Re: [PATCH bpf 2/2] selftests/bpf: Add return value tests for lsm cgroup

[Emil Tsalapatis]

On Sat May 23, 2026 at 4:58 AM EDT, Xu Kuohai wrote:
> From: Xu Kuohai <xukuohai@xxxxxxxxxx>
>
> Add tests to check return values set by bpf_set_retval() helper for lsm
> cgroup programs.

After fixing the task_struct arg feel free to add:

Reviewed-by: Emil Tsalapatis <emil@xxxxxxxxxxxxxxx>

Nit: The test messages are kinda obscure, could you replace -4095~0 with "valid errno or
success" or something similar? E.g., test1/2/3/4 could be described as
"success"/"valid errno"/"invalid errno"/invalid value" instead of numbers.

>
> Signed-off-by: Xu Kuohai <xukuohai@xxxxxxxxxx>
> ---
>  .../selftests/bpf/progs/verifier_lsm.c        | 45 +++++++++++++++++++
>  1 file changed, 45 insertions(+)
>
> diff --git a/tools/testing/selftests/bpf/progs/verifier_lsm.c b/tools/testing/selftests/bpf/progs/verifier_lsm.c
> index 38e8e9176862..2072671ed643 100644
> --- a/tools/testing/selftests/bpf/progs/verifier_lsm.c
> +++ b/tools/testing/selftests/bpf/progs/verifier_lsm.c
> @@ -188,4 +188,49 @@ int BPF_PROG(null_check, struct file *file)
>  	return 0;
>  }
>  
> +SEC("lsm_cgroup/socket_create")
> +__description("lsm_cgroup with -4095~0 retval test 1")
> +__success
> +int BPF_PROG(lsm_cgroup_set_retval_zero_valid, struct task_struct *task)
> +{
> +	bpf_set_retval(0);
> +	return 0;
> +}
> +
> +SEC("lsm_cgroup/socket_create")
> +__description("lsm_cgroup with -4095~0 retval test 2")
> +__success
> +int BPF_PROG(lsm_cgroup_set_retval_negative_valid, struct task_struct *task)
> +{
> +	bpf_set_retval(-12);
> +	return 0;
> +}
> +
> +SEC("lsm_cgroup/socket_create")
> +__description("lsm_cgroup with -4095~0 retval test 3")
> +__failure __msg("should have been in [-4095, 0]")
> +int BPF_PROG(lsm_cgroup_set_retval_negative_invalid, struct task_struct *task)
> +{
> +	bpf_set_retval(-4096);
> +	return 0;
> +}
> +
> +SEC("lsm_cgroup/socket_create")
> +__description("lsm_cgroup with -4095~0 retval test 4")
> +__failure __msg("should have been in [-4095, 0]")
> +int BPF_PROG(lsm_cgroup_set_retval_positive_invalid, struct task_struct *task)
> +{
> +	bpf_set_retval(1);
> +	return 0;
> +}
> +
> +SEC("lsm_cgroup/file_release")
> +__description("lsm_cgroup bpf_set_retval on void hook test")
> +__failure __msg("BPF_LSM_CGROUP that attach to void LSM hooks can't modify return value")
> +int BPF_PROG(lsm_cgroup_set_retval_for_void_hook, struct file *file)
> +{
> +	bpf_set_retval(0);
> +	return 0;
> +}
> +
>  char _license[] SEC("license") = "GPL";