tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

selftests/bpf: add test case for BPF LSM hook bpf_lsm_mmap_file

Add a trivial test case asserting that the BPF verifier enforces
PTR_MAYBE_NULL semantics on the struct file pointer argument of BPF
LSM hook bpf_lsm_mmap_file().

Dereferencing the struct file pointer passed into bpf_lsm_mmap_file()
without explicitly performing a NULL check first should not be
permitted by the BPF verifier as it can lead to NULL pointer
dereferences and a kernel crash.

Signed-off-by: Matt Bobrowski <mattbobrowski@google.com>
Acked-by: Song Liu <song@kernel.org>
Link: https://lore.kernel.org/r/20251216133000.3690723-2-mattbobrowski@google.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

authored by

Matt Bobrowski and committed by
Alexei Starovoitov d2749ae8 94e948b7

+30 -1
+30 -1
tools/testing/selftests/bpf/progs/verifier_lsm.c
··· 1 1 // SPDX-License-Identifier: GPL-2.0 2 2 3 - #include <linux/bpf.h> 3 + #include <vmlinux.h> 4 4 #include <bpf/bpf_helpers.h> 5 + #include <bpf/bpf_tracing.h> 5 6 #include "bpf_misc.h" 6 7 7 8 SEC("lsm/file_permission") ··· 158 157 "r0 = 0;" 159 158 "exit;" 160 159 ::: __clobber_all); 160 + } 161 + 162 + SEC("lsm/mmap_file") 163 + __description("not null checking nullable pointer in bpf_lsm_mmap_file") 164 + __failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") 165 + int BPF_PROG(no_null_check, struct file *file) 166 + { 167 + struct inode *inode; 168 + 169 + inode = file->f_inode; 170 + __sink(inode); 171 + 172 + return 0; 173 + } 174 + 175 + SEC("lsm/mmap_file") 176 + __description("null checking nullable pointer in bpf_lsm_mmap_file") 177 + __success 178 + int BPF_PROG(null_check, struct file *file) 179 + { 180 + struct inode *inode; 181 + 182 + if (file) { 183 + inode = file->f_inode; 184 + __sink(inode); 185 + } 186 + 187 + return 0; 161 188 } 162 189 163 190 char _license[] SEC("license") = "GPL";