERT_EQ(err, 2, "num_samples_or_err"); 102 + ASSERT_NEQ(ima_hash_from_bpf[0], 0, "ima_hash"); 103 + ASSERT_NEQ(ima_hash_from_bpf[1], 0, "ima_hash"); 95 104 96 105 close_clean: 97 106 snprintf(cmd, sizeof(cmd), "./ima_setup.sh cleanup %s", measured_dir);
+8 -2
tools/testing/selftests/bpf/progs/ima.c
··· 18 18 19 19 char _license[] SEC("license") = "GPL"; 20 20 21 + bool use_ima_file_hash; 22 + 21 23 static void ima_test_common(struct file *file) 22 24 { 23 25 u64 ima_hash = 0; ··· 29 27 30 28 pid = bpf_get_current_pid_tgid() >> 32; 31 29 if (pid == monitored_pid) { 32 - ret = bpf_ima_inode_hash(file->f_inode, &ima_hash, 33 - sizeof(ima_hash)); 30 + if (!use_ima_file_hash) 31 + ret = bpf_ima_inode_hash(file->f_inode, &ima_hash, 32 + sizeof(ima_hash)); 33 + else 34 + ret = bpf_ima_file_hash(file, &ima_hash, 35 + sizeof(ima_hash)); 34 36 if (ret < 0 || ima_hash == 0) 35 37 return; 36 38