| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 24 Jan 2023 03:12:10 +0800
From: kernel test robot <lkp@...el.com>
To: David Vernet <void@...ifault.com>, bpf@...r.kernel.org
Cc: oe-kbuild-all@...ts.linux.dev, ast@...nel.org,
daniel@...earbox.net, andrii@...nel.org, martin.lau@...ux.dev,
song@...nel.org, yhs@...a.com, john.fastabend@...il.com,
kpsingh@...nel.org, sdf@...gle.com, haoluo@...gle.com,
jolsa@...nel.org, linux-kernel@...r.kernel.org,
kernel-team@...a.com, memxor@...il.com
Subject: Re: [PATCH bpf-next v2 3/3] bpf: Use BPF_KFUNC macro at all kfunc
definitions
Hi David,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on bpf-next/master]
url: https://github.com/intel-lab-lkp/linux/commits/David-Vernet/bpf-Add-BPF_KFUNC-macro-for-defining-kfuncs/20230124-011804
base: https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git master
patch link: https://lore.kernel.org/r/20230123171506.71995-4-void%40manifault.com
patch subject: [PATCH bpf-next v2 3/3] bpf: Use BPF_KFUNC macro at all kfunc definitions
config: powerpc-allyesconfig (https://download.01.org/0day-ci/archive/20230124/202301240259.xwHsyJl4-lkp@intel.com/config)
compiler: powerpc-linux-gcc (GCC) 12.1.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://github.com/intel-lab-lkp/linux/commit/760b15a8e5d45d6e9925d2439e0d052de969b361
git remote add linux-review https://github.com/intel-lab-lkp/linux
git fetch --no-tags linux-review David-Vernet/bpf-Add-BPF_KFUNC-macro-for-defining-kfuncs/20230124-011804
git checkout 760b15a8e5d45d6e9925d2439e0d052de969b361
# save the config file
mkdir build_dir && cp config build_dir/.config
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-12.1.0 make.cross W=1 O=build_dir ARCH=powerpc olddefconfig
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-12.1.0 make.cross W=1 O=build_dir ARCH=powerpc SHELL=/bin/bash kernel/
If you fix the issue, kindly add following tag where applicable
| Reported-by: kernel test robot <lkp@...el.com>
All warnings (new ones prefixed by >>):
>> kernel/trace/bpf_trace.c:1233: warning: expecting prototype for bpf_lookup_user_key(). Prototype was for BPF_KFUNC() instead
>> kernel/trace/bpf_trace.c:1282: warning: expecting prototype for bpf_lookup_system_key(). Prototype was for BPF_KFUNC() instead
>> kernel/trace/bpf_trace.c:1306: warning: expecting prototype for bpf_key_put(). Prototype was for BPF_KFUNC() instead
>> kernel/trace/bpf_trace.c:1328: warning: expecting prototype for bpf_verify_pkcs7_signature(). Prototype was for BPF_KFUNC() instead
vim +1233 kernel/trace/bpf_trace.c
f92c1e183604c2 Jiri Olsa 2021-12-08 1205
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1206 #ifdef CONFIG_KEYS
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1207 /**
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1208 * bpf_lookup_user_key - lookup a key by its serial
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1209 * @serial: key handle serial number
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1210 * @flags: lookup-specific flags
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1211 *
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1212 * Search a key with a given *serial* and the provided *flags*.
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1213 * If found, increment the reference count of the key by one, and
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1214 * return it in the bpf_key structure.
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1215 *
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1216 * The bpf_key structure must be passed to bpf_key_put() when done
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1217 * with it, so that the key reference count is decremented and the
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1218 * bpf_key structure is freed.
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1219 *
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1220 * Permission checks are deferred to the time the key is used by
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1221 * one of the available key-specific kfuncs.
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1222 *
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1223 * Set *flags* with KEY_LOOKUP_CREATE, to attempt creating a requested
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1224 * special keyring (e.g. session keyring), if it doesn't yet exist.
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1225 * Set *flags* with KEY_LOOKUP_PARTIAL, to lookup a key without waiting
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1226 * for the key construction, and to retrieve uninstantiated keys (keys
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1227 * without data attached to them).
