| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 26 May 2020 18:33:32 +0200
From: KP Singh <kpsingh@...omium.org>
To: linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
bpf@...r.kernel.org, linux-security-module@...r.kernel.org
Cc: Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
James Morris <jmorris@...ei.org>,
Alexander Viro <viro@...iv.linux.org.uk>,
Martin KaFai Lau <kafai@...com>,
Florent Revest <revest@...omium.org>
Subject: [PATCH bpf-next 0/4] Generalizing bpf_local_storage
From: KP Singh <kpsingh@...gle.com>
bpf_sk_storage can already be used by some BPF program types to annotate
socket objects. These annotations are managed with the life-cycle of the
object (i.e. freed when the object is freed) which makes BPF programs
much simpler and less prone to errors and leaks.
This patch series:
* Generalizes the bpf_sk_storage infrastructure to allow easy
implementation of local storage for other objects
* Implements local storage for inodes
* Makes both bpf_{sk, inode}_storage available to LSM programs.
Local storage is safe to use in LSM programs as the attachment sites are
limited and the owning object won't be freed, however, this is not the
case for tracing. Usage in tracing is expected to follow a white-list
based approach similar to the d_path helper
(https://lore.kernel.org/bpf/20200506132946.2164578-1-jolsa@kernel.org).
Access to local storage would allow LSM programs to implement stateful
detections like detecting the unlink of a running executable from the
examples shared as a part of the KRSI series
https://lore.kernel.org/bpf/20200329004356.27286-1-kpsingh@chromium.org/
and
https://github.com/sinkap/linux-krsi/blob/patch/v1/examples/samples/bpf/lsm_detect_exec_unlink.c
*** BLURB HERE ***
KP Singh (4):
bpf: Generalize bpf_sk_storage
bpf: Implement bpf_local_storage for inodes
bpf: Allow local storage to be used from LSM programs
bpf: Add selftests for local_storage
fs/inode.c | 3 +
.../bpf_local_storage.h} | 14 +-
include/linux/bpf_types.h | 1 +
include/linux/fs.h | 5 +
include/net/sock.h | 4 +-
include/uapi/linux/bpf.h | 54 +-
kernel/bpf/Makefile | 4 +
kernel/bpf/bpf_local_storage.c | 1595 +++++++++++++++++
kernel/bpf/bpf_lsm.c | 20 +-
kernel/bpf/cgroup.c | 2 +-
kernel/bpf/syscall.c | 3 +-
kernel/bpf/verifier.c | 10 +
net/bpf/test_run.c | 2 +-
net/core/Makefile | 1 -
net/core/bpf_sk_storage.c | 1183 ------------
net/core/filter.c | 2 +-
net/core/sock.c | 2 +-
net/ipv4/bpf_tcp_ca.c | 2 +-
net/ipv4/inet_diag.c | 2 +-
tools/bpf/bpftool/map.c | 1 +
tools/include/uapi/linux/bpf.h | 54 +-
tools/lib/bpf/libbpf_probes.c | 5 +-
.../bpf/prog_tests/test_local_storage.c | 60 +
.../selftests/bpf/progs/local_storage.c | 139 ++
24 files changed, 1959 insertions(+), 1209 deletions(-)
rename include/{net/bpf_sk_storage.h => linux/bpf_local_storage.h} (72%)
create mode 100644 kernel/bpf/bpf_local_storage.c
delete mode 100644 net/core/bpf_sk_storage.c
create mode 100644 tools/testing/selftests/bpf/prog_tests/test_local_storage.c
create mode 100644 tools/testing/selftests/bpf/progs/local_storage.c
--
2.27.0.rc0.183.gde8f92d652-goog
Powered by blists - more mailing lists