APPLIED: [B][SRU][PATCH 0/2] Skip unprivileged tests in test_verifier from bpf selftests
Luke Nowakowski-Krijger
luke.nowakowskikrijger at canonical.com
Thu Jul 7 21:44:21 UTC 2022
Applied to bionic:linux master-next
Thanks!
- Luke
On Tue, Jul 5, 2022 at 1:29 AM Po-Hsu Lin <po-hsu.lin at canonical.com> wrote:
> [Impact]
> We have kernel.unprivileged_bpf_disabled enabled for Bionic kernel:
> $ sysctl kernel.unprivileged_bpf_disabled
> kernel.unprivileged_bpf_disabled = 2
>
> This causes all unprivileged tests in test_verifier of bpf selftests
> to fail like:
> #0/u add+sub+mul FAIL
> Failed to load prog 'Operation not permitted'!
>
> Because it permanently disables unprivileged BPF access for
> the currently running kernel.
>
> [Fix]
> * d0a0e4956f ("selftests/bpf: Count tests skipped by unpriv")
> * 0a67487403 ("selftests/bpf: Only run tests if !bpf_disabled")
>
> These two patches can be cherry-picked into our Bionic kernel.
>
> Note that there is a follow-up fix for 0a67487403, which is commit
> deea81228b ("selftests/bpf: check return value of fopen in
> test_verifier.c"), but this is intended for older kernels (< 4.4) thus
> I will leave it alone.
>
> [Test]
> Patch tested with Bionic 4.15.0-188, and these unprivileged won't fail
> with "Failed to load prog 'Operation not permitted'!" anymore, they
> will be marked as skipped tests.
>
> Overall test result improves from:
> Summary: 551 PASSED, 286 FAILED
> To:
> Summary: 551 PASSED, 278 SKIPPED, 8 FAILED
>
> [Where problems could occur]
> Change limited to the bpf selftest code, no actual changes to kernel
> function. If this fix is wrong, we might get incorrect test results.
>
> Joe Stringer (2):
> selftests/bpf: Count tests skipped by unpriv
> selftests/bpf: Only run tests if !bpf_disabled
>
> tools/testing/selftests/bpf/test_verifier.c | 36
> +++++++++++++++++++++++++----
> 1 file changed, 32 insertions(+), 4 deletions(-)
>
> --
> 2.7.4
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20220707/c5802f04/attachment.html>
More information about the kernel-team
mailing list