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1228 *
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1229 * Return: a bpf_key pointer with a valid key pointer if the key is found, a
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1230 * NULL pointer otherwise.
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1231 */
760b15a8e5d45d David Vernet 2023-01-23 1232 BPF_KFUNC(struct bpf_key *bpf_lookup_user_key(u32 serial, u64 flags))
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 @1233 {
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1234 key_ref_t key_ref;
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1235 struct bpf_key *bkey;
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1236
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1237 if (flags & ~KEY_LOOKUP_ALL)
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1238 return NULL;
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1239
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1240 /*
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1241 * Permission check is deferred until the key is used, as the
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1242 * intent of the caller is unknown here.
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1243 */
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1244 key_ref = lookup_user_key(serial, flags, KEY_DEFER_PERM_CHECK);
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1245 if (IS_ERR(key_ref))
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1246 return NULL;
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1247
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1248 bkey = kmalloc(sizeof(*bkey), GFP_KERNEL);
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1249 if (!bkey) {
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1250 key_put(key_ref_to_ptr(key_ref));
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1251 return NULL;
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1252 }
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1253
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1254 bkey->key = key_ref_to_ptr(key_ref);
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1255 bkey->has_ref = true;
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1256
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1257 return bkey;
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1258 }
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1259
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1260 /**
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1261 * bpf_lookup_system_key - lookup a key by a system-defined ID
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1262 * @id: key ID
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1263 *
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1264 * Obtain a bpf_key structure with a key pointer set to the passed key ID.
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1265 * The key pointer is marked as invalid, to prevent bpf_key_put() from
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1266 * attempting to decrement the key reference count on that pointer. The key
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1267 * pointer set in such way is currently understood only by
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1268 * verify_pkcs7_signature().
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1269 *
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1270 * Set *id* to one of the values defined in include/linux/verification.h:
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1271 * 0 for the primary keyring (immutable keyring of system keys);
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1272 * VERIFY_USE_SECONDARY_KEYRING for both the primary and secondary keyring
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1273 * (where keys can be added only if they are vouched for by existing keys
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1274 * in those keyrings); VERIFY_USE_PLATFORM_KEYRING for the platform
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1275 * keyring (primarily used by the integrity subsystem to verify a kexec'ed
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1276 * kerned image and, possibly, the initramfs signature).
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1277 *
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1278 * Return: a bpf_key pointer with an invalid key pointer set from the
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1279 * pre-determined ID on success, a NULL pointer otherwise
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1280 */
760b15a8e5d45d David Vernet 2023-01-23 1281 BPF_KFUNC(struct bpf_key *bpf_lookup_system_key(u64 id))
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 @1282 {
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1283 struct bpf_key *bkey;
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1284
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1285 if (system_keyring_id_check(id) < 0)
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1286 return NULL;
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1287
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1288 bkey = kmalloc(sizeof(*bkey), GFP_ATOMIC);
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1289 if (!bkey)
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1290 return NULL;
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1291
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1292 bkey->key = (struct key *)(unsigned long)id;
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1293 bkey->has_ref = false;
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1294
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1295 return bkey;
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1296 }
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1297
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1298 /**
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1299 * bpf_key_put - decrement key reference count if key is valid and free bpf_key
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1300 * @bkey: bpf_key structure
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1301 *
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1302 * Decrement the reference count of the key inside *bkey*, if the pointer
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1303 * is valid, and free *bkey*.
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1304 */
760b15a8e5d45d David Vernet 2023-01-23 1305 BPF_KFUNC(void bpf_key_put(struct bpf_key *bkey))
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 @1306 {
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1307 if (bkey->has_ref)
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1308 key_put(bkey->key);
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1309
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1310 kfree(bkey);
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1311 }
f3cf4134c5c6c4 Roberto Sassu 2022-09-20 1312
865b0566d8f1a0 Roberto Sassu 2022-09-20 1313 #ifdef CONFIG_SYSTEM_DATA_VERIFICATION
865b0566d8f1a0 Roberto Sassu 2022-09-20 1314 /**
865b0566d8f1a0 Roberto Sassu 2022-09-20 1315 * bpf_verify_pkcs7_signature - verify a PKCS#7 signature
865b0566d8f1a0 Roberto Sassu 2022-09-20 1316 * @data_ptr: data to verify
865b0566d8f1a0 Roberto Sassu 2022-09-20 1317 * @sig_ptr: signature of the data
865b0566d8f1a0 Roberto Sassu 2022-09-20 1318 * @trusted_keyring: keyring with keys trusted for signature verification
865b0566d8f1a0 Roberto Sassu 2022-09-20 1319 *
865b0566d8f1a0 Roberto Sassu 2022-09-20 1320 * Verify the PKCS#7 signature *sig_ptr* against the supplied *data_ptr*
865b0566d8f1a0 Roberto Sassu 2022-09-20 1321 * with keys in a keyring referenced by *trusted_keyring*.
