ACK+Cmnt: [B][SRU][PATCH 0/2] Skip unprivileged tests in test_verifier from bpf selftests
Po-Hsu Lin
po-hsu.lin at canonical.com
Tue Jul 5 15:29:40 UTC 2022
On Tue, Jul 5, 2022 at 10:50 PM Thadeu Lima de Souza Cascardo
<cascardo at canonical.com> wrote:
>
> On Tue, Jul 05, 2022 at 04:28:15PM +0800, Po-Hsu Lin wrote:
> > [Impact]
> > We have kernel.unprivileged_bpf_disabled enabled for Bionic kernel:
> > $ sysctl kernel.unprivileged_bpf_disabled
> > kernel.unprivileged_bpf_disabled = 2
> >
> > This causes all unprivileged tests in test_verifier of bpf selftests
> > to fail like:
> > #0/u add+sub+mul FAIL
> > Failed to load prog 'Operation not permitted'!
> >
> > Because it permanently disables unprivileged BPF access for
> > the currently running kernel.
> >
> > [Fix]
> > * d0a0e4956f ("selftests/bpf: Count tests skipped by unpriv")
> > * 0a67487403 ("selftests/bpf: Only run tests if !bpf_disabled")
> >
> > These two patches can be cherry-picked into our Bionic kernel.
> >
> > Note that there is a follow-up fix for 0a67487403, which is commit
> > deea81228b ("selftests/bpf: check return value of fopen in
> > test_verifier.c"), but this is intended for older kernels (< 4.4) thus
> > I will leave it alone.
> >
> > [Test]
> > Patch tested with Bionic 4.15.0-188, and these unprivileged won't fail
> > with "Failed to load prog 'Operation not permitted'!" anymore, they
> > will be marked as skipped tests.
> >
> > Overall test result improves from:
> > Summary: 551 PASSED, 286 FAILED
> > To:
> > Summary: 551 PASSED, 278 SKIPPED, 8 FAILED
> >
> > [Where problems could occur]
> > Change limited to the bpf selftest code, no actual changes to kernel
> > function. If this fix is wrong, we might get incorrect test results.
> >
>
> Perhaps we should consider enabling unprivileged eBPF before running the test?
>
That's a good idea, and it's doable from the test case side.
I have filed https://bugs.launchpad.net/bugs/1980756 for this
Thanks for the suggestion!
> Cascardo.
>
> > Joe Stringer (2):
> > selftests/bpf: Count tests skipped by unpriv
> > selftests/bpf: Only run tests if !bpf_disabled
> >
> > tools/testing/selftests/bpf/test_verifier.c | 36 +++++++++++++++++++++++++----
> > 1 file changed, 32 insertions(+), 4 deletions(-)
> >
> > --
> > 2.7.4
More information about the kernel-team
mailing list