Re: [PATCH v7 bpf-next 2/2] selftests/bpf: Add a kernel flag test for LSM bpf hook

On Mon, Mar 10, 2025 at 3:18 PM Blaise Boscaccy bboscaccy@linux.microsoft.com wrote:

This test exercises the kernel flag added to security_bpf by effectively blocking light-skeletons from loading while allowing normal skeletons to function as-is. Since this should work with any arbitrary BPF program, an existing program from LSKELS_EXTRA was used as a test payload.

Signed-off-by: Blaise Boscaccy bboscaccy@linux.microsoft.com

[...]

•   /* Test with skel. This should pass the gatekeeper */
  

•   skel = kfunc_call_test__open_and_load();
  

•   if (!ASSERT_OK_PTR(skel, "skel"))
  

•           goto close_prog;
  

•   /* Test with lskel. This should fail due to blocking kernel-based bpf() invocations */
  

•   lskel = kfunc_call_test_lskel__open_and_load();
  

•   if (!ASSERT_ERR_PTR(lskel, "lskel"))
  

•           goto close_prog;
  

This goto is not necessary. But I don't think we need v8 just for this.

Acked-by: Song Liu song@kernel.org

+close_prog:

•   if (skel)
  

•           kfunc_call_test__destroy(skel);
  

•   if (lskel)
  

•           kfunc_call_test_lskel__destroy(lskel);
  

[...]