All of lore.kernel.org
 help / color / mirror / Atom feed
From: sashiko-bot@kernel.org
To: "Daniel Borkmann" <daniel@iogearbox.net>
Cc: bpf@vger.kernel.org
Subject: Re: [PATCH bpf-next v5 2/8] bpf: Verify signed loader metadata at load time
Date: Tue, 07 Jul 2026 19:55:59 +0000	[thread overview]
Message-ID: <20260707195600.5C2851F000E9@smtp.kernel.org> (raw)
In-Reply-To: <20260707193104.350066-3-daniel@iogearbox.net>

Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:

Pre-existing issues:
- [High] A lockless synchronization race between map_freeze() and map_update_elem() allows a TOCTOU bypass of BPF signature verification.
--

--- Patch [2]: [PATCH bpf-next v5 2/8] bpf: Verify signed loader metadata at load time ---
commit 5bc066f1169723d401bd2b1b6a80fa2ecfbca1a9
Author: Daniel Borkmann <daniel@iogearbox.net>
Subject: bpf: Verify signed loader metadata at load time

This patch introduces load-time BPF signature verification. It verifies the
signature over both the BPF instructions and the contents of any exclusive
metadata maps, relying on map->frozen to ensure the metadata cannot be
modified after verification.

Link: https://lore.kernel.org/bpf/2f71d6c03698eb17d51f7247efde777627ee578a.camel@HansenPartnership.com [0]
Link: https://lore.kernel.org/lkml/ecf0521ed302db672672ebfbc670ecfba36a6e00.camel@HansenPartnership.com [1]
Link: https://lore.kernel.org/bpf/88703f00d5b7a779728451008626efa45e42db3d.camel@HansenPartnership.com [2]
Link: https://lore.kernel.org/bpf/DJOFY21DYUI4.19WKQ3NPZ4H5R@gmail.com [3]

> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> index 2e9e65297c706..462a1f8544b9d 100644
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c
> @@ -19870,6 +19895,140 @@ int bpf_fixup_kfunc_call(struct bpf_verifier_env *env, struct bpf_insn *insn,
>  	return 0;
>  }
>  
[ ... ]
> +static int bpf_prog_verify_signature(struct bpf_verifier_env *env,
> +				     union bpf_attr *attr, bool is_kernel)
> +{
[ ... ]
> +	for (i = 0; i < map_cnt; i++) {
> +		struct bpf_map *map = maps[i];
> +
> +		if (map->map_type != BPF_MAP_TYPE_ARRAY ||
> +		    !map->ops->map_direct_value_addr) {
> +			verbose(env, "signed program metadata map '%s' must be an array\n",
> +				map->name);
> +			err = -EINVAL;
> +			goto out;
> +		}
> +		if (!READ_ONCE(map->frozen)) {

[Severity: High]
This is a pre-existing issue, but does the current map freezing mechanism
provide the absolute immutability required here?

In kernel/bpf/syscall.c:map_update_elem(), the code increments the write
count and checks permissions:

    bpf_map_write_active_inc(map);
    if (!(map_get_sys_perms(map, f) & FMODE_CAN_WRITE)) {

Because bpf_map_write_active_inc() uses atomic64_inc(), it does not imply a
memory barrier on weakly-ordered architectures (like ARM64). Could the
read of map->frozen inside map_get_sys_perms() be reordered to occur
before the writecnt increment is globally visible?

If so, could a sequence like this occur?

CPU0 (map_update_elem):
    bpf_map_write_active_inc(map); // no barrier
    // map->frozen read reordered here, sees false
    // blocks on user memory fault during kvmemdup_bpfptr()

CPU1 (map_freeze):
    // reads writecnt as 0, assumes no active writers
    sets map->frozen = true;

CPU2 (bpf_prog_verify_signature):
    reads map->frozen as true, verifies signature against benign data

CPU0 (map_update_elem):
    resumes from memory fault, completes update with new data since
    bpf_map_update_value() doesn't re-check map->frozen

Since this patch relies on map->frozen to guarantee the metadata cannot
change, does this lockless race allow bypassing the signature verification?

> +			verbose(env, "signed program metadata map '%s' must be frozen\n",
> +				map->name);
> +			err = -EPERM;
> +			goto out;
> +		}
> +		if (!map->excl_prog_sha) {
> +			verbose(env, "signed program metadata map '%s' must be exclusive\n",
> +				map->name);
> +			err = -EPERM;
> +			goto out;
> +		}
> +		data_sz += map->value_size;
> +	}

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/20260707193104.350066-1-daniel@iogearbox.net?part=2

  reply	other threads:[~2026-07-07 19:56 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-07-07 19:30 [PATCH bpf-next v5 0/8] Verify BPF signed loader at load time Daniel Borkmann
2026-07-07 19:30 ` [PATCH bpf-next v5 1/8] bpf: Resolve and cache fd_array objects " Daniel Borkmann
2026-07-07 19:30 ` [PATCH bpf-next v5 2/8] bpf: Verify signed loader metadata " Daniel Borkmann
2026-07-07 19:55   ` sashiko-bot [this message]
2026-07-07 20:31     ` Daniel Borkmann
2026-07-07 19:30 ` [PATCH bpf-next v5 3/8] libbpf: Drop in-loader metadata check for load-time verification Daniel Borkmann
2026-07-07 19:52   ` sashiko-bot
2026-07-07 20:08     ` Daniel Borkmann
2026-07-07 19:31 ` [PATCH bpf-next v5 4/8] bpftool: Check EVP_Digest when computing excl_prog_hash Daniel Borkmann
2026-07-07 19:31 ` [PATCH bpf-next v5 5/8] bpftool: Cover loader metadata with the program signature Daniel Borkmann
2026-07-07 19:31 ` [PATCH bpf-next v5 6/8] selftests/bpf: Adjust bpf_map layout in verifier_map_ptr Daniel Borkmann
2026-07-07 19:50   ` sashiko-bot
2026-07-07 20:06     ` Daniel Borkmann
2026-07-07 19:31 ` [PATCH bpf-next v5 7/8] selftests/bpf: Verify load-time signed loader metadata Daniel Borkmann
2026-07-07 19:31 ` [PATCH bpf-next v5 8/8] Documentation/bpf: Add BPF signing and enforcement doc Daniel Borkmann

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260707195600.5C2851F000E9@smtp.kernel.org \
    --to=sashiko-bot@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=sashiko-reviews@lists.linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.