linux-security-module.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Matteo Croce <technoboy85@gmail.com>
To: Alexei Starovoitov <alexei.starovoitov@gmail.com>
Cc: "Blaise Boscaccy" <bboscaccy@linux.microsoft.com>,
	"Jonathan Corbet" <corbet@lwn.net>,
	"David Howells" <dhowells@redhat.com>,
	"Herbert Xu" <herbert@gondor.apana.org.au>,
	"David S. Miller" <davem@davemloft.net>,
	"Paul Moore" <paul@paul-moore.com>,
	"James Morris" <jmorris@namei.org>,
	"Serge E. Hallyn" <serge@hallyn.com>,
	"Masahiro Yamada" <masahiroy@kernel.org>,
	"Nathan Chancellor" <nathan@kernel.org>,
	"Nicolas Schier" <nicolas@fjasle.eu>,
	"Shuah Khan" <shuah@kernel.org>,
	"Mickaël Salaün" <mic@digikod.net>,
	"Günther Noack" <gnoack@google.com>,
	"Nick Desaulniers" <nick.desaulniers+lkml@gmail.com>,
	"Bill Wendling" <morbo@google.com>,
	"Justin Stitt" <justinstitt@google.com>,
	"Jarkko Sakkinen" <jarkko@kernel.org>,
	"Jan Stancek" <jstancek@redhat.com>,
	"Neal Gompa" <neal@gompa.dev>,
	"open list:DOCUMENTATION" <linux-doc@vger.kernel.org>,
	LKML <linux-kernel@vger.kernel.org>,
	keyrings@vger.kernel.org,
	"Linux Crypto Mailing List" <linux-crypto@vger.kernel.org>,
	"LSM List" <linux-security-module@vger.kernel.org>,
	"Linux Kbuild mailing list" <linux-kbuild@vger.kernel.org>,
	"open list:KERNEL SELFTEST FRAMEWORK"
	<linux-kselftest@vger.kernel.org>, bpf <bpf@vger.kernel.org>,
	clang-built-linux <llvm@lists.linux.dev>,
	nkapron@google.com, "Matteo Croce" <teknoraver@meta.com>,
	"Roberto Sassu" <roberto.sassu@huawei.com>,
	"Cong Wang" <xiyou.wangcong@gmail.com>
Subject: Re: [PATCH v2 security-next 1/4] security: Hornet LSM
Date: Sat, 12 Apr 2025 02:29:47 +0200	[thread overview]
Message-ID: <CAFnufp1erGboUtRaqLoKC48c+9jmqzEfFW8W46xt77JMC0PFpQ@mail.gmail.com> (raw)
In-Reply-To: <CAADnVQJyNRZVLPj_nzegCyo+BzM1-whbnajotCXu+GW+5-=P6w@mail.gmail.com>

Il giorno sab 12 apr 2025 alle ore 02:19 Alexei Starovoitov
<alexei.starovoitov@gmail.com> ha scritto:

Similar to what I proposed here?

https://lore.kernel.org/bpf/20211203191844.69709-2-mcroce@linux.microsoft.com/

> The verification of module signatures is a job of the module loading process.
> The same thing should be done by the bpf system.
> The signature needs to be passed into sys_bpf syscall
> as a part of BPF_PROG_LOAD command.

 static int bpf_prog_load(union bpf_attr *attr, bpfptr_t uattr)
 {
@@ -2302,6 +2306,43 @@ static int bpf_prog_load(union bpf_attr *attr,
bpfptr_t uattr)

> It probably should be two new fields in union bpf_attr
> (signature and length),

@@ -1346,6 +1346,8 @@ union bpf_attr {
  __aligned_u64 fd_array; /* array of FDs */
  __aligned_u64 core_relos;
  __u32 core_relo_rec_size; /* sizeof(struct bpf_core_relo) */
+ __aligned_u64 signature; /* instruction's signature */
+ __u32 sig_len; /* signature size */

> and the whole thing should be processed as part of the loading
> with human readable error reported back through the verifier log
> in case of signature mismatch, etc.

+ if (err) {
+ pr_warn("Invalid BPF signature for '%s': %pe\n",
+ prog->aux->name, ERR_PTR(err));
+ goto free_prog_sec;
+ }

It's been four years since my submission and the discussion was
lengthy, what was the problem with the proposed signature in bpf_attr?

Regards,
-- 
Matteo Croce

perl -e 'for($t=0;;$t++){print chr($t*($t>>8|$t>>13)&255)}' |aplay

  reply	other threads:[~2025-04-12  0:30 UTC|newest]

Thread overview: 38+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-04-04 21:54 [PATCH v2 security-next 0/4] Introducing Hornet LSM Blaise Boscaccy
2025-04-04 21:54 ` [PATCH v2 security-next 1/4] security: " Blaise Boscaccy
2025-04-06  4:27   ` kernel test robot
2025-04-06 20:42   ` kernel test robot
2025-04-11 19:09   ` Tyler Hicks
2025-04-14 20:11     ` Blaise Boscaccy
2025-04-11 23:16   ` [PATCH v2 " Paul Moore
2025-04-14 20:46     ` Blaise Boscaccy
2025-04-15  1:37       ` Paul Moore
2025-04-12  0:09   ` [PATCH v2 security-next " Alexei Starovoitov
2025-04-12  0:29     ` Matteo Croce [this message]
2025-04-12  0:57       ` Alexei Starovoitov
2025-04-12 14:11         ` Blaise Boscaccy
2025-04-12 13:57     ` Blaise Boscaccy
2025-04-14 16:08       ` Paul Moore
2025-04-14 20:56       ` Alexei Starovoitov
2025-04-15  0:32         ` Blaise Boscaccy
2025-04-15  1:38           ` Alexei Starovoitov
2025-04-15 15:45             ` Blaise Boscaccy
2025-04-15 19:08               ` Blaise Boscaccy
2025-04-19 16:21                 ` Paul Moore
2025-04-15 21:48               ` Alexei Starovoitov
2025-04-16 17:31                 ` Blaise Boscaccy
2025-04-21 20:12                   ` Alexei Starovoitov
2025-04-21 22:03                     ` Paul Moore
2025-04-21 23:48                       ` Alexei Starovoitov
2025-04-22  2:38                         ` Paul Moore
2025-04-23 14:12                     ` James Bottomley
2025-04-23 15:10                       ` Paul Moore
2025-04-24 23:41                       ` Alexei Starovoitov
2025-04-25 14:06                         ` James Bottomley
2025-04-25 21:44                           ` Blaise Boscaccy
2025-04-19 18:43   ` James Bottomley
2025-04-21 18:52     ` Paul Moore
2025-04-21 19:03       ` James Bottomley
2025-04-04 21:54 ` [PATCH v2 security-next 2/4] hornet: Introduce sign-ebpf Blaise Boscaccy
2025-04-04 21:54 ` [PATCH v2 security-next 3/4] hornet: Add a light skeleton data extractor script Blaise Boscaccy
2025-04-04 21:54 ` [PATCH v2 security-next 4/4] selftests/hornet: Add a selftest for the Hornet LSM Blaise Boscaccy

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAFnufp1erGboUtRaqLoKC48c+9jmqzEfFW8W46xt77JMC0PFpQ@mail.gmail.com \
    --to=technoboy85@gmail.com \
    --cc=alexei.starovoitov@gmail.com \
    --cc=bboscaccy@linux.microsoft.com \
    --cc=bpf@vger.kernel.org \
    --cc=corbet@lwn.net \
    --cc=davem@davemloft.net \
    --cc=dhowells@redhat.com \
    --cc=gnoack@google.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=jarkko@kernel.org \
    --cc=jmorris@namei.org \
    --cc=jstancek@redhat.com \
    --cc=justinstitt@google.com \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-doc@vger.kernel.org \
    --cc=linux-kbuild@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-kselftest@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=llvm@lists.linux.dev \
    --cc=masahiroy@kernel.org \
    --cc=mic@digikod.net \
    --cc=morbo@google.com \
    --cc=nathan@kernel.org \
    --cc=neal@gompa.dev \
    --cc=nick.desaulniers+lkml@gmail.com \
    --cc=nicolas@fjasle.eu \
    --cc=nkapron@google.com \
    --cc=paul@paul-moore.com \
    --cc=roberto.sassu@huawei.com \
    --cc=serge@hallyn.com \
    --cc=shuah@kernel.org \
    --cc=teknoraver@meta.com \
    --cc=xiyou.wangcong@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).