| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 4 Mar 2022 18:28:24 +0100
From: Benjamin Tissoires <benjamin.tissoires@...hat.com>
To: Greg KH <gregkh@...uxfoundation.org>,
Jiri Kosina <jikos@...nel.org>,
Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Andrii Nakryiko <andrii@...nel.org>,
Martin KaFai Lau <kafai@...com>,
Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
John Fastabend <john.fastabend@...il.com>,
KP Singh <kpsingh@...nel.org>, Shuah Khan <shuah@...nel.org>,
Dave Marchevsky <davemarchevsky@...com>,
Joe Stringer <joe@...ium.io>
Cc: Tero Kristo <tero.kristo@...ux.intel.com>,
linux-kernel@...r.kernel.org, linux-input@...r.kernel.org,
netdev@...r.kernel.org, bpf@...r.kernel.org,
linux-kselftest@...r.kernel.org,
Benjamin Tissoires <benjamin.tissoires@...hat.com>
Subject: [PATCH bpf-next v2 00/28] Introduce eBPF support for HID devices
Hi,
This is a followup of my v1 at [0].
The short summary of the previous cover letter and discussions is that
HID could benefit from BPF for the following use cases:
- simple fixup of report descriptor:
benefits are faster development time and testing, with the produced
bpf program being shipped in the kernel directly (the shipping part
is *not* addressed here).
- Universal Stylus Interface:
allows a user-space program to define its own kernel interface
- Surface Dial:
somehow similar to the previous one except that userspace can decide
to change the shape of the exported device
- firewall:
still partly missing there, there is not yet interception of hidraw
calls, but it's coming in a followup series, I promise
- tracing:
well, tracing.
I tried to address as many comments as I could and here is the short log
of changes:
v2:
===
- split the series by subsystem (bpf, HID, libbpf, selftests and
samples)
- Added an extra patch at the beginning to not require CAP_NET_ADMIN for
BPF_PROG_TYPE_LIRC_MODE2 (please shout if this is wrong)
- made the bpf context attached to HID program of dynamic size:
* the first 1 kB will be able to be addressed directly
* the rest can be retrieved through bpf_hid_{set|get}_data
(note that I am definitivey not happy with that API, because there
is part of it in bits and other in bytes. ouch)
- added an extra patch to prevent non GPL HID bpf programs to be loaded
of type BPF_PROG_TYPE_HID
* same here, not really happy but I don't know where to put that check
in verifier.c
- added a new flag BPF_F_INSERT_HEAD for BPF_LINK_CREATE syscall when in
used with HID program types.
* this flag is used for tracing, to be able to load a program before
any others that might already have been inserted and that might
change the data stream.
Cheers,
Benjamin
[0] https://lore.kernel.org/linux-input/20220224110828.2168231-1-benjamin.tissoires@redhat.com/T/#t
Benjamin Tissoires (28):
bpf: add new is_sys_admin_prog_type() helper
bpf: introduce hid program type
HID: hook up with bpf
libbpf: add HID program type and API
selftests/bpf: add tests for the HID-bpf initial implementation
samples/bpf: add new hid_mouse example
bpf/hid: add a new attach type to change the report descriptor
HID: allow to change the report descriptor from an eBPF program
libbpf: add new attach type BPF_HID_RDESC_FIXUP
selftests/bpf: add report descriptor fixup tests
samples/bpf: add a report descriptor fixup
bpf/hid: add hid_{get|set}_data helpers
HID: bpf: implement hid_bpf_get|set_data
selftests/bpf: add tests for hid_{get|set}_data helpers
bpf/hid: add new BPF type to trigger commands from userspace
libbpf: add new attach type BPF_HID_USER_EVENT
selftests/bpf: add test for user call of HID bpf programs
selftests/bpf: hid: rely on uhid event to know if a test device is
ready
bpf/hid: add bpf_hid_raw_request helper function
HID: add implementation of bpf_hid_raw_request
selftests/bpf: add tests for bpf_hid_hw_request
bpf/verifier: prevent non GPL programs to be loaded against HID
HID: bpf: compute only the required buffer size for the device
HID: bpf: only call hid_bpf_raw_event() if a ctx is available
bpf/hid: Add a flag to add the program at the beginning of the list
libbpf: add handling for BPF_F_INSERT_HEAD in HID programs
selftests/bpf: Add a test for BPF_F_INSERT_HEAD
samples/bpf: fix bpf_program__attach_hid() api change
drivers/hid/Makefile | 1 +
drivers/hid/hid-bpf.c | 361 +++++++++
drivers/hid/hid-core.c | 34 +-
include/linux/bpf-hid.h | 129 +++
include/linux/bpf_types.h | 4 +
include/linux/hid.h | 25 +
include/uapi/linux/bpf.h | 59 ++
include/uapi/linux/bpf_hid.h | 50 ++
kernel/bpf/Makefile | 3 +
kernel/bpf/hid.c | 652 +++++++++++++++
kernel/bpf/syscall.c | 26 +-
kernel/bpf/verifier.c | 7 +
samples/bpf/.gitignore | 1 +
samples/bpf/Makefile | 4 +
samples/bpf/hid_mouse_kern.c | 91 +++
samples/bpf/hid_mouse_user.c | 129 +++
tools/include/uapi/linux/bpf.h | 59 ++
tools/lib/bpf/libbpf.c | 22 +-
tools/lib/bpf/libbpf.h | 2 +
tools/lib/bpf/libbpf.map | 1 +
tools/testing/selftests/bpf/prog_tests/hid.c | 788 +++++++++++++++++++
tools/testing/selftests/bpf/progs/hid.c | 216 +++++
22 files changed, 2649 insertions(+), 15 deletions(-)
create mode 100644 drivers/hid/hid-bpf.c
create mode 100644 include/linux/bpf-hid.h
create mode 100644 include/uapi/linux/bpf_hid.h
create mode 100644 kernel/bpf/hid.c
create mode 100644 samples/bpf/hid_mouse_kern.c
create mode 100644 samples/bpf/hid_mouse_user.c
create mode 100644 tools/testing/selftests/bpf/prog_tests/hid.c
create mode 100644 tools/testing/selftests/bpf/progs/hid.c
--
2.35.1
Powered by blists - more mailing lists