| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 06 Sep 2022 10:00:30 +0200
From: Roberto Sassu <roberto.sassu@...weicloud.com>
To: Kumar Kartikeya Dwivedi <memxor@...il.com>
Cc: ast@...nel.org, daniel@...earbox.net, andrii@...nel.org,
martin.lau@...ux.dev, song@...nel.org, yhs@...com,
john.fastabend@...il.com, kpsingh@...nel.org, sdf@...gle.com,
haoluo@...gle.com, jolsa@...nel.org, mykolal@...com,
dhowells@...hat.com, jarkko@...nel.org, rostedt@...dmis.org,
mingo@...hat.com, paul@...l-moore.com, jmorris@...ei.org,
serge@...lyn.com, shuah@...nel.org, bpf@...r.kernel.org,
keyrings@...r.kernel.org, linux-security-module@...r.kernel.org,
linux-kselftest@...r.kernel.org, linux-kernel@...r.kernel.org,
deso@...teo.net, Roberto Sassu <roberto.sassu@...wei.com>
Subject: Re: [PATCH v16 06/12] bpf: Add bpf_lookup_*_key() and bpf_key_put()
kfuncs
On Tue, 2022-09-06 at 04:43 +0200, Kumar Kartikeya Dwivedi wrote:
> On Mon, 5 Sept 2022 at 16:35, Roberto Sassu
> <roberto.sassu@...weicloud.com> wrote:
> > From: Roberto Sassu <roberto.sassu@...wei.com>
> >
> > Add the bpf_lookup_user_key(), bpf_lookup_system_key() and
> > bpf_key_put()
> > kfuncs, to respectively search a key with a given key handle serial
> > number
> > and flags, obtain a key from a pre-determined ID defined in
> > include/linux/verification.h, and cleanup.
> >
> > Introduce system_keyring_id_check() to validate the keyring ID
> > parameter of
> > bpf_lookup_system_key().
> >
> > Signed-off-by: Roberto Sassu <roberto.sassu@...wei.com>
> > ---
>
> With a small nit below,
> Acked-by: Kumar Kartikeya Dwivedi <memxor@...il.com>
>
> > include/linux/bpf.h | 8 +++
> > include/linux/verification.h | 8 +++
> > kernel/trace/bpf_trace.c | 135
> > +++++++++++++++++++++++++++++++++++
> > 3 files changed, 151 insertions(+)
> >
> > diff --git a/include/linux/bpf.h b/include/linux/bpf.h
> > index 9dbd7c3f8929..f3db614aece6 100644
> > --- a/include/linux/bpf.h
> > +++ b/include/linux/bpf.h
> > @@ -2595,4 +2595,12 @@ static inline void bpf_cgroup_atype_get(u32
> > attach_btf_id, int cgroup_atype) {}
> > static inline void bpf_cgroup_atype_put(int cgroup_atype) {}
> > #endif /* CONFIG_BPF_LSM */
> >
> > +struct key;
> > +
> > +#ifdef CONFIG_KEYS
> > +struct bpf_key {
> > + struct key *key;
> > + bool has_ref;
> > +};
> > +#endif /* CONFIG_KEYS */
> > #endif /* _LINUX_BPF_H */
> > diff --git a/include/linux/verification.h
> > b/include/linux/verification.h
> > index a655923335ae..f34e50ebcf60 100644
> > --- a/include/linux/verification.h
> > +++ b/include/linux/verification.h
> > @@ -17,6 +17,14 @@
> > #define VERIFY_USE_SECONDARY_KEYRING ((struct key *)1UL)
> > #define VERIFY_USE_PLATFORM_KEYRING ((struct key *)2UL)
> >
> > +static inline int system_keyring_id_check(u64 id)
> > +{
> > + if (id > (unsigned long)VERIFY_USE_PLATFORM_KEYRING)
> > + return -EINVAL;
> > +
> > + return 0;
> > +}
> > +
> > /*
> > * The use to which an asymmetric key is being put.
> > */
> > diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
> > index 68e5cdd24cef..7a7023704ac2 100644
> > --- a/kernel/trace/bpf_trace.c
> > +++ b/kernel/trace/bpf_trace.c
> > @@ -20,6 +20,8 @@
> > #include <linux/fprobe.h>
> > #include <linux/bsearch.h>
> > #include <linux/sort.h>
> > +#include <linux/key.h>
> > +#include <linux/verification.h>
> >
> > #include <net/bpf_sk_storage.h>
> >
> > @@ -1181,6 +1183,139 @@ static const struct bpf_func_proto
> > bpf_get_func_arg_cnt_proto = {
> > .arg1_type = ARG_PTR_TO_CTX,
> > };
> >
> > +#ifdef CONFIG_KEYS
> > +__diag_push();
> > +__diag_ignore_all("-Wmissing-prototypes",
> > + "kfuncs which will be used in BPF programs");
> > +
> > +/**
> > + * bpf_lookup_user_key - lookup a key by its serial
> > + * @serial: key handle serial number
> > + * @flags: lookup-specific flags
> > + *
> > + * Search a key with a given *serial* and the provided *flags*.
> > + * If found, increment the reference count of the key by one, and
> > + * return it in the bpf_key structure.
> > + *
> > + * The bpf_key structure must be passed to bpf_key_put() when done
> > + * with it, so that the key reference count is decremented and the
> > + * bpf_key structure is freed.
> > + *
> > + * Permission checks are deferred to the time the key is used by
> > + * one of the available key-specific kfuncs.
> > + *
> > + * Set *flags* with KEY_LOOKUP_CREATE, to attempt creating a
> > requested
> > + * special keyring (e.g. session keyring), if it doesn't yet
> > exist.
> > + * Set *flags* with KEY_LOOKUP_PARTIAL, to lookup a key without
> > waiting
> > + * for the key construction, and to retrieve uninstantiated keys
> > (keys
> > + * without data attached to them).
> > + *
> > + * Return: a bpf_key pointer with a valid key pointer if the key
> > is found, a
> > + * NULL pointer otherwise.
> > + */
> > +struct bpf_key *bpf_lookup_user_key(u32 serial, u64 flags)
> > +{
> > + key_ref_t key_ref;
> > + struct bpf_key *bkey;
> > +
> > + if (flags & ~KEY_LOOKUP_ALL)
> > + return NULL;
> > +
> > + /*
> > + * Permission check is deferred until the key is used, as
> > the
> > + * intent of the caller is unknown here.
> > + */
> > + key_ref = lookup_user_key(serial, flags,
> > KEY_DEFER_PERM_CHECK);
> > + if (IS_ERR(key_ref))
> > + return NULL;
> > +
> > + bkey = kmalloc(sizeof(*bkey), GFP_ATOMIC);
>
> Since this function (due to lookup_user_key) is sleepable, do we
> really need GFP_ATOMIC here?
Daniel suggested it for bpf_lookup_system_key(), so that the kfunc does
not have to be sleepable. For symmetry, I did the same to
bpf_lookup_user_key(). Will switch back to GFP_KERNEL.
Thanks
Roberto
Powered by blists - more mailing lists