| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 26 Mar 2020 12:12:20 -0700
From: Andrii Nakryiko <andrii.nakryiko@...il.com>
To: KP Singh <kpsingh@...omium.org>
Cc: open list <linux-kernel@...r.kernel.org>,
bpf <bpf@...r.kernel.org>, linux-security-module@...r.kernel.org,
Brendan Jackman <jackmanb@...gle.com>,
Florent Revest <revest@...gle.com>,
Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
James Morris <jmorris@...ei.org>,
Kees Cook <keescook@...omium.org>,
Paul Turner <pjt@...gle.com>, Jann Horn <jannh@...gle.com>,
Florent Revest <revest@...omium.org>,
Brendan Jackman <jackmanb@...omium.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: Re: [PATCH bpf-next v7 4/8] bpf: lsm: Implement attach, detach and execution
On Thu, Mar 26, 2020 at 7:29 AM KP Singh <kpsingh@...omium.org> wrote:
>
> From: KP Singh <kpsingh@...gle.com>
>
> JITed BPF programs are dynamically attached to the LSM hooks
> using BPF trampolines. The trampoline prologue generates code to handle
> conversion of the signature of the hook to the appropriate BPF context.
>
> The allocated trampoline programs are attached to the nop functions
> initialized as LSM hooks.
>
> BPF_PROG_TYPE_LSM programs must have a GPL compatible license and
> and need CAP_SYS_ADMIN (required for loading eBPF programs).
>
> Upon attachment:
>
> * A BPF fexit trampoline is used for LSM hooks with a void return type.
> * A BPF fmod_ret trampoline is used for LSM hooks which return an
> int. The attached programs can override the return value of the
> bpf LSM hook to indicate a MAC Policy decision.
>
> Signed-off-by: KP Singh <kpsingh@...gle.com>
> Reviewed-by: Brendan Jackman <jackmanb@...gle.com>
> Reviewed-by: Florent Revest <revest@...gle.com>
> ---
Acked-by: Andrii Nakryiko <andriin@...com>
> include/linux/bpf_lsm.h | 11 ++++++++
> kernel/bpf/bpf_lsm.c | 28 ++++++++++++++++++++
> kernel/bpf/btf.c | 9 ++++++-
> kernel/bpf/syscall.c | 57 ++++++++++++++++++++++++++++-------------
> kernel/bpf/trampoline.c | 17 +++++++++---
> kernel/bpf/verifier.c | 19 +++++++++++---
> 6 files changed, 114 insertions(+), 27 deletions(-)
>
[...]
> @@ -2479,6 +2496,10 @@ static int bpf_raw_tracepoint_open(const union bpf_attr *attr)
> }
> buf[sizeof(buf) - 1] = 0;
> tp_name = buf;
> + break;
> + default:
> + err = -EINVAL;
> + goto out_put_prog;
> }
is indentation off here or it's my email client?
[...]
Powered by blists - more mailing lists