From: Song Liu <song@kernel.org>
To: bpf@vger.kernel.org, fsverity@lists.linux.dev
Cc: ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org,
martin.lau@kernel.org, kernel-team@meta.com, ebiggers@kernel.org,
tytso@mit.edu, roberto.sassu@huaweicloud.com, kpsingh@kernel.org,
vadfed@meta.com, Song Liu <song@kernel.org>,
Eric Biggers <ebiggers@google.com>
Subject: [PATCH v8 bpf-next 5/9] bpf, fsverity: Add kfunc bpf_get_fsverity_digest
Date: Thu, 2 Nov 2023 13:16:15 -0700 [thread overview]
Message-ID: <20231102201619.3135203-6-song@kernel.org> (raw)
In-Reply-To: <20231102201619.3135203-1-song@kernel.org>
fsverity provides fast and reliable hash of files, namely fsverity_digest.
The digest can be used by security solutions to verify file contents.
Add new kfunc bpf_get_fsverity_digest() so that we can access fsverity from
BPF LSM programs. This kfunc is added to fs/verity/measure.c because some
data structure used in the function is private to fsverity
(fs/verity/fsverity_private.h).
To avoid recursion, bpf_get_fsverity_digest is only allowed in BPF LSM
programs.
Signed-off-by: Song Liu <song@kernel.org>
Acked-by: Eric Biggers <ebiggers@google.com>
---
fs/verity/fsverity_private.h | 10 +++++
fs/verity/init.c | 1 +
fs/verity/measure.c | 85 ++++++++++++++++++++++++++++++++++++
3 files changed, 96 insertions(+)
diff --git a/fs/verity/fsverity_private.h b/fs/verity/fsverity_private.h
index d071a6e32581..a6a6b2749241 100644
--- a/fs/verity/fsverity_private.h
+++ b/fs/verity/fsverity_private.h
@@ -100,6 +100,16 @@ fsverity_msg(const struct inode *inode, const char *level,
#define fsverity_err(inode, fmt, ...) \
fsverity_msg((inode), KERN_ERR, fmt, ##__VA_ARGS__)
+/* measure.c */
+
+#ifdef CONFIG_BPF_SYSCALL
+void __init fsverity_init_bpf(void);
+#else
+static inline void fsverity_init_bpf(void)
+{
+}
+#endif
+
/* open.c */
int fsverity_init_merkle_tree_params(struct merkle_tree_params *params,
diff --git a/fs/verity/init.c b/fs/verity/init.c
index a29f062f6047..1e207c0f71de 100644
--- a/fs/verity/init.c
+++ b/fs/verity/init.c
@@ -69,6 +69,7 @@ static int __init fsverity_init(void)
fsverity_init_workqueue();
fsverity_init_sysctl();
fsverity_init_signature();
+ fsverity_init_bpf();
return 0;
}
late_initcall(fsverity_init)
diff --git a/fs/verity/measure.c b/fs/verity/measure.c
index eec5956141da..a08177eda96e 100644
--- a/fs/verity/measure.c
+++ b/fs/verity/measure.c
@@ -7,6 +7,8 @@
#include "fsverity_private.h"
+#include <linux/bpf.h>
+#include <linux/btf.h>
#include <linux/uaccess.h>
/**
@@ -100,3 +102,86 @@ int fsverity_get_digest(struct inode *inode,
return hash_alg->digest_size;
}
EXPORT_SYMBOL_GPL(fsverity_get_digest);
+
+#ifdef CONFIG_BPF_SYSCALL
+
+/* bpf kfuncs */
+__diag_push();
+__diag_ignore_all("-Wmissing-prototypes",
+ "kfuncs which will be used in BPF programs");
+
+/**
+ * bpf_get_fsverity_digest: read fsverity digest of file
+ * @file: file to get digest from
+ * @digest_ptr: (out) dynptr for struct fsverity_digest
+ *
+ * Read fsverity_digest of *file* into *digest_ptr*.
+ *
+ * Return: 0 on success, a negative value on error.
