tools/testing/selftests/bpf/progs/lsm_bdev.c - linux - Git at Google

 // SPDX-License-Identifier: GPL-2.0
 /* Copyright (c) 2026 Christian Brauner <brauner@kernel.org> */

 /*
  * BPF LSM block device integrity tracker for dm-verity.
  *
  * Tracks block devices in a hashmap keyed by bd_dev.  When dm-verity
  * calls security_bdev_setintegrity() during verity_preresume(), the
  * setintegrity hook records the roothash and signature-validity data.
  * The free hook cleans up when the device goes away.  The alloc hook
  * counts allocations for test validation.
  *
  * The sleepable hooks exercise bpf_copy_from_user() to verify that
  * the sleepable classification actually permits sleepable helpers.
  */

 #include "vmlinux.h"
 #include <bpf/bpf_helpers.h>
 #include <bpf/bpf_tracing.h>

 struct verity_info {
 	__u8  has_roothash;	/* LSM_INT_DMVERITY_ROOTHASH seen */
 	__u8  sig_valid;	/* LSM_INT_DMVERITY_SIG_VALID value (non-NULL = valid) */
 	__u32 setintegrity_cnt;	/* total setintegrity calls for this dev */
 };

 struct {
 	__uint(type, BPF_MAP_TYPE_HASH);
 	__uint(max_entries, 64);
 	__type(key, __u32);		/* dev_t from bdev->bd_dev */
 	__type(value, struct verity_info);
 } verity_devices SEC(".maps");

 /* Global counters exposed to userspace via skeleton bss. */
 int alloc_count;

 char _license[] SEC("license") = "GPL";

 SEC("lsm.s/bdev_setintegrity")
 int BPF_PROG(bdev_setintegrity, struct block_device *bdev,
 	     enum lsm_integrity_type type, const void *value, size_t size)
 {
 	struct verity_info zero = {};
 	struct verity_info *info;
 	__u32 dev;
 	char buf;

 	/*
 	 * Exercise a sleepable helper to confirm the verifier
 	 * allows it in this sleepable hook.
 	 */
 	(void)bpf_copy_from_user(&buf, sizeof(buf), NULL);

 	dev = bdev->bd_dev;

 	info = bpf_map_lookup_elem(&verity_devices, &dev);
 	if (!info) {
 		bpf_map_update_elem(&verity_devices, &dev, &zero, BPF_NOEXIST);
 		info = bpf_map_lookup_elem(&verity_devices, &dev);
 		if (!info)
 			return 0;
 	}

 	if (type == LSM_INT_DMVERITY_ROOTHASH)
 		info->has_roothash = 1;
 	else if (type == LSM_INT_DMVERITY_SIG_VALID)
 		info->sig_valid = (value != NULL);

 	__sync_fetch_and_add(&info->setintegrity_cnt, 1);

 	return 0;
 }

 SEC("lsm/bdev_free_security")
 void BPF_PROG(bdev_free_security, struct block_device *bdev)
 {
 	__u32 dev = bdev->bd_dev;

 	bpf_map_delete_elem(&verity_devices, &dev);
 }

 SEC("lsm.s/bdev_alloc_security")
 int BPF_PROG(bdev_alloc_security, struct block_device *bdev)
 {
 	char buf;

 	/*
 	 * Exercise a sleepable helper to confirm the verifier
 	 * allows it in this sleepable hook.
 	 */
 	(void)bpf_copy_from_user(&buf, sizeof(buf), NULL);

 	__sync_fetch_and_add(&alloc_count, 1);

 	return 0;
 }
	// SPDX-License-Identifier: GPL-2.0
	/* Copyright (c) 2026 Christian Brauner <brauner@kernel.org> */

	/*
	* BPF LSM block device integrity tracker for dm-verity.
	*
	* Tracks block devices in a hashmap keyed by bd_dev. When dm-verity
	* calls security_bdev_setintegrity() during verity_preresume(), the
	* setintegrity hook records the roothash and signature-validity data.
	* The free hook cleans up when the device goes away. The alloc hook
	* counts allocations for test validation.
	*
	* The sleepable hooks exercise bpf_copy_from_user() to verify that
	* the sleepable classification actually permits sleepable helpers.
	*/

	#include "vmlinux.h"
	#include <bpf/bpf_helpers.h>
	#include <bpf/bpf_tracing.h>

	struct verity_info {
	__u8 has_roothash; /* LSM_INT_DMVERITY_ROOTHASH seen */
	__u8 sig_valid; /* LSM_INT_DMVERITY_SIG_VALID value (non-NULL = valid) */
	__u32 setintegrity_cnt; /* total setintegrity calls for this dev */
	};

	struct {
	__uint(type, BPF_MAP_TYPE_HASH);
	__uint(max_entries, 64);
	__type(key, __u32); /* dev_t from bdev->bd_dev */
	__type(value, struct verity_info);
	} verity_devices SEC(".maps");

	/* Global counters exposed to userspace via skeleton bss. */
	int alloc_count;

	char _license[] SEC("license") = "GPL";

	SEC("lsm.s/bdev_setintegrity")
	int BPF_PROG(bdev_setintegrity, struct block_device *bdev,
	enum lsm_integrity_type type, const void *value, size_t size)
	{
	struct verity_info zero = {};
	struct verity_info *info;
	__u32 dev;
	char buf;

	/*
	* Exercise a sleepable helper to confirm the verifier
	* allows it in this sleepable hook.
	*/
	(void)bpf_copy_from_user(&buf, sizeof(buf), NULL);

	dev = bdev->bd_dev;

	info = bpf_map_lookup_elem(&verity_devices, &dev);
	if (!info) {
	bpf_map_update_elem(&verity_devices, &dev, &zero, BPF_NOEXIST);
	info = bpf_map_lookup_elem(&verity_devices, &dev);
	if (!info)
	return 0;
	}

	if (type == LSM_INT_DMVERITY_ROOTHASH)
	info->has_roothash = 1;
	else if (type == LSM_INT_DMVERITY_SIG_VALID)
	info->sig_valid = (value != NULL);

	__sync_fetch_and_add(&info->setintegrity_cnt, 1);

	return 0;
	}

	SEC("lsm/bdev_free_security")
	void BPF_PROG(bdev_free_security, struct block_device *bdev)
	{
	__u32 dev = bdev->bd_dev;

	bpf_map_delete_elem(&verity_devices, &dev);
	}

	SEC("lsm.s/bdev_alloc_security")
	int BPF_PROG(bdev_alloc_security, struct block_device *bdev)
	{
	char buf;

	/*
	* Exercise a sleepable helper to confirm the verifier
	* allows it in this sleepable hook.
	*/
	(void)bpf_copy_from_user(&buf, sizeof(buf), NULL);

	__sync_fetch_and_add(&alloc_count, 1);

	return 0;
	}