BPF List
 help / color / mirror / Atom feed
From: sashiko-bot@kernel.org
To: "Daniel Borkmann" <daniel@iogearbox.net>
Cc: bpf@vger.kernel.org
Subject: Re: [PATCH bpf-next v4 3/9] bpf: Verify signed loader metadata at load time
Date: Mon, 06 Jul 2026 14:26:50 +0000	[thread overview]
Message-ID: <20260706142651.4E3431F00A3A@smtp.kernel.org> (raw)
In-Reply-To: <20260706135644.326006-4-daniel@iogearbox.net>

Thank you for your contribution! Sashiko AI review found 2 potential issue(s) to consider:

New issues:
- [High] Moving `security_bpf_prog_load` into `bpf_check` causes the `bpf_prog_free` LSM hook to be executed twice if the load hook fails, or executed without a prior allocation/load hook if `bpf_check` fails early.

Pre-existing issues:
- [High] bpf_prog_calc_tag() fails to mask out kernel addresses for BPF_PSEUDO_MAP_IDX and BPF_PSEUDO_MAP_IDX_VALUE instructions, leaking kernel heap addresses into the subprogram tag.
--

commit cfb17a8179c5038b966ac26cfe3e81c8fa9ab54e
Author: Daniel Borkmann <daniel@iogearbox.net>

bpf: Verify signed loader metadata at load time

This commit modifies the BPF loader to verify PKCS#7 signatures over
the loader instructions and its metadata maps. It also moves the
security_bpf_prog_load() admission hook into bpf_check(), running it
after the signature is verified but before full verification.

Link: https://lore.kernel.org/bpf/2f71d6c03698eb17d51f7247efde777627ee578a.camel@HansenPartnership.com [0]
Link: https://lore.kernel.org/lkml/ecf0521ed302db672672ebfbc670ecfba36a6e00.camel@HansenPartnership.com [1]
Link: https://lore.kernel.org/bpf/88703f00d5b7a779728451008626efa45e42db3d.camel@HansenPartnership.com [2]
Link: https://lore.kernel.org/bpf/DJOFY21DYUI4.19WKQ3NPZ4H5R@gmail.com [3]

> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> index e227c76a8dd96..65f53128fc33d 100644
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c

[ ... ]

> @@ -19909,11 +20068,27 @@ int bpf_check(struct bpf_prog **prog, union bpf_attr *attr, bpfptr_t uattr,
>  	ret = bpf_vlog_init(&env->log, attr_log->level, attr_log->ubuf, attr_log->size);
>  	if (ret)
>  		goto err_free_env;
> +	if (env->signature) {
> +		ret = bpf_prog_calc_tag(env->prog);

[Severity: High]
This is a pre-existing issue, but does bpf_prog_calc_tag() fail to mask out
kernel addresses for BPF_PSEUDO_MAP_IDX and BPF_PSEUDO_MAP_IDX_VALUE
instructions?

Looking at bpf_prog_calc_tag() in kernel/bpf/core.c, it only masks the
immediate fields for BPF_PSEUDO_MAP_FD and BPF_PSEUDO_MAP_VALUE:

kernel/bpf/core.c:bpf_prog_calc_tag() {
    ...
    if (!was_ld_map &&
        dst[i].code == (BPF_LD | BPF_IMM | BPF_DW) &&
        (dst[i].src_reg == BPF_PSEUDO_MAP_FD ||
         dst[i].src_reg == BPF_PSEUDO_MAP_VALUE)) {
        was_ld_map = true;
        dst[i].imm = 0;
    ...
}

During check_and_resolve_insns() in kernel/bpf/verifier.c, the actual kernel
address is written into the imm fields for these instructions. Could this
cause the unmasked kernel heap addresses of BPF maps to be incorporated
into the SHA256 tag of BPF subprograms, allowing a local attacker to
recover the pointer and bypass KASLR?

> +		if (ret < 0)
> +			goto err_prep;
> +	}
>  
>  	ret = process_fd_array(env, attr, uattr);
>  	if (ret)
>  		goto err_prep;
>  
> +	if (env->signature) {
> +		ret = bpf_prog_verify_signature(env, attr, uattr.is_kernel);
> +		if (ret)
> +			goto err_prep;
> +	}
> +
> +	ret = security_bpf_prog_load(env->prog, attr, env->prog->aux->token,
> +				     uattr.is_kernel);
> +	if (ret)
> +		goto err_prep;

[Severity: High]
If this hook fails, does it result in security_bpf_prog_free() being called
twice, or executed on an uninitialized state?

When bpf_check() is called from bpf_prog_load() in kernel/bpf/syscall.c, a
failure routes to the free_used_maps label, which unconditionally calls
__bpf_prog_put_noref() and subsequently security_bpf_prog_free() via
__bpf_prog_put_rcu():

kernel/bpf/syscall.c:bpf_prog_load() {
    ...
    err = bpf_check(&prog, attr, uattr, attr_log);
    if (err < 0)
        goto free_used_maps;
    ...
free_used_maps:
    __bpf_prog_put_noref(prog, prog->aux->real_func_cnt);
    return err;
}

Since the security_bpf_prog_load hook frees the LSM state internally on
failure, the resulting error return causes the caller to free it a second
time. Alternatively, if bpf_check() fails early (like in process_fd_array),
this is bypassed entirely, causing a free without the load hook ever
running.

Can this corrupt external reference counts or state maps for BPF LSM
programs attached to this hook?

> +
>  	bpf_get_btf_vmlinux();
>  
>  	/* grab the mutex to protect few globals used by verifier */

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/20260706135644.326006-1-daniel@iogearbox.net?part=3

  reply	other threads:[~2026-07-06 14:26 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-07-06 13:56 [PATCH bpf-next v4 0/9] Verify BPF signed loader at load time Daniel Borkmann
2026-07-06 13:56 ` [PATCH bpf-next v4 1/9] bpf: Resolve and cache fd_array objects " Daniel Borkmann
2026-07-06 15:42   ` Anton Protopopov
2026-07-06 13:56 ` [PATCH bpf-next v4 2/9] bpf: Move bigger allocations below fd_array resolution Daniel Borkmann
2026-07-06 14:21   ` sashiko-bot
2026-07-06 13:56 ` [PATCH bpf-next v4 3/9] bpf: Verify signed loader metadata at load time Daniel Borkmann
2026-07-06 14:26   ` sashiko-bot [this message]
2026-07-06 14:48     ` Daniel Borkmann
2026-07-06 15:09   ` bot+bpf-ci
2026-07-06 17:16   ` Paul Moore
2026-07-06 13:56 ` [PATCH bpf-next v4 4/9] libbpf: Drop in-loader metadata check for load-time verification Daniel Borkmann
2026-07-06 14:50   ` bot+bpf-ci
2026-07-06 13:56 ` [PATCH bpf-next v4 5/9] bpftool: Check EVP_Digest when computing excl_prog_hash Daniel Borkmann
2026-07-06 13:56 ` [PATCH bpf-next v4 6/9] bpftool: Cover loader metadata with the program signature Daniel Borkmann
2026-07-06 13:56 ` [PATCH bpf-next v4 7/9] selftests/bpf: Adjust bpf_map layout in verifier_map_ptr Daniel Borkmann
2026-07-06 14:27   ` sashiko-bot
2026-07-06 14:30     ` Daniel Borkmann
2026-07-06 13:56 ` [PATCH bpf-next v4 8/9] selftests/bpf: Verify load-time signed loader metadata Daniel Borkmann
2026-07-06 13:56 ` [PATCH bpf-next v4 9/9] Documentation/bpf: Add BPF signing and enforcement doc Daniel Borkmann
2026-07-06 17:13 ` [PATCH bpf-next v4 0/9] Verify BPF signed loader at load time Paul Moore
2026-07-06 17:47   ` Daniel Borkmann
2026-07-06 19:20     ` Paul Moore

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260706142651.4E3431F00A3A@smtp.kernel.org \
    --to=sashiko-bot@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=sashiko-reviews@lists.linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox