mirror of
https://github.com/torvalds/linux.git
synced 2026-04-23 00:55:48 -04:00
f8b19aeca1
Add selftest cases that validate bpftool's expected behavior when accessing maps protected from modification via security_bpf_map. The test includes a BPF program attached to security_bpf_map with two maps: - A protected map that only allows read-only access - An unprotected map that allows full access The test script attaches the BPF program to security_bpf_map and verifies that for the bpftool map command: - Read access works on both maps - Write access fails on the protected map - Write access succeeds on the unprotected map - These behaviors remain consistent when the maps are pinned Signed-off-by: Slava Imameev <slava.imameev@crowdstrike.com> Reviewed-by: Quentin Monnet <qmo@kernel.org> Link: https://lore.kernel.org/r/20250620151812.13952-2-slava.imameev@crowdstrike.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
23 lines
427 B
C
23 lines
427 B
C
// SPDX-License-Identifier: GPL-2.0-only
|
|
|
|
#include "vmlinux.h"
|
|
#include <bpf/bpf_tracing.h>
|
|
#include <bpf/bpf_helpers.h>
|
|
|
|
char _license[] SEC("license") = "GPL";
|
|
|
|
__u32 value_sum = 0;
|
|
|
|
SEC("iter/bpf_map_elem")
|
|
int dump_bpf_map_values(struct bpf_iter__bpf_map_elem *ctx)
|
|
{
|
|
__u32 value = 0;
|
|
|
|
if (ctx->value == (void *)0)
|
|
return 0;
|
|
|
|
bpf_probe_read_kernel(&value, sizeof(value), ctx->value);
|
|
value_sum += value;
|
|
return 0;
|
|
}
|