Linux Kernel Selftest development
 help / color / mirror / Atom feed
From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: Alexei Starovoitov <alexei.starovoitov@gmail.com>,
	Blaise Boscaccy <bboscaccy@linux.microsoft.com>
Cc: "Jonathan Corbet" <corbet@lwn.net>,
	"David Howells" <dhowells@redhat.com>,
	"Herbert Xu" <herbert@gondor.apana.org.au>,
	"David S. Miller" <davem@davemloft.net>,
	"Paul Moore" <paul@paul-moore.com>,
	"James Morris" <jmorris@namei.org>,
	"Serge E. Hallyn" <serge@hallyn.com>,
	"Masahiro Yamada" <masahiroy@kernel.org>,
	"Nathan Chancellor" <nathan@kernel.org>,
	"Nicolas Schier" <nicolas@fjasle.eu>,
	"Shuah Khan" <shuah@kernel.org>,
	"Mickaël Salaün" <mic@digikod.net>,
	"Günther Noack" <gnoack@google.com>,
	"Nick Desaulniers" <nick.desaulniers+lkml@gmail.com>,
	"Bill Wendling" <morbo@google.com>,
	"Justin Stitt" <justinstitt@google.com>,
	"Jarkko Sakkinen" <jarkko@kernel.org>,
	"Jan Stancek" <jstancek@redhat.com>,
	"Neal Gompa" <neal@gompa.dev>,
	"open list:DOCUMENTATION" <linux-doc@vger.kernel.org>,
	LKML <linux-kernel@vger.kernel.org>,
	keyrings@vger.kernel.org,
	"Linux Crypto Mailing List" <linux-crypto@vger.kernel.org>,
	"LSM List" <linux-security-module@vger.kernel.org>,
	"Linux Kbuild mailing list" <linux-kbuild@vger.kernel.org>,
	"open list:KERNEL SELFTEST FRAMEWORK"
	<linux-kselftest@vger.kernel.org>, bpf <bpf@vger.kernel.org>,
	clang-built-linux <llvm@lists.linux.dev>,
	nkapron@google.com, "Matteo Croce" <teknoraver@meta.com>,
	"Roberto Sassu" <roberto.sassu@huawei.com>,
	"Cong Wang" <xiyou.wangcong@gmail.com>
Subject: Re: [PATCH v2 security-next 1/4] security: Hornet LSM
Date: Wed, 23 Apr 2025 10:12:07 -0400	[thread overview]
Message-ID: <2bd95ca78e836db0775da8237792e8448b8eec62.camel@HansenPartnership.com> (raw)
In-Reply-To: <CAADnVQKF+B_YYwOCFsPBbrTBGKe4b22WVJFb8C0PHGmRAjbusQ@mail.gmail.com>

On Mon, 2025-04-21 at 13:12 -0700, Alexei Starovoitov wrote:
[...]
> Calling bpf_map_get() and
> map->ops->map_lookup_elem() from a module is not ok either.

I don't understand this objection.  The program just got passed in to
bpf_prog_load() as a set of attributes which, for a light skeleton,
directly contain the code as a blob and have the various BTF
relocations as a blob in a single element array map.  I think everyone
agrees that the integrity of the program would be compromised by
modifications to the relocations, so the security_bpf_prog_load() hook
can't make an integrity determination without examining both.  If the
hook can't use the bpf_maps.. APIs directly is there some other API it
should be using to get the relocations, or are you saying that the
security_bpf_prog_load() hook isn't fit for purpose and it should be
called after the bpf core has loaded the relocations so they can be
provided to the hook as an argument?

The above, by the way, is independent of signing, because it applies to
any determination that might be made in the security_bpf_prog_load()
hook regardless of purpose.

