[PATCH bpf-next 2/2] selftests/bpf: Cover pseudo-BTF ksym load capability

Fri, 19 Jun 2026 09:15:03 -0700 

Add verifier_unpriv cases for a raw socket-filter load of the typed ksym
bpf_prog_active.

The first case verifies that a program without CAP_BPF is rejected before
the pseudo-BTF ksym is materialized. The second case grants CAP_BPF in
the unprivileged test-loader mode and verifies that the same load remains
accepted when the capability requirement is satisfied.

Declare the typed ksym in verifier_unpriv.c so these raw verifier tests do
not need a separate selftest header.

Signed-off-by: Nuoqi Gui <[email protected]>
---
 .../testing/selftests/bpf/progs/verifier_unpriv.c  | 32 ++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/tools/testing/selftests/bpf/progs/verifier_unpriv.c 
b/tools/testing/selftests/bpf/progs/verifier_unpriv.c
index c16f8382cf17..90e7ffc426ae 100644
--- a/tools/testing/selftests/bpf/progs/verifier_unpriv.c
+++ b/tools/testing/selftests/bpf/progs/verifier_unpriv.c
@@ -6,6 +6,8 @@
 #include "../../../include/linux/filter.h"
 #include "bpf_misc.h"
 
+extern const int bpf_prog_active __ksym;
+
 #define BPF_SK_LOOKUP(func) \
        /* struct bpf_sock_tuple tuple = {} */ \
        "r2 = 0;"                       \
@@ -77,6 +79,36 @@ __naked void dummy_prog_loop1_socket(void)
        : __clobber_all);
 }
 
+SEC("socket")
+__description("unpriv: pseudo btf id ksym requires CAP_BPF")
+__success __failure_unpriv
+__msg_unpriv("BPF_PSEUDO_BTF_ID loads require CAP_BPF")
+__retval(0)
+__naked void pseudo_btf_id_ksym_requires_cap_bpf(void)
+{
+       asm volatile ("r1 = %[bpf_prog_active] ll;"
+                     "r0 = 0;"
+                     "exit;"
+       :
+       : __imm_addr(bpf_prog_active)
+       : __clobber_all);
+}
+
+SEC("socket")
+__description("unpriv: pseudo btf id ksym works with CAP_BPF")
+__success_unpriv
+__caps_unpriv(CAP_BPF)
+__retval_unpriv(0)
+__naked void pseudo_btf_id_ksym_with_cap_bpf(void)
+{
+       asm volatile ("r1 = %[bpf_prog_active] ll;"
+                     "r0 = 0;"
+                     "exit;"
+       :
+       : __imm_addr(bpf_prog_active)
+       : __clobber_all);
+}
+
 SEC("socket")
 __description("unpriv: return pointer")
 __success __failure_unpriv __msg_unpriv("R0 leaks addr")

-- 
2.34.1

Reply via email to