On Thu Jun 11, 2026 at 10:35 AM EDT, David Windsor wrote:
> Confirm the verifier rejects loading a sleepable BPF_LSM_CGROUP program,
> as introduced in commit 5b038319be44 ("bpf: Reject sleepable
> BPF_LSM_CGROUP programs at load time").
>
> Signed-off-by: David Windsor <[email protected]>Reviewed-by: Emil Tsalapatis <[email protected]> > --- > tools/testing/selftests/bpf/progs/verifier_lsm.c | 9 +++++++++ > 1 file changed, 9 insertions(+) > > diff --git a/tools/testing/selftests/bpf/progs/verifier_lsm.c > b/tools/testing/selftests/bpf/progs/verifier_lsm.c > index 38e8e9176862..2f8103bfa14e 100644 > --- a/tools/testing/selftests/bpf/progs/verifier_lsm.c > +++ b/tools/testing/selftests/bpf/progs/verifier_lsm.c > @@ -188,4 +188,13 @@ int BPF_PROG(null_check, struct file *file) > return 0; > } > > +SEC("lsm_cgroup/file_open") > +__description("sleepable lsm_cgroup program is rejected") > +__failure __msg("Program of this type cannot be sleepable") > +__flag(BPF_F_SLEEPABLE) > +int BPF_PROG(sleepable_lsm_cgroup) > +{ > + return 0; > +} > + > char _license[] SEC("license") = "GPL"; > > base-commit: 30dee2c176e7954f63d1fa3e52d172f30beb9bfb
