From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: KP Singh <kpsingh@kernel.org>,
bpf@vger.kernel.org, linux-security-module@vger.kernel.org
Cc: bboscaccy@linux.microsoft.com, paul@paul-moore.com,
kys@microsoft.com, ast@kernel.org, daniel@iogearbox.net,
andrii@kernel.org
Subject: Re: [PATCH v2 08/13] bpf: Implement signature verification for BPF programs
Date: Wed, 23 Jul 2025 13:11:13 -0400 [thread overview]
Message-ID: <c6ed224b9fb5db2cfac2620c75a49fa22cbaf617.camel@HansenPartnership.com> (raw)
In-Reply-To: <20250721211958.1881379-9-kpsingh@kernel.org>
On Mon, 2025-07-21 at 23:19 +0200, KP Singh wrote:
[...]
> diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
> index fd3b895ebebf..b42c3740e053 100644
> --- a/include/uapi/linux/bpf.h
> +++ b/include/uapi/linux/bpf.h
> @@ -1607,6 +1607,16 @@ union bpf_attr {
> * continuous.
> */
> __u32 fd_array_cnt;
> + /* Pointer to a buffer containing the signature of
> the BPF
> + * program.
> + */
> + __aligned_u64 signature;
> + /* Size of the signature buffer in bytes. */
> + __u32 signature_size;
> + /* ID of the kernel keyring to be used for signature
> + * verification.
> + */
> + __u32 keyring_id;
This should become __s32 to match the value passed in to
bpf_lookup_user_key().
[...]
> diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
> index 22fda92ab7ce..111f91a99166 100644
> --- a/kernel/bpf/syscall.c
> +++ b/kernel/bpf/syscall.c
> @@ -2779,8 +2779,41 @@ static bool is_perfmon_prog_type(enum
> bpf_prog_type prog_type)
> }
> }
>
> +static noinline int bpf_prog_verify_signature(struct bpf_prog *prog,
> + union bpf_attr *attr,
> + bool is_kernel)
> +{
> + bpfptr_t usig = make_bpfptr(attr->signature, is_kernel);
> + struct bpf_dynptr_kern sig_ptr, insns_ptr;
> + struct bpf_key *key = NULL;
> + void *sig;
> + int err = 0;
> +
> + key = bpf_lookup_user_key(attr->keyring_id, 0);
> + if (!key)
> + return -ENOKEY;
This still only checks against user keyrings and not system trusted
keyrings as was pointed out in v1. Since user keyrings are negative
and user key serials begin at 3 or more, there's no overlap with the
system keyring specifiers and you can just overload attr->keyring_id,
like the below.
Regards,
James
---
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index 111f91a99166..10fd3ea5d91f 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -13,6 +13,7 @@
#include <linux/slab.h>
#include <linux/sched/signal.h>
#include <linux/vmalloc.h>
+#include <linux/verification.h>
#include <linux/mmzone.h>
#include <linux/anon_inodes.h>
#include <linux/fdtable.h>
@@ -2789,7 +2790,10 @@ static noinline int bpf_prog_verify_signature(struct bpf_prog *prog,
void *sig;
int err = 0;
- key = bpf_lookup_user_key(attr->keyring_id, 0);
+ if (system_keyring_id_check(attr->keyring_id) == 0)
+ key = bpf_lookup_system_key(attr->keyring_id);
+ else
+ key = bpf_lookup_user_key(attr->keyring_id, 0);
if (!key)
return -ENOKEY;
next prev parent reply other threads:[~2025-07-23 17:11 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-21 21:19 [PATCH v2 00/13] Signed BPF programs KP Singh
2025-07-21 21:19 ` [PATCH v2 01/13] bpf: Update the bpf_prog_calc_tag to use SHA256 KP Singh
2025-07-21 21:19 ` [PATCH v2 02/13] bpf: Implement exclusive map creation KP Singh
2025-07-29 22:59 ` Fan Wu
2025-08-11 22:48 ` KP Singh
2025-07-21 21:19 ` [PATCH v2 03/13] libbpf: Implement SHA256 internal helper KP Singh
2025-07-21 21:19 ` [PATCH v2 04/13] libbpf: Support exclusive map creation KP Singh
2025-07-29 2:25 ` Alexei Starovoitov
2025-08-11 22:18 ` KP Singh
2025-07-21 21:19 ` [PATCH v2 05/13] selftests/bpf: Add tests for exclusive maps KP Singh
2025-07-21 21:19 ` [PATCH v2 06/13] bpf: Return hashes of maps in BPF_OBJ_GET_INFO_BY_FD KP Singh
2025-07-21 21:19 ` [PATCH v2 07/13] bpf: Move the signature kfuncs to helpers.c KP Singh
2025-07-23 16:47 ` James Bottomley
2025-07-21 21:19 ` [PATCH v2 08/13] bpf: Implement signature verification for BPF programs KP Singh
2025-07-23 17:11 ` James Bottomley [this message]
2025-07-24 17:22 ` KP Singh
2025-07-31 15:57 ` Dan Carpenter
2025-08-11 22:22 ` KP Singh
2025-08-05 18:28 ` Blaise Boscaccy
2025-08-13 2:20 ` Paul Moore
2025-07-21 21:19 ` [PATCH v2 09/13] libbpf: Update light skeleton for signing KP Singh
2025-07-21 21:19 ` [PATCH v2 10/13] libbpf: Embed and verify the metadata hash in the loader KP Singh
2025-07-21 21:19 ` [PATCH v2 11/13] bpftool: Add support for signing BPF programs KP Singh
2025-07-22 15:51 ` Quentin Monnet
2025-07-24 17:07 ` KP Singh
2025-08-11 14:23 ` KP Singh
2025-08-11 14:39 ` Quentin Monnet
2025-07-21 21:19 ` [PATCH v2 12/13] selftests/bpf: Enable signature verification for all lskel tests KP Singh
2025-07-29 2:27 ` Alexei Starovoitov
2025-08-11 22:20 ` KP Singh
2025-07-21 21:19 ` [PATCH v2 13/13] selftests/bpf: Add test for signed programs KP Singh
2025-07-29 2:30 ` Alexei Starovoitov
2025-08-11 14:24 ` KP Singh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c6ed224b9fb5db2cfac2620c75a49fa22cbaf617.camel@HansenPartnership.com \
--to=james.bottomley@hansenpartnership.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bboscaccy@linux.microsoft.com \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=kpsingh@kernel.org \
--cc=kys@microsoft.com \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).