From: sashiko-bot@kernel.org
To: "Daniel Borkmann" <daniel@iogearbox.net>
Cc: bpf@vger.kernel.org
Subject: Re: [PATCH bpf-next v3 4/6] bpftool: Cover loader metadata with the program signature
Date: Thu, 02 Jul 2026 14:48:00 +0000 [thread overview]
Message-ID: <20260702144800.E96AC1F00A3D@smtp.kernel.org> (raw)
In-Reply-To: <20260702143605.252797-5-daniel@iogearbox.net>
Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
Pre-existing issues:
- [Medium] The return value of EVP_Digest() is ignored, meaning that if the digest computation fails, uninitialized stack memory is embedded as the excl_prog_hash in the generated C skeleton.
--
commit e281b7d5ac70a49b622a3d4044b8e6f8e9dd90d4
Author: Daniel Borkmann <daniel@iogearbox.net>
bpftool: Cover loader metadata with the program signature
This commit updates bpftool's program signing logic to include loader
metadata alongside instructions. The signed artifact now embeds both in
the generated skeleton, allowing offline signature validation.
Link: https://lore.kernel.org/lkml/ecf0521ed302db672672ebfbc670ecfba36a6e00.camel@HansenPartnership.com [0]
> diff --git a/tools/bpf/bpftool/sign.c b/tools/bpf/bpftool/sign.c
> index f9b742f4bb104..7cc991c69dc2c 100644
> --- a/tools/bpf/bpftool/sign.c
> +++ b/tools/bpf/bpftool/sign.c
[ ... ]
> @@ -178,7 +190,7 @@ int bpftool_prog_sign(struct bpf_load_and_run_opts *opts)
> EVP_Digest(opts->insns, opts->insns_sz, opts->excl_prog_hash,
> &opts->excl_prog_hash_sz, EVP_sha256(), NULL);
[Severity: Medium]
This is a pre-existing issue, but should we check the return value of
EVP_Digest() here?
If EVP_Digest() fails (for example, due to an OpenSSL internal error or
memory allocation failure), it returns 0 and leaves the hash uncomputed.
When called from gen_trace() in tools/bpf/bpftool/gen.c, this would result
in an uninitialized stack buffer (prog_sha) being written to the generated
C skeleton file as excl_prog_hash. This could leak build-time tool stack
memory into the generated code and cause the program signature validation
to fail when loaded.
>
> - bd_out = BIO_new(BIO_s_mem());
> + bd_out = BIO_new(BIO_s_mem());
> if (!bd_out) {
> err = -ENOMEM;
> goto cleanup;
[ ... ]
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260702143605.252797-1-daniel@iogearbox.net?part=4
next prev parent reply other threads:[~2026-07-02 14:48 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-02 14:35 [PATCH bpf-next v3 0/6] Verify BPF signed loader at load time Daniel Borkmann
2026-07-02 14:36 ` [PATCH bpf-next v3 1/6] bpf: Resolve and cache fd_array objects " Daniel Borkmann
2026-07-02 19:06 ` Anton Protopopov
2026-07-02 21:16 ` Daniel Borkmann
2026-07-02 14:36 ` [PATCH bpf-next v3 2/6] bpf: Verify signed loader metadata " Daniel Borkmann
2026-07-02 22:05 ` Paul Moore
2026-07-02 22:33 ` Alexei Starovoitov
2026-07-02 14:36 ` [PATCH bpf-next v3 3/6] libbpf: Drop in-loader metadata check for load-time verification Daniel Borkmann
2026-07-02 14:36 ` [PATCH bpf-next v3 4/6] bpftool: Cover loader metadata with the program signature Daniel Borkmann
2026-07-02 14:48 ` sashiko-bot [this message]
2026-07-02 15:54 ` Daniel Borkmann
2026-07-02 14:36 ` [PATCH bpf-next v3 5/6] selftests/bpf: Verify load-time signed loader metadata Daniel Borkmann
2026-07-02 14:48 ` sashiko-bot
2026-07-02 15:29 ` Daniel Borkmann
2026-07-02 15:17 ` bot+bpf-ci
2026-07-02 15:28 ` Daniel Borkmann
2026-07-02 14:36 ` [PATCH bpf-next v3 6/6] Documentation/bpf: Add BPF signing and enforcement doc Daniel Borkmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260702144800.E96AC1F00A3D@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox