lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20240626-hid_hw_req_bpf-v2-0-cfd60fb6c79f@kernel.org>
Date: Wed, 26 Jun 2024 15:46:21 +0200
From: Benjamin Tissoires <bentiss@...nel.org>
To: Jiri Kosina <jikos@...nel.org>, Alexei Starovoitov <ast@...nel.org>, 
 Shuah Khan <shuah@...nel.org>, Jonathan Corbet <corbet@....net>
Cc: linux-input@...r.kernel.org, linux-kernel@...r.kernel.org, 
 bpf@...r.kernel.org, linux-kselftest@...r.kernel.org, 
 linux-doc@...r.kernel.org, Benjamin Tissoires <bentiss@...nel.org>, 
 Dan Carpenter <dan.carpenter@...aro.org>
Subject: [PATCH HID v2 00/13] HID: bpf_struct_ops, part 2

This series is a followup of the struct_ops conversion.

Therefore, it is based on top of the for-6.11/bpf branch of the hid.git
tree:
https://git.kernel.org/pub/scm/linux/kernel/git/hid/hid.git/log/?h=for-6.11/bpf

The first patch should go in ASAP, it's a fix that was detected by Dan
and which is actually breaking some use cases.

The rest is adding new capabilities to HID-BPF: being able to intercept
hid_hw_raw_request() and hid_hw_ouptut_report(). Both operations are
write operations to the device.

Having those new hooks allows to implement the "firewall" of HID
devices: this way a bpf program can selectively authorize an hidraw
client to write or not to the device depending on what is requested.

This also allows to completely emulate new behavior: we can now create a
"fake" feature on a HID device, and when we receive a request on this
feature, we can emulate the answer by either statically answering or
even by communicating with the device from bpf, as those new hooks are
sleepable.

Last, there is one change in the kfunc hid_bpf_input_report, in which it
actually waits for the device to be ready. This will not break any
potential users as the function was already declared as sleepable.

Cheers,
Benjamin

Signed-off-by: Benjamin Tissoires <bentiss@...nel.org>
---
Changes in v2:
- made use of srcu, for sleepable users
- Link to v1: https://lore.kernel.org/r/20240621-hid_hw_req_bpf-v1-0-d7ab8b885a0b@kernel.org

---
Benjamin Tissoires (13):
      HID: bpf: fix dispatch_hid_bpf_device_event uninitialized ret value
      HID: add source argument to HID low level functions
      HID: bpf: protect HID-BPF prog_list access by a SRCU
      HID: bpf: add HID-BPF hooks for hid_hw_raw_requests
      HID: bpf: prevent infinite recursions with hid_hw_raw_requests hooks
      selftests/hid: add tests for hid_hw_raw_request HID-BPF hooks
      HID: bpf: add HID-BPF hooks for hid_hw_output_report
      selftests/hid: add tests for hid_hw_output_report HID-BPF hooks
      HID: bpf: make hid_bpf_input_report() sleep until the device is ready
      selftests/hid: add wq test for hid_bpf_input_report()
      HID: bpf: allow hid_device_event hooks to inject input reports on self
      selftests/hid: add another test for injecting an event from an event hook
      selftests/hid: add an infinite loop test for hid_bpf_try_input_report

 Documentation/hid/hid-bpf.rst                      |   2 +-
 drivers/hid/bpf/hid_bpf_dispatch.c                 | 165 ++++++++++-
 drivers/hid/bpf/hid_bpf_dispatch.h                 |   1 +
 drivers/hid/bpf/hid_bpf_struct_ops.c               |   6 +-
 drivers/hid/hid-core.c                             | 118 +++++---
 drivers/hid/hidraw.c                               |  10 +-
 include/linux/hid.h                                |   7 +
 include/linux/hid_bpf.h                            |  80 ++++-
 tools/testing/selftests/hid/hid_bpf.c              | 326 +++++++++++++++++++++
 tools/testing/selftests/hid/progs/hid.c            | 292 ++++++++++++++++++
 .../testing/selftests/hid/progs/hid_bpf_helpers.h  |  13 +
 11 files changed, 955 insertions(+), 65 deletions(-)
---
base-commit: 33c0fb85b571b0f1bbdbf466e770eebeb29e6f41
change-id: 20240614-hid_hw_req_bpf-df0b95aeb425

Best regards,
-- 
Benjamin Tissoires <bentiss@...nel.org>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