From: Blaise Boscaccy <bboscaccy@linux.microsoft.com>
To: Paul Moore <paul@paul-moore.com>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
John Fastabend <john.fastabend@gmail.com>,
Andrii Nakryiko <andrii@kernel.org>,
Martin KaFai Lau <martin.lau@linux.dev>,
Eduard Zingerman <eddyz87@gmail.com>, Song Liu <song@kernel.org>,
Yonghong Song <yonghong.song@linux.dev>,
KP Singh <kpsingh@kernel.org>,
Stanislav Fomichev <sdf@fomichev.me>, Hao Luo <haoluo@google.com>,
Jiri Olsa <jolsa@kernel.org>,
Stephen Smalley <stephen.smalley.work@gmail.com>,
Ondrej Mosnacek <omosnace@redhat.com>,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, bpf@vger.kernel.org,
selinux@vger.kernel.org, bboscaccy@linux.microsoft.com
Subject: [PATCH v4 bpf-next 0/2] security: Propagate caller information in bpf hooks
Date: Tue, 4 Mar 2025 12:30:48 -0800 [thread overview]
Message-ID: <20250304203123.3935371-1-bboscaccy@linux.microsoft.com> (raw)
Hello,
While trying to implement an eBPF gatekeeper program, we ran into an
issue whereas the LSM hooks are missing some relevant data.
Certain subcommands passed to the bpf() syscall can be invoked from
either the kernel or userspace. Additionally, some fields in the
bpf_attr struct contain pointers, and depending on where the
subcommand was invoked, they could point to either user or kernel
memory. One example of this is the bpf_prog_load subcommand and its
fd_array. This data is made available and used by the verifier but not
made available to the LSM subsystem. This patchset simply exposes that
information to applicable LSM hooks.
Change list:
- v3 -> v4
- split out selftest changes into a separate patch
- v2 -> v3
- reorder params so that the new boolean flag is the last param
- fixup function signatures in bpf selftests
- v1 -> v2
- Pass a boolean flag in lieu of bpfptr_t
Revisions:
- v3
https://lore.kernel.org/bpf/20250303222416.3909228-1-bboscaccy@linux.microsoft.com/
- v2
https://lore.kernel.org/bpf/20250228165322.3121535-1-bboscaccy@linux.microsoft.com/
- v1
https://lore.kernel.org/bpf/20250226003055.1654837-1-bboscaccy@linux.microsoft.com/
Blaise Boscaccy (2):
security: Propagate caller information in bpf hooks
selftests/bpf: Add is_kernel parameter to LSM/bpf test programs
include/linux/lsm_hook_defs.h | 6 +++---
include/linux/security.h | 12 ++++++------
kernel/bpf/syscall.c | 10 +++++-----
security/security.c | 15 +++++++++------
security/selinux/hooks.c | 6 +++---
tools/testing/selftests/bpf/progs/rcu_read_lock.c | 3 ++-
.../selftests/bpf/progs/test_cgroup1_hierarchy.c | 4 ++--
.../selftests/bpf/progs/test_kfunc_dynptr_param.c | 6 +++---
.../testing/selftests/bpf/progs/test_lookup_key.c | 2 +-
.../selftests/bpf/progs/test_ptr_untrusted.c | 2 +-
.../selftests/bpf/progs/test_task_under_cgroup.c | 2 +-
.../selftests/bpf/progs/test_verify_pkcs7_sig.c | 2 +-
12 files changed, 37 insertions(+), 33 deletions(-)
--
2.48.1
next reply other threads:[~2025-03-04 20:31 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-04 20:30 Blaise Boscaccy [this message]
2025-03-04 20:30 ` [PATCH v4 bpf-next 1/2] security: Propagate caller information in bpf hooks Blaise Boscaccy
2025-03-05 0:46 ` Paul Moore
2025-03-04 20:30 ` [PATCH v4 bpf-next 2/2] selftests/bpf: Add is_kernel parameter to LSM/bpf test programs Blaise Boscaccy
2025-03-04 23:19 ` Song Liu
2025-03-05 0:36 ` Blaise Boscaccy
2025-03-05 3:27 ` Song Liu
2025-03-05 0:40 ` Paul Moore
2025-03-05 1:25 ` Blaise Boscaccy
2025-03-05 2:14 ` Paul Moore
2025-03-05 3:32 ` Song Liu
2025-03-05 16:12 ` Paul Moore
2025-03-05 17:08 ` Alexei Starovoitov
2025-03-05 17:20 ` Song Liu
2025-03-05 20:12 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250304203123.3935371-1-bboscaccy@linux.microsoft.com \
--to=bboscaccy@linux.microsoft.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=eddyz87@gmail.com \
--cc=haoluo@google.com \
--cc=jmorris@namei.org \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kpsingh@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=martin.lau@linux.dev \
--cc=omosnace@redhat.com \
--cc=paul@paul-moore.com \
--cc=sdf@fomichev.me \
--cc=selinux@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=song@kernel.org \
--cc=stephen.smalley.work@gmail.com \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).