BPF List
 help / color / mirror / Atom feed
From: sashiko-bot@kernel.org
To: "Daniel Borkmann" <daniel@iogearbox.net>
Cc: bpf@vger.kernel.org
Subject: Re: [PATCH bpf-next v6 3/8] libbpf: Drop in-loader metadata check for load-time verification
Date: Wed, 08 Jul 2026 08:15:30 +0000	[thread overview]
Message-ID: <20260708081531.37FDE1F000E9@smtp.kernel.org> (raw)
In-Reply-To: <20260708075343.358712-4-daniel@iogearbox.net>

Thank you for your contribution! Sashiko AI review found 2 potential issue(s) to consider:
- [High] bpftool does not include the map contents when generating the PKCS#7 signature, which causes the kernel to always reject signed loaders.
- [High] The `run_gen_loader` function in the selftest does not set `attr.fd_array_cnt`, causing the verifier to reject the loader program with `-EACCES`.
--

--- Patch [3]: [PATCH bpf-next v6 3/8] libbpf: Drop in-loader metadata check for load-time verification ---
commit 7b60178a5e722682c8474b704e91ce40e0fc21ed
Author: Daniel Borkmann <daniel@iogearbox.net>

libbpf: Drop in-loader metadata check for load-time verification

This patch removes the in-BPF verification logic from the signed loader,
relying on the kernel to verify the metadata at BPF_PROG_LOAD time. It
also sets fd_array_cnt in skel_internal.h for signed loads so the kernel
can scan fd_array for the exclusive metadata map.

> libbpf: Drop in-loader metadata check for load-time verification
> 
> The signed gen_loader used to police its own metadata map from within
> BPF: emit_signature_match() read the kernel-cached map->sha[] back
> through hardcoded struct bpf_map offsets and compared it against a hash
> that compute_sha_update_offsets() baked into the signed instructions,
> after a BPF_OBJ_GET_INFO_BY_FD round-trip to populate map->sha[].
> 
> The kernel now verifies the metadata at BPF_PROG_LOAD time by folding
> the frozen contents of the loader's exclusive fd_array maps into the
> signature, so the loader no longer checks anything itself. Generated

[Severity: High]
Since the kernel now concatenates the map contents to the signed payload
during signature verification in bpf_prog_verify_signature(), does
bpftool need a corresponding update?

Currently, bpftool_prog_sign() in tools/bpf/bpftool/sign.c only signs
the BPF instructions (opts->insns) without including the map contents
(opts->data). Won't this cause the kernel to consistently reject loaders
signed by bpftool with -EKEYREJECTED?

> loaders thus carry no verification logic of their own anymore: Nothing
> in the signing chain depends on emitted loader bytecode doing the right
> thing.

[ ... ]

> diff --git a/tools/lib/bpf/skel_internal.h b/tools/lib/bpf/skel_internal.h
> index 74503d358bc8a..53fee53d36d51 100644
> --- a/tools/lib/bpf/skel_internal.h
> +++ b/tools/lib/bpf/skel_internal.h

[ ... ]

> @@ -400,6 +371,8 @@ static inline int bpf_load_and_run(struct bpf_load_and_run_opts *opts)
>  #ifndef __KERNEL__
>  	attr.signature = (long) opts->signature;
>  	attr.signature_size = opts->signature_sz;
> +	if (opts->signature)
> +		attr.fd_array_cnt = 1;

[Severity: High]
Does run_gen_loader() in
tools/testing/selftests/bpf/prog_tests/signed_loader.c need a similar
update to set attr.fd_array_cnt = 1?

Without this, when run_gen_loader() loads the signed program,
fd_array_cnt remains 0. The verifier's fd_array_get_map_idx() will then
see env->signature is set but env->fd_array is missing, which causes
the load to abort with -EACCES and breaks the selftest.

>  #else
>  	if (opts->signature || opts->signature_sz)
>  		pr_warn("signatures are not supported from bpf_preload\n");

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/20260708075343.358712-1-daniel@iogearbox.net?part=3

  reply	other threads:[~2026-07-08  8:15 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-07-08  7:53 [PATCH bpf-next v6 0/8] Verify BPF signed loader at load time Daniel Borkmann
2026-07-08  7:53 ` [PATCH bpf-next v6 1/8] bpf: Resolve and cache fd_array objects " Daniel Borkmann
2026-07-08  7:53 ` [PATCH bpf-next v6 2/8] bpf: Verify signed loader metadata " Daniel Borkmann
2026-07-08  7:53 ` [PATCH bpf-next v6 3/8] libbpf: Drop in-loader metadata check for load-time verification Daniel Borkmann
2026-07-08  8:15   ` sashiko-bot [this message]
2026-07-08  8:20     ` Daniel Borkmann
2026-07-08  7:53 ` [PATCH bpf-next v6 4/8] bpftool: Check EVP_Digest when computing excl_prog_hash Daniel Borkmann
2026-07-08  8:55   ` Quentin Monnet
2026-07-08  7:53 ` [PATCH bpf-next v6 5/8] bpftool: Cover loader metadata with the program signature Daniel Borkmann
2026-07-08  8:55   ` Quentin Monnet
2026-07-08  7:53 ` [PATCH bpf-next v6 6/8] selftests/bpf: Adjust bpf_map layout in verifier_map_ptr Daniel Borkmann
2026-07-08  8:14   ` sashiko-bot
2026-07-08  8:16     ` Daniel Borkmann
2026-07-08  7:53 ` [PATCH bpf-next v6 7/8] selftests/bpf: Verify load-time signed loader metadata Daniel Borkmann
2026-07-08  8:07   ` sashiko-bot
2026-07-08  8:26     ` Daniel Borkmann
2026-07-08  7:53 ` [PATCH bpf-next v6 8/8] Documentation/bpf: Add BPF signing and enforcement doc Daniel Borkmann
2026-07-08 18:30 ` [PATCH bpf-next v6 0/8] Verify BPF signed loader at load time patchwork-bot+netdevbpf

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260708081531.37FDE1F000E9@smtp.kernel.org \
    --to=sashiko-bot@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=sashiko-reviews@lists.linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox