From: Blaise Boscaccy <bboscaccy@linux.microsoft.com>
To: Song Liu <song@kernel.org>
Cc: "Jonathan Corbet" <corbet@lwn.net>,
"Paul Moore" <paul@paul-moore.com>,
"James Morris" <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
"Mickaël Salaün" <mic@digikod.net>,
"Günther Noack" <gnoack@google.com>,
"Dr. David Alan Gilbert" <linux@treblig.org>,
"Andrew Morton" <akpm@linux-foundation.org>,
James.Bottomley@hansenpartnership.com, dhowells@redhat.com,
"Fan Wu" <wufan@kernel.org>,
"Ryan Foster" <foster.ryan.r@gmail.com>,
"Randy Dunlap" <rdunlap@infradead.org>,
linux-security-module@vger.kernel.org, linux-doc@vger.kernel.org,
linux-kernel@vger.kernel.org, bpf@vger.kernel.org
Subject: Re: [PATCH v3 4/9] lsm: framework for BPF integrity verification
Date: Fri, 27 Mar 2026 10:54:16 -0700 [thread overview]
Message-ID: <871ph5f99z.fsf@microsoft.com> (raw)
In-Reply-To: <CAPhsuW6P-K=nTPxBk0_Wd0E1wDCBqb=uUQzmzpEg2NJub=L+dg@mail.gmail.com>
Song Liu <song@kernel.org> writes:
> On Wed, Mar 25, 2026 at 11:07 PM Blaise Boscaccy
> <bboscaccy@linux.microsoft.com> wrote:
> [...]
>> The first new callback, bpf_prog_load_integrity(), located within the
>> security_bpf_prog_load() hook, is necessary to ensure that the integrity
>> verification callbacks are executed before any of the existing LSMs
>> are executed via the bpf_prog_load() callback. Reusing the existing
>> bpf_prog_load() callback for integrity verification could result in LSMs
>> not having access to the integrity verification results when asked to
>> authorize the BPF program load in the bpf_prog_load() callback.
>>
>> The new LSM hook, security_bpf_prog_load_post_integrity(), is intended
>> to be called from within LSMs performing BPF program integrity
>> verification. It is used to report the verdict of the integrity
>> verification to other LSMs enforcing access control policy on BPF
>> program loads. LSMs enforcing such access controls should register a
>> bpf_prog_load_post_integrity() callback to receive integrity verdicts.
>
> bpf_prog_load_post_integrity() is weird. Some questions about it:
>
> 1. Is it possible to call it from other LSMs (not hornet)? Specifically, is it
> possible to call it from BPF LSM?
There is nothing hornet exclusive about that security hook. If the BPF
LSM folks wanted to use it they would probably need to implement a
kfunc to invoke it.
> 2. This set does not include any LSMs that attach functions to
> bpf_prog_load_post_integrity. This is against the new LSM hook policy.
> I guess the plan is to add LSM users in follow up patches? Could you
> please include at least some of such code in this patchset? This will
> help folks understand the use case.
>
Sure thing. I will be sending out a v4 with additional patches that has
a concrete user of bpf_prog_load_post_integrity.
> Thanks,
> Song
>
> [...]
next prev parent reply other threads:[~2026-03-27 17:54 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-26 6:06 [PATCH v3 0/9] Reintrodce Hornet LSM Blaise Boscaccy
2026-03-26 6:06 ` [PATCH v3 1/9] crypto: pkcs7: add flag for validated trust on a signed info block Blaise Boscaccy
2026-03-26 6:06 ` [PATCH v3 2/9] crypto: pkcs7: add ability to extract signed attributes by OID Blaise Boscaccy
2026-03-26 6:06 ` [PATCH v3 3/9] crypto: pkcs7: add tests for pkcs7_get_authattr Blaise Boscaccy
2026-03-26 6:06 ` [PATCH v3 4/9] lsm: framework for BPF integrity verification Blaise Boscaccy
2026-03-27 16:46 ` Song Liu
2026-03-27 17:54 ` Blaise Boscaccy [this message]
2026-03-27 18:24 ` Song Liu
2026-03-26 6:06 ` [PATCH v3 5/9] lsm: security: Add additional enum values for bpf integrity checks Blaise Boscaccy
2026-03-26 6:06 ` [PATCH v3 6/9] security: Hornet LSM Blaise Boscaccy
2026-03-28 2:55 ` kernel test robot
2026-03-26 6:06 ` [PATCH v3 7/9] hornet: Introduce gen_sig Blaise Boscaccy
2026-03-26 6:06 ` [PATCH v3 8/9] hornet: Add a light skeleton data extractor scripts Blaise Boscaccy
2026-03-26 6:06 ` [PATCH v3 9/9] selftests/hornet: Add a selftest for the Hornet LSM Blaise Boscaccy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=871ph5f99z.fsf@microsoft.com \
--to=bboscaccy@linux.microsoft.com \
--cc=James.Bottomley@hansenpartnership.com \
--cc=akpm@linux-foundation.org \
--cc=bpf@vger.kernel.org \
--cc=corbet@lwn.net \
--cc=dhowells@redhat.com \
--cc=foster.ryan.r@gmail.com \
--cc=gnoack@google.com \
--cc=jmorris@namei.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linux@treblig.org \
--cc=mic@digikod.net \
--cc=paul@paul-moore.com \
--cc=rdunlap@infradead.org \
--cc=serge@hallyn.com \
--cc=song@kernel.org \
--cc=wufan@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox