From: KP Singh <kpsingh@kernel.org>
To: bpf@vger.kernel.org, linux-security-module@vger.kernel.org
Cc: bboscaccy@linux.microsoft.com, paul@paul-moore.com,
kys@microsoft.com, ast@kernel.org, daniel@iogearbox.net,
andrii@kernel.org, KP Singh <kpsingh@kernel.org>
Subject: [PATCH 09/12] libbpf: Update light skeleton for signing
Date: Sat, 7 Jun 2025 01:29:11 +0200 [thread overview]
Message-ID: <20250606232914.317094-10-kpsingh@kernel.org> (raw)
In-Reply-To: <20250606232914.317094-1-kpsingh@kernel.org>
* The metadata map is created with as an exclusive map (with an
excl_prog_hash) This restricts map access exclusively to the signed
loader program, preventing tampering by other processes.
* The map is then frozen, making it read-only from userspace.
* BPF_OBJ_GET_INFO_BY_ID instructs the kernel to compute the hash of the
metadata map (H') and store it in bpf_map->sha.
* The loader is then loaded with the signature which is then verified by
the kernel.
The sekeleton currently uses the session keyring
(KEY_SPEC_SESSION_KEYRING) by default but this can
be overridden by the user of the skeleton.
Signed-off-by: KP Singh <kpsingh@kernel.org>
---
tools/lib/bpf/skel_internal.h | 57 +++++++++++++++++++++++++++++++++--
1 file changed, 54 insertions(+), 3 deletions(-)
diff --git a/tools/lib/bpf/skel_internal.h b/tools/lib/bpf/skel_internal.h
index 4d5fa079b5d6..25502925ff36 100644
--- a/tools/lib/bpf/skel_internal.h
+++ b/tools/lib/bpf/skel_internal.h
@@ -13,6 +13,7 @@
#include <unistd.h>
#include <sys/syscall.h>
#include <sys/mman.h>
+#include <linux/keyctl.h>
#include <stdlib.h>
#include "bpf.h"
#endif
@@ -64,6 +65,11 @@ struct bpf_load_and_run_opts {
__u32 data_sz;
__u32 insns_sz;
const char *errstr;
+ void *signature;
+ __u32 signature_sz;
+ __u32 keyring_id;
+ void * excl_prog_hash;
+ __u32 excl_prog_hash_sz;
};
long kern_sys_bpf(__u32 cmd, void *attr, __u32 attr_size);
@@ -218,16 +224,21 @@ static inline int skel_closenz(int fd)
static inline int skel_map_create(enum bpf_map_type map_type,
const char *map_name,
+ const void *excl_prog_hash,
+ __u32 excl_prog_hash_sz,
__u32 key_size,
__u32 value_size,
__u32 max_entries)
{
- const size_t attr_sz = offsetofend(union bpf_attr, map_extra);
+ const size_t attr_sz = offsetofend(union bpf_attr, excl_prog_hash);
union bpf_attr attr;
memset(&attr, 0, attr_sz);
attr.map_type = map_type;
+ attr.excl_prog_hash = (unsigned long) excl_prog_hash;
+ attr.excl_prog_hash_size = excl_prog_hash_sz;
+
strncpy(attr.map_name, map_name, sizeof(attr.map_name));
attr.key_size = key_size;
attr.value_size = value_size;
@@ -300,6 +311,26 @@ static inline int skel_link_create(int prog_fd, int target_fd,
return skel_sys_bpf(BPF_LINK_CREATE, &attr, attr_sz);
}
+static inline int skel_obj_get_info_by_fd(int fd)
+{
+ const size_t attr_sz = offsetofend(union bpf_attr, info);
+ union bpf_attr attr;
+
+ memset(&attr, 0, attr_sz);