865b0566d8f1a0 Roberto Sassu 2022-09-20 1322 *
865b0566d8f1a0 Roberto Sassu 2022-09-20 1323 * Return: 0 on success, a negative value on error.
865b0566d8f1a0 Roberto Sassu 2022-09-20 1324 */
760b15a8e5d45d David Vernet 2023-01-23 1325 BPF_KFUNC(int bpf_verify_pkcs7_signature(struct bpf_dynptr_kern *data_ptr,
865b0566d8f1a0 Roberto Sassu 2022-09-20 1326 struct bpf_dynptr_kern *sig_ptr,
760b15a8e5d45d David Vernet 2023-01-23 1327 struct bpf_key *trusted_keyring))
865b0566d8f1a0 Roberto Sassu 2022-09-20 @1328 {
865b0566d8f1a0 Roberto Sassu 2022-09-20 1329 int ret;
865b0566d8f1a0 Roberto Sassu 2022-09-20 1330
865b0566d8f1a0 Roberto Sassu 2022-09-20 1331 if (trusted_keyring->has_ref) {
865b0566d8f1a0 Roberto Sassu 2022-09-20 1332 /*
865b0566d8f1a0 Roberto Sassu 2022-09-20 1333 * Do the permission check deferred in bpf_lookup_user_key().
865b0566d8f1a0 Roberto Sassu 2022-09-20 1334 * See bpf_lookup_user_key() for more details.
865b0566d8f1a0 Roberto Sassu 2022-09-20 1335 *
865b0566d8f1a0 Roberto Sassu 2022-09-20 1336 * A call to key_task_permission() here would be redundant, as
865b0566d8f1a0 Roberto Sassu 2022-09-20 1337 * it is already done by keyring_search() called by
865b0566d8f1a0 Roberto Sassu 2022-09-20 1338 * find_asymmetric_key().
865b0566d8f1a0 Roberto Sassu 2022-09-20 1339 */
865b0566d8f1a0 Roberto Sassu 2022-09-20 1340 ret = key_validate(trusted_keyring->key);
865b0566d8f1a0 Roberto Sassu 2022-09-20 1341 if (ret < 0)
865b0566d8f1a0 Roberto Sassu 2022-09-20 1342 return ret;
865b0566d8f1a0 Roberto Sassu 2022-09-20 1343 }
865b0566d8f1a0 Roberto Sassu 2022-09-20 1344
865b0566d8f1a0 Roberto Sassu 2022-09-20 1345 return verify_pkcs7_signature(data_ptr->data,
865b0566d8f1a0 Roberto Sassu 2022-09-20 1346 bpf_dynptr_get_size(data_ptr),
865b0566d8f1a0 Roberto Sassu 2022-09-20 1347 sig_ptr->data,
865b0566d8f1a0 Roberto Sassu 2022-09-20 1348 bpf_dynptr_get_size(sig_ptr),
865b0566d8f1a0 Roberto Sassu 2022-09-20 1349 trusted_keyring->key,
865b0566d8f1a0 Roberto Sassu 2022-09-20 1350 VERIFYING_UNSPECIFIED_SIGNATURE, NULL,
865b0566d8f1a0 Roberto Sassu 2022-09-20 1351 NULL);
865b0566d8f1a0 Roberto Sassu 2022-09-20 1352 }
865b0566d8f1a0 Roberto Sassu 2022-09-20 1353 #endif /* CONFIG_SYSTEM_DATA_VERIFICATION */
865b0566d8f1a0 Roberto Sassu 2022-09-20 1354
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests
Powered by blists - more mailing lists