Re: [PATCH bpf-next v3 2/2] selftests/bpf: Add test for bpftool access to read-only protected maps

From: Quentin Monnet
Date: Mon Jun 16 2025 - 10:08:36 EST

Next message: Dmitry Baryshkov: "Re: [PATCH v2 1/3] soc: qcom: mdt_loader: Ensure we don't read past the ELF header"
Previous message: Jason Gunthorpe: "Re: [PATCH v6 11/25] iommufd/driver: Add iommufd_hw_queue_depend/undepend() helpers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

2025-06-12 08:18 UTC+1000 ~ Slava Imameev <slava.imameev@xxxxxxxxxxxxxxx>
> Add selftest cases that validate bpftool's expected behavior when
> accessing maps protected from modification via security_bpf_map.
>
> The test includes a BPF program attached to security_bpf_map with two maps:
> - A protected map that only allows read-only access
> - An unprotected map that allows full access
>
> The test script attaches the BPF program to security_bpf_map and
> verifies that for the bpftool map command:
> - Read access works on both maps
> - Write access fails on the protected map
> - Write access succeeds on the unprotected map
> - These behaviors remain consistent when the maps are pinned
>
> Signed-off-by: Slava Imameev <slava.imameev@xxxxxxxxxxxxxxx>

Acked-by: Quentin Monnet <qmo@xxxxxxxxxx>

Thank you!

Next message: Dmitry Baryshkov: "Re: [PATCH v2 1/3] soc: qcom: mdt_loader: Ensure we don't read past the ELF header"
Previous message: Jason Gunthorpe: "Re: [PATCH v6 11/25] iommufd/driver: Add iommufd_hw_queue_depend/undepend() helpers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]