+ attr.info.bpf_fd = fd;
+ return skel_sys_bpf(BPF_OBJ_GET_INFO_BY_FD, &attr, attr_sz);
+}
+
+static inline int skel_map_freeze(int fd)
+{
+ const size_t attr_sz = offsetofend(union bpf_attr, map_fd);
+ union bpf_attr attr;
+
+ memset(&attr, 0, attr_sz);
+ attr.map_fd = fd;
+
+ return skel_sys_bpf(BPF_MAP_FREEZE, &attr, attr_sz);
+}
#ifdef __KERNEL__
#define set_err
#else
@@ -308,12 +339,15 @@ static inline int skel_link_create(int prog_fd, int target_fd,
static inline int bpf_load_and_run(struct bpf_load_and_run_opts *opts)
{
- const size_t prog_load_attr_sz = offsetofend(union bpf_attr, fd_array);
+ const size_t prog_load_attr_sz = offsetofend(union bpf_attr, keyring_id);
const size_t test_run_attr_sz = offsetofend(union bpf_attr, test);
int map_fd = -1, prog_fd = -1, key = 0, err;
union bpf_attr attr;
- err = map_fd = skel_map_create(BPF_MAP_TYPE_ARRAY, "__loader.map", 4, opts->data_sz, 1);
+ err = map_fd = skel_map_create(BPF_MAP_TYPE_ARRAY, "__loader.map",
+ opts->excl_prog_hash,
+ opts->excl_prog_hash_sz, 4,
+ opts->data_sz, 1);
if (map_fd < 0) {
opts->errstr = "failed to create loader map";
set_err;
@@ -327,10 +361,27 @@ static inline int bpf_load_and_run(struct bpf_load_and_run_opts *opts)
goto out;
}
+ err = skel_map_freeze(map_fd);
+ if (err < 0) {
+ opts->errstr = "failed to freeze map";
+ set_err;
+ goto out;
+ }
+
+ err = skel_obj_get_info_by_fd(map_fd);
+ if (err < 0) {
+ opts->errstr = "failed to fetch obj info";
+ set_err;
+ goto out;
+ }
+
memset(&attr, 0, prog_load_attr_sz);
attr.prog_type = BPF_PROG_TYPE_SYSCALL;
attr.insns = (long) opts->insns;
attr.insn_cnt = opts->insns_sz / sizeof(struct bpf_insn);
+ attr.signature = (long) opts->signature;
+ attr.signature_size = opts->signature_sz;
+ attr.keyring_id = opts->keyring_id;
attr.license = (long) "Dual BSD/GPL";
memcpy(attr.prog_name, "__loader.prog", sizeof("__loader.prog"));
attr.fd_array = (long) &map_fd;
--
2.43.0
next prev parent reply other threads:[~2025-06-06 23:29 UTC|newest]
Thread overview: 79+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-06 23:29 [PATCH 00/12] Signed BPF programs KP Singh
2025-06-06 23:29 ` [PATCH 01/12] bpf: Implement an internal helper for SHA256 hashing KP Singh
2025-06-09 9:31 ` kernel test robot
2025-06-09 16:56 ` Alexei Starovoitov
2025-06-12 19:07 ` Eric Biggers
2025-06-16 23:40 ` KP Singh
2025-06-16 23:48 ` Eric Biggers
2025-06-17 0:04 ` KP Singh
2025-06-06 23:29 ` [PATCH 02/12] bpf: Update the bpf_prog_calc_tag to use SHA256 KP Singh
2025-06-09 17:46 ` Alexei Starovoitov
2025-06-06 23:29 ` [PATCH 03/12] bpf: Implement exclusive map creation KP Singh
2025-06-09 20:58 ` Alexei Starovoitov
2025-06-11 21:44 ` KP Singh
2025-06-11 22:55 ` Alexei Starovoitov
2025-06-11 23:05 ` KP Singh
2025-06-06 23:29 ` [PATCH 04/12] libbpf: Implement SHA256 internal helper KP Singh
2025-06-12 22:55 ` Andrii Nakryiko
2025-06-06 23:29 ` [PATCH 05/12] libbpf: Support exclusive map creation KP Singh
2025-06-07 9:16 ` kernel test robot
2025-06-12 22:55 ` Andrii Nakryiko
2025-06-12 23:41 ` KP Singh
2025-06-13 16:51 ` Andrii Nakryiko
2025-07-12 0:50 ` KP Singh
2025-07-12 0:53 ` KP Singh
2025-07-14 20:56 ` Andrii Nakryiko
2025-07-14 12:29 ` KP Singh
2025-07-14 12:55 ` KP Singh
2025-07-14 21:05 ` Andrii Nakryiko
2025-06-06 23:29 ` [PATCH 06/12] selftests/bpf: Add tests for exclusive maps KP Singh
2025-06-06 23:29 ` [PATCH 07/12] bpf: Return hashes of maps in BPF_OBJ_GET_INFO_BY_FD KP Singh
2025-06-07 9:26 ` kernel test robot
2025-06-08 13:11 ` kernel test robot
2025-06-09 21:30 ` Alexei Starovoitov
2025-06-11 14:27 ` KP Singh
2025-06-11 15:04 ` Alexei Starovoitov
2025-06-11 16:05 ` KP Singh
2025-06-06 23:29 ` [PATCH 08/12] bpf: Implement signature verification for BPF programs KP Singh
2025-06-09 21:39 ` Alexei Starovoitov
2025-06-10 16:37 ` Blaise Boscaccy
2025-06-06 23:29 ` KP Singh [this message]
2025-06-09 21:41 ` [PATCH 09/12] libbpf: Update light skeleton for signing Alexei Starovoitov
2025-06-06 23:29 ` [PATCH 10/12] libbpf: Embed and verify the metadata hash in the loader KP Singh
2025-06-10 0:08 ` Alexei Starovoitov
2025-06-10 16:51 ` Blaise Boscaccy
2025-06-10 17:43 ` KP Singh
2025-06-10 18:15 ` Blaise Boscaccy
2025-06-10 19:47 ` KP Singh
2025-06-10 21:24 ` James Bottomley
2025-06-10 22:31 ` Paul Moore
2025-06-10 22:35 ` KP Singh
2025-06-11 11:59 ` James Bottomley
2025-06-11 12:33 ` KP Singh
2025-06-11 13:12 ` James Bottomley
2025-06-11 13:24 ` KP Singh
2025-06-11 13:18 ` James Bottomley
2025-06-11 13:41 ` KP Singh
2025-06-11 14:43 ` James Bottomley
2025-06-11 14:45 ` KP Singh
2025-06-10 20:56 ` KP Singh
2025-06-12 22:56 ` Andrii Nakryiko
2025-06-06 23:29 ` [PATCH 11/12] bpftool: Add support for signing BPF programs KP Singh
2025-06-08 14:03 ` James Bottomley
2025-06-10 8:50 ` KP Singh
2025-06-10 15:56 ` James Bottomley
2025-06-10 16:41 ` KP Singh
2025-06-10 16:34 ` Blaise Boscaccy
2025-06-06 23:29 ` [PATCH 12/12] selftests/bpf: Enable signature verification for all lskel tests KP Singh
2025-06-10 0:45 ` Alexei Starovoitov
2025-06-10 16:39 ` Blaise Boscaccy
2025-06-10 16:42 ` KP Singh
2025-06-09 8:20 ` [PATCH 00/12] Signed BPF programs Toke Høiland-Jørgensen
2025-06-09 11:40 ` KP Singh
2025-06-10 9:45 ` Toke Høiland-Jørgensen
2025-06-10 11:18 ` KP Singh
2025-06-10 11:58 ` Toke Høiland-Jørgensen
2025-06-10 12:26 ` KP Singh
2025-06-10 14:25 ` Toke Høiland-Jørgensen
2025-07-08 15:15 ` Blaise Boscaccy
2025-07-10 14:49 ` KP Singh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250606232914.317094-10-kpsingh@kernel.org \
--to=kpsingh@kernel.org \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bboscaccy@linux.microsoft.com \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=kys@microsoft.com \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).