+ */
+__bpf_kfunc int bpf_get_fsverity_digest(struct file *file, struct bpf_dynptr_kern *digest_ptr)
+{
+ const struct inode *inode = file_inode(file);
+ struct fsverity_digest *arg;
+ const struct fsverity_info *vi;
+ const struct fsverity_hash_alg *hash_alg;
+ int out_digest_sz;
+
+ arg = __bpf_dynptr_data_rw(digest_ptr, __bpf_dynptr_size(digest_ptr));
+ if (!arg)
+ return -EINVAL;
+
+ if (!IS_ALIGNED((uintptr_t)arg, __alignof__(*arg)))
+ return -EINVAL;
+
+ if (__bpf_dynptr_size(digest_ptr) < sizeof(struct fsverity_digest))
+ return -EINVAL;
+
+ vi = fsverity_get_info(inode);
+ if (!vi)
+ return -ENODATA; /* not a verity file */
+
+ hash_alg = vi->tree_params.hash_alg;
+
+ arg->digest_algorithm = hash_alg - fsverity_hash_algs;
+ arg->digest_size = hash_alg->digest_size;
+
+ out_digest_sz = __bpf_dynptr_size(digest_ptr) - sizeof(struct fsverity_digest);
+
+ /* copy digest */
+ memcpy(arg->digest, vi->file_digest, min_t(int, hash_alg->digest_size, out_digest_sz));
+
+ /* fill the extra buffer with zeros */
+ if (out_digest_sz > hash_alg->digest_size)
+ memset(arg->digest + arg->digest_size, 0, out_digest_sz - hash_alg->digest_size);
+
+ return 0;
+}
+
+__diag_pop();
+
+BTF_SET8_START(fsverity_set_ids)
+BTF_ID_FLAGS(func, bpf_get_fsverity_digest, KF_TRUSTED_ARGS)
+BTF_SET8_END(fsverity_set_ids)
+
+static int bpf_get_fsverity_digest_filter(const struct bpf_prog *prog, u32 kfunc_id)
+{
+ if (!btf_id_set8_contains(&fsverity_set_ids, kfunc_id))
+ return 0;
+
+ /* Only allow to attach from LSM hooks, to avoid recursion */
+ return prog->type != BPF_PROG_TYPE_LSM ? -EACCES : 0;
+}
+
+static const struct btf_kfunc_id_set bpf_fsverity_set = {
+ .owner = THIS_MODULE,
+ .set = &fsverity_set_ids,
+ .filter = bpf_get_fsverity_digest_filter,
+};
+
+void __init fsverity_init_bpf(void)
+{
+ register_btf_kfunc_id_set(BPF_PROG_TYPE_LSM, &bpf_fsverity_set);
+}
+
+#endif /* CONFIG_BPF_SYSCALL */
--
2.34.1
next prev parent reply other threads:[~2023-11-02 20:16 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-02 20:16 [PATCH v8 bpf-next 0/9] bpf: File verification with LSM and fsverity Song Liu
2023-11-02 20:16 ` [PATCH v8 bpf-next 1/9] bpf: Add __bpf_dynptr_data* for in kernel use Song Liu
2023-11-02 22:59 ` Song Liu
2023-11-02 23:53 ` Song Liu
2023-11-02 20:16 ` [PATCH v8 bpf-next 2/9] bpf: Factor out helper check_reg_const_str() Song Liu
2023-11-02 20:16 ` [PATCH v8 bpf-next 3/9] bpf: Introduce KF_ARG_PTR_TO_CONST_STR Song Liu
2023-11-02 20:16 ` [PATCH v8 bpf-next 4/9] bpf: Add kfunc bpf_get_file_xattr Song Liu
2023-11-02 20:16 ` Song Liu [this message]
2023-11-02 20:16 ` [PATCH v8 bpf-next 6/9] Documentation/bpf: Add documentation for filesystem kfuncs Song Liu
2023-11-02 20:16 ` [PATCH v8 bpf-next 7/9] selftests/bpf: Sort config in alphabetic order Song Liu
2023-11-02 20:16 ` [PATCH v8 bpf-next 8/9] selftests/bpf: Add tests for filesystem kfuncs Song Liu
2023-11-02 20:16 ` [PATCH v8 bpf-next 9/9] selftests/bpf: Add test that uses fsverity and xattr to sign a file Song Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231102201619.3135203-6-song@kernel.org \
--to=song@kernel.org \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=ebiggers@google.com \
--cc=ebiggers@kernel.org \
--cc=fsverity@lists.linux.dev \
--cc=kernel-team@meta.com \
--cc=kpsingh@kernel.org \
--cc=martin.lau@kernel.org \
--cc=roberto.sassu@huaweicloud.com \
--cc=tytso@mit.edu \
--cc=vadfed@meta.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.