From: Blaise Boscaccy <bboscaccy@linux.microsoft.com>
To: Fan Wu <wufan@kernel.org>
Cc: "Jonathan Corbet" <corbet@lwn.net>,
"Paul Moore" <paul@paul-moore.com>,
"James Morris" <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
"Mickaël Salaün" <mic@digikod.net>,
"Günther Noack" <gnoack@google.com>,
"Dr. David Alan Gilbert" <linux@treblig.org>,
"Andrew Morton" <akpm@linux-foundation.org>,
James.Bottomley@hansenpartnership.com, dhowells@redhat.com,
linux-security-module@vger.kernel.org, linux-doc@vger.kernel.org,
linux-kernel@vger.kernel.org, bpf@vger.kernel.org
Subject: Re: [RFC 08/11] security: Hornet LSM
Date: Tue, 16 Dec 2025 13:01:35 -0800 [thread overview]
Message-ID: <87345ai1jk.fsf@microsoft.com> (raw)
In-Reply-To: <CAKtyLkHNA_fyyK2WZrpA6o1nOzY6dOt+pfhFjDR-1H9UJOceAw@mail.gmail.com>
Fan Wu <wufan@kernel.org> writes:
> On Wed, Dec 10, 2025 at 6:18 PM Blaise Boscaccy
> <bboscaccy@linux.microsoft.com> wrote:
>>
>> This adds the Hornet Linux Security Module which provides enhanced
>> signature verification and data validation for eBPF programs. This
>> allows users to continue to maintain an invariant that all code
>> running inside of the kernel has actually been signed and verified, by
>> the kernel.
>>
>> This effort builds upon the currently excepted upstream solution. It
>> further hardens it by providing deterministic, in-kernel checking of
>> map hashes to solidify auditing along with preventing TOCTOU attacks
>> against lskel map hashes.
>>
>> Target map hashes are passed in via PKCS#7 signed attributes. Hornet
>> determines the extent which the eBFP program is signed and defers to
>> other LSMs for policy decisions.
>>
>> Signed-off-by: Blaise Boscaccy <bboscaccy@linux.microsoft.com>
>> ---
> ...
>> +
>> +int hornet_next_map(void *context, size_t hdrlen,
>> + unsigned char tag,
>> + const void *value, size_t vlen)
>> +{
>> + struct hornet_parse_context *ctx = (struct hornet_parse_context *)value;
>
> I think you wanted to cast context instead?
>
>> +
>> + ctx->hash_count++;
>> + return 0;
>> +}
>> +
>> +
>> +int hornet_map_index(void *context, size_t hdrlen,
>> + unsigned char tag,
>> + const void *value, size_t vlen)
>> +{
>> + struct hornet_parse_context *ctx = (struct hornet_parse_context *)value;
>
> Same above.
>
>> +
>> + ctx->hashes[ctx->hash_count] = *(int *)value;
>> + return 0;
>> +}
>> +
>> +int hornet_map_hash(void *context, size_t hdrlen,
>> + unsigned char tag,
>> + const void *value, size_t vlen)
>> +
>> +{
>> + struct hornet_parse_context *ctx = (struct hornet_parse_context *)value;
>
> Same above.
>
> -Fan
>
Thanks Fan. Will get that fixed up.
-blaise
>> +
>> + if (vlen != SHA256_DIGEST_SIZE && vlen != 0)
>> + return -EINVAL;
>> +
>> + if (vlen != 0) {
>> + ctx->skips[ctx->hash_count] = false;
>> + memcpy(&ctx->hashes[ctx->hash_count * SHA256_DIGEST_SIZE], value, vlen);
>> + } else
>> + ctx->skips[ctx->hash_count] = true;
>> +
>> + return 0;
>> +}
>> +
next prev parent reply other threads:[~2025-12-16 21:01 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-11 2:11 [RFC 00/11] Reintroduce Hornet LSM Blaise Boscaccy
2025-12-11 2:11 ` [RFC 01/11] lsm: framework for BPF integrity verification Blaise Boscaccy
2025-12-11 2:11 ` [RFC 02/11] oid_registry: allow arbitrary size OIDs Blaise Boscaccy
2025-12-11 2:11 ` [RFC 03/11] certs: break out pkcs7 check into its own function Blaise Boscaccy
2025-12-11 2:11 ` [RFC 04/11] crypto: pkcs7: add flag for validated trust on a signed info block Blaise Boscaccy
2025-12-11 2:12 ` [RFC 05/11] crypto: pkcs7: allow pkcs7_digest() to be called from pkcs7_trust Blaise Boscaccy
2025-12-11 2:12 ` [RFC 06/11] crypto: pkcs7: add ability to extract signed attributes by OID Blaise Boscaccy
2025-12-11 16:44 ` Randy Dunlap
2025-12-11 2:12 ` [RFC 07/11] crypto: pkcs7: add tests for pkcs7_get_authattr Blaise Boscaccy
2025-12-11 2:12 ` [RFC 08/11] security: Hornet LSM Blaise Boscaccy
2025-12-11 20:07 ` Randy Dunlap
2025-12-16 21:02 ` Blaise Boscaccy
2025-12-12 21:00 ` Fan Wu
2025-12-16 21:01 ` Blaise Boscaccy [this message]
2025-12-16 21:00 ` [PATCH RFC 8/11] " Paul Moore
2025-12-11 2:12 ` [RFC 09/11] hornet: Introduce gen_sig Blaise Boscaccy
2025-12-11 2:12 ` [RFC 10/11] hornet: Add a light skeleton data extractor scripts Blaise Boscaccy
2025-12-11 2:12 ` [RFC 11/11] selftests/hornet: Add a selftest for the Hornet LSM Blaise Boscaccy
2025-12-12 9:45 ` [RFC 04/11] crypto: pkcs7: add flag for validated trust on a signed info block David Howells
2025-12-13 5:50 ` James Bottomley
2025-12-15 17:45 ` [RFC 00/11] Reintroduce Hornet LSM Ryan Foster
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87345ai1jk.fsf@microsoft.com \
--to=bboscaccy@linux.microsoft.com \
--cc=James.Bottomley@hansenpartnership.com \
--cc=akpm@linux-foundation.org \
--cc=bpf@vger.kernel.org \
--cc=corbet@lwn.net \
--cc=dhowells@redhat.com \
--cc=gnoack@google.com \
--cc=jmorris@namei.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linux@treblig.org \
--cc=mic@digikod.net \
--cc=paul@paul-moore.com \
--cc=serge@hallyn.com \
--cc=wufan@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).