Regards,

James


  parent reply	other threads:[~2025-04-23 14:12 UTC|newest]

Thread overview: 38+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-04-04 21:54 [PATCH v2 security-next 0/4] Introducing Hornet LSM Blaise Boscaccy
2025-04-04 21:54 ` [PATCH v2 security-next 1/4] security: " Blaise Boscaccy
2025-04-06  4:27   ` kernel test robot
2025-04-06 20:42   ` kernel test robot
2025-04-11 19:09   ` Tyler Hicks
2025-04-14 20:11     ` Blaise Boscaccy
2025-04-11 23:16   ` [PATCH v2 " Paul Moore
2025-04-14 20:46     ` Blaise Boscaccy
2025-04-15  1:37       ` Paul Moore
2025-04-12  0:09   ` [PATCH v2 security-next " Alexei Starovoitov
2025-04-12  0:29     ` Matteo Croce
2025-04-12  0:57       ` Alexei Starovoitov
2025-04-12 14:11         ` Blaise Boscaccy
2025-04-12 13:57     ` Blaise Boscaccy
2025-04-14 16:08       ` Paul Moore
2025-04-14 20:56       ` Alexei Starovoitov
2025-04-15  0:32         ` Blaise Boscaccy
2025-04-15  1:38           ` Alexei Starovoitov
2025-04-15 15:45             ` Blaise Boscaccy
2025-04-15 19:08               ` Blaise Boscaccy
2025-04-19 16:21                 ` Paul Moore
2025-04-15 21:48               ` Alexei Starovoitov
2025-04-16 17:31                 ` Blaise Boscaccy
2025-04-21 20:12                   ` Alexei Starovoitov
2025-04-21 22:03                     ` Paul Moore
2025-04-21 23:48                       ` Alexei Starovoitov
2025-04-22  2:38                         ` Paul Moore
2025-04-23 14:12                     ` James Bottomley [this message]
2025-04-23 15:10                       ` Paul Moore
2025-04-24 23:41                       ` Alexei Starovoitov
2025-04-25 14:06                         ` James Bottomley
2025-04-25 21:44                           ` Blaise Boscaccy
2025-04-19 18:43   ` James Bottomley
2025-04-21 18:52     ` Paul Moore
2025-04-21 19:03       ` James Bottomley
2025-04-04 21:54 ` [PATCH v2 security-next 2/4] hornet: Introduce sign-ebpf Blaise Boscaccy
2025-04-04 21:54 ` [PATCH v2 security-next 3/4] hornet: Add a light skeleton data extractor script Blaise Boscaccy
2025-04-04 21:54 ` [PATCH v2 security-next 4/4] selftests/hornet: Add a selftest for the Hornet LSM Blaise Boscaccy

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2bd95ca78e836db0775da8237792e8448b8eec62.camel@HansenPartnership.com \
    --to=james.bottomley@hansenpartnership.com \
    --cc=alexei.starovoitov@gmail.com \
    --cc=bboscaccy@linux.microsoft.com \
    --cc=bpf@vger.kernel.org \
    --cc=corbet@lwn.net \
    --cc=davem@davemloft.net \
    --cc=dhowells@redhat.com \
    --cc=gnoack@google.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=jarkko@kernel.org \
    --cc=jmorris@namei.org \
    --cc=jstancek@redhat.com \
    --cc=justinstitt@google.com \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-doc@vger.kernel.org \
    --cc=linux-kbuild@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-kselftest@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=llvm@lists.linux.dev \
    --cc=masahiroy@kernel.org \
    --cc=mic@digikod.net \
    --cc=morbo@google.com \
    --cc=nathan@kernel.org \
    --cc=neal@gompa.dev \
    --cc=nick.desaulniers+lkml@gmail.com \
    --cc=nicolas@fjasle.eu \
    --cc=nkapron@google.com \
    --cc=paul@paul-moore.com \
    --cc=roberto.sassu@huawei.com \
    --cc=serge@hallyn.com \
    --cc=shuah@kernel.org \
    --cc=teknoraver@meta.com \
    --cc=xiyou.wangcong@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox