lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20200526163336.63653-1-kpsingh@chromium.org>
Date:   Tue, 26 May 2020 18:33:32 +0200
From:   KP Singh <kpsingh@...omium.org>
To:     linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
        bpf@...r.kernel.org, linux-security-module@...r.kernel.org
Cc:     Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        James Morris <jmorris@...ei.org>,
        Alexander Viro <viro@...iv.linux.org.uk>,
        Martin KaFai Lau <kafai@...com>,
        Florent Revest <revest@...omium.org>
Subject: [PATCH bpf-next 0/4] Generalizing bpf_local_storage

From: KP Singh <kpsingh@...gle.com>

bpf_sk_storage can already be used by some BPF program types to annotate
socket objects. These annotations are managed with the life-cycle of the
object (i.e. freed when the object is freed) which makes BPF programs
much simpler and less prone to errors and leaks.

This patch series:

* Generalizes the bpf_sk_storage infrastructure to allow easy
  implementation of local storage for other objects
* Implements local storage for inodes
* Makes both bpf_{sk, inode}_storage available to LSM programs.

Local storage is safe to use in LSM programs as the attachment sites are
limited and the owning object won't be freed, however, this is not the
case for tracing. Usage in tracing is expected to follow a white-list
based approach similar to the d_path helper
(https://lore.kernel.org/bpf/20200506132946.2164578-1-jolsa@kernel.org).

Access to local storage would allow LSM programs to implement stateful
detections like detecting the unlink of a running executable from the
examples shared as a part of the KRSI series
https://lore.kernel.org/bpf/20200329004356.27286-1-kpsingh@chromium.org/
and
https://github.com/sinkap/linux-krsi/blob/patch/v1/examples/samples/bpf/lsm_detect_exec_unlink.c


*** BLURB HERE ***

KP Singh (4):
  bpf: Generalize bpf_sk_storage
  bpf: Implement bpf_local_storage for inodes
  bpf: Allow local storage to be used from LSM programs
  bpf: Add selftests for local_storage

 fs/inode.c                                    |    3 +
 .../bpf_local_storage.h}                      |   14 +-
 include/linux/bpf_types.h                     |    1 +
 include/linux/fs.h                            |    5 +
 include/net/sock.h                            |    4 +-
 include/uapi/linux/bpf.h                      |   54 +-
 kernel/bpf/Makefile                           |    4 +
 kernel/bpf/bpf_local_storage.c                | 1595 +++++++++++++++++
 kernel/bpf/bpf_lsm.c                          |   20 +-
 kernel/bpf/cgroup.c                           |    2 +-
 kernel/bpf/syscall.c                          |    3 +-
 kernel/bpf/verifier.c                         |   10 +
 net/bpf/test_run.c                            |    2 +-
 net/core/Makefile                             |    1 -
 net/core/bpf_sk_storage.c                     | 1183 ------------
 net/core/filter.c                             |    2 +-
 net/core/sock.c                               |    2 +-
 net/ipv4/bpf_tcp_ca.c                         |    2 +-
 net/ipv4/inet_diag.c                          |    2 +-
 tools/bpf/bpftool/map.c                       |    1 +
 tools/include/uapi/linux/bpf.h                |   54 +-
 tools/lib/bpf/libbpf_probes.c                 |    5 +-
 .../bpf/prog_tests/test_local_storage.c       |   60 +
 .../selftests/bpf/progs/local_storage.c       |  139 ++
 24 files changed, 1959 insertions(+), 1209 deletions(-)
 rename include/{net/bpf_sk_storage.h => linux/bpf_local_storage.h} (72%)
 create mode 100644 kernel/bpf/bpf_local_storage.c
 delete mode 100644 net/core/bpf_sk_storage.c
 create mode 100644 tools/testing/selftests/bpf/prog_tests/test_local_storage.c
 create mode 100644 tools/testing/selftests/bpf/progs/local_storage.c

-- 
2.27.0.rc0.183.gde8f92d652-goog

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