| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 26 Jun 2024 15:46:21 +0200
From: Benjamin Tissoires <bentiss@...nel.org>
To: Jiri Kosina <jikos@...nel.org>, Alexei Starovoitov <ast@...nel.org>,
Shuah Khan <shuah@...nel.org>, Jonathan Corbet <corbet@....net>
Cc: linux-input@...r.kernel.org, linux-kernel@...r.kernel.org,
bpf@...r.kernel.org, linux-kselftest@...r.kernel.org,
linux-doc@...r.kernel.org, Benjamin Tissoires <bentiss@...nel.org>,
Dan Carpenter <dan.carpenter@...aro.org>
Subject: [PATCH HID v2 00/13] HID: bpf_struct_ops, part 2
This series is a followup of the struct_ops conversion.
Therefore, it is based on top of the for-6.11/bpf branch of the hid.git
tree:
https://git.kernel.org/pub/scm/linux/kernel/git/hid/hid.git/log/?h=for-6.11/bpf
The first patch should go in ASAP, it's a fix that was detected by Dan
and which is actually breaking some use cases.
The rest is adding new capabilities to HID-BPF: being able to intercept
hid_hw_raw_request() and hid_hw_ouptut_report(). Both operations are
write operations to the device.
Having those new hooks allows to implement the "firewall" of HID
devices: this way a bpf program can selectively authorize an hidraw
client to write or not to the device depending on what is requested.
This also allows to completely emulate new behavior: we can now create a
"fake" feature on a HID device, and when we receive a request on this
feature, we can emulate the answer by either statically answering or
even by communicating with the device from bpf, as those new hooks are
sleepable.
Last, there is one change in the kfunc hid_bpf_input_report, in which it
actually waits for the device to be ready. This will not break any
potential users as the function was already declared as sleepable.
Cheers,
Benjamin
Signed-off-by: Benjamin Tissoires <bentiss@...nel.org>
---
Changes in v2:
- made use of srcu, for sleepable users
- Link to v1: https://lore.kernel.org/r/20240621-hid_hw_req_bpf-v1-0-d7ab8b885a0b@kernel.org
---
Benjamin Tissoires (13):
HID: bpf: fix dispatch_hid_bpf_device_event uninitialized ret value
HID: add source argument to HID low level functions
HID: bpf: protect HID-BPF prog_list access by a SRCU
HID: bpf: add HID-BPF hooks for hid_hw_raw_requests
HID: bpf: prevent infinite recursions with hid_hw_raw_requests hooks
selftests/hid: add tests for hid_hw_raw_request HID-BPF hooks
HID: bpf: add HID-BPF hooks for hid_hw_output_report
selftests/hid: add tests for hid_hw_output_report HID-BPF hooks
HID: bpf: make hid_bpf_input_report() sleep until the device is ready
selftests/hid: add wq test for hid_bpf_input_report()
HID: bpf: allow hid_device_event hooks to inject input reports on self
selftests/hid: add another test for injecting an event from an event hook
selftests/hid: add an infinite loop test for hid_bpf_try_input_report
Documentation/hid/hid-bpf.rst | 2 +-
drivers/hid/bpf/hid_bpf_dispatch.c | 165 ++++++++++-
drivers/hid/bpf/hid_bpf_dispatch.h | 1 +
drivers/hid/bpf/hid_bpf_struct_ops.c | 6 +-
drivers/hid/hid-core.c | 118 +++++---
drivers/hid/hidraw.c | 10 +-
include/linux/hid.h | 7 +
include/linux/hid_bpf.h | 80 ++++-
tools/testing/selftests/hid/hid_bpf.c | 326 +++++++++++++++++++++
tools/testing/selftests/hid/progs/hid.c | 292 ++++++++++++++++++
.../testing/selftests/hid/progs/hid_bpf_helpers.h | 13 +
11 files changed, 955 insertions(+), 65 deletions(-)
---
base-commit: 33c0fb85b571b0f1bbdbf466e770eebeb29e6f41
change-id: 20240614-hid_hw_req_bpf-df0b95aeb425
Best regards,
--
Benjamin Tissoires <bentiss@...nel.org>
Powered by blists - more mailing lists