Re: [PATCH bpf-next v3 5/6] selftests/bpf: Verify load-time signed loader metadata
From: bot+bpf-ci@kernel.org
Date: 2026-07-02 15:17:12
Also in:
bpf
quoted hunk ↗ jump to hunk
diff --git a/tools/testing/selftests/bpf/prog_tests/signed_loader.c b/tools/testing/selftests/bpf/prog_tests/signed_loader.c index 5fc417e31fc6..b3ac3d9b0e31 100644 --- a/tools/testing/selftests/bpf/prog_tests/signed_loader.c +++ b/tools/testing/selftests/bpf/prog_tests/signed_loader.c
[ ... ]
quoted hunk ↗ jump to hunk
@@ -1090,20 +1173,462 @@ static void lsm_signature_verdict(void) test_signed_loader_lsm__destroy(lsm); } +static void signed_module_kfunc_rejected(void) +{ + struct bpf_insn insns[] = { + BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, BPF_PSEUDO_KFUNC_CALL, 1, 1), + BPF_MOV64_IMM(BPF_REG_0, 0), + BPF_EXIT_INSN(), + }; + char dir_tmpl[] = "/tmp/signed_loader_kfnXXXXXX", *dir; + int map_fd = -1, prog_fd, err, fds[2]; + struct btf *btf = NULL;
[ ... ]
+ prog_fd = syscall(__NR_bpf, BPF_PROG_LOAD, &attr, + offsetofend(union bpf_attr, keyring_id)); + err = prog_fd < 0 ? -errno : prog_fd; + if (prog_fd >= 0) + close(prog_fd); + + ASSERT_EQ(err, -EACCES, "module kfunc BTF in signed program rejected"); +cleanup: + if (btf) + btf__free(btf); + if (map_fd >= 0) + close(map_fd);
This isn't a bug, but was map_fd meant to be dropped from this test? It's initialized to -1 and never changed, so the cleanup branch is unreachable. The sibling tests signed_map_by_fd_rejected and signed_sparse_fd_array_rejected create and close a map_fd, but signed_module_kfunc_rejected only uses BTF fds and never assigns map_fd.
+ run_setup("cleanup", dir);
+}[ ... ] --- AI reviewed your patch. Please fix the bug or email reply why it's not a bug. See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md CI run summary: https://github.com/kernel-patches/bpf/actions/runs/28599478014