| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 19 Apr 2022 12:00:45 -0700
From: Stanislav Fomichev <sdf@...gle.com>
To: netdev@...r.kernel.org, bpf@...r.kernel.org
Cc: ast@...nel.org, daniel@...earbox.net, andrii@...nel.org,
Stanislav Fomichev <sdf@...gle.com>, kafai@...com,
kpsingh@...nel.org, jakub@...udflare.com
Subject: [PATCH bpf-next v5 0/8] bpf: cgroup_sock lsm flavor
This series implements new lsm flavor for attaching per-cgroup programs to
existing lsm hooks. The cgroup is taken out of 'current', unless
the first argument of the hook is 'struct socket'. In this case,
the cgroup association is taken out of socket. The attachment
looks like a regular per-cgroup attachment: we add new BPF_LSM_CGROUP
attach type which, together with attach_btf_id, signals per-cgroup lsm.
Behind the scenes, we allocate trampoline shim program and
attach to lsm. This program looks up cgroup from current/socket
and runs cgroup's effective prog array. The rest of the per-cgroup BPF
stays the same: hierarchy, local storage, retval conventions
(return 1 == success).
Current limitations:
* haven't considered sleepable bpf; can be extended later on
* not sure the verifier does the right thing with null checks;
see latest selftest for details
* total of 10 (global) per-cgroup LSM attach points; this bloats
bpf_cgroup a bit
Cc: ast@...nel.org
Cc: daniel@...earbox.net
Cc: kafai@...com
Cc: kpsingh@...nel.org
Cc: jakub@...udflare.com
v5:
- __cgroup_bpf_run_lsm_socket remove NULL sock/sk checks (Martin KaFai Lau)
- __cgroup_bpf_run_lsm_{socket,current} s/prog/shim_prog/ (Martin)
- make sure bpf_lsm_find_cgroup_shim works for hooks without args (Martin)
- __cgroup_bpf_attach make sure attach_btf_id is the same when replacing (Martin)
- call bpf_cgroup_lsm_shim_release only for LSM_CGROUP (Martin)
- drop BPF_LSM_CGROUP from bpf_attach_type_to_tramp (Martin)
- drop jited check from cgroup_shim_find (Martin)
- new patch to convert cgroup_bpf to hlist_node (Jakub Sitnicki)
- new shim flavor for 'struct sock' + list of exceptions (Martin)
v4:
- fix build when jit is on but syscall is off
v3:
- add BPF_LSM_CGROUP to bpftool
- use simple int instead of refcnt_t (to avoid use-after-free
false positive)
v2:
- addressed build bot failures
Stanislav Fomichev (8):
bpf: add bpf_func_t and trampoline helpers
bpf: convert cgroup_bpf.progs to hlist
bpf: per-cgroup lsm flavor
bpf: minimize number of allocated lsm slots per program
bpf: allow writing to a subset of sock fields from lsm progtype
libbpf: add lsm_cgoup_sock type
selftests/bpf: lsm_cgroup functional test
selftests/bpf: verify lsm_cgroup struct sock access
include/linux/bpf-cgroup-defs.h | 12 +-
include/linux/bpf-cgroup.h | 9 +-
include/linux/bpf.h | 24 +-
include/linux/bpf_lsm.h | 8 +
include/uapi/linux/bpf.h | 1 +
kernel/bpf/bpf_lsm.c | 116 ++++++
kernel/bpf/btf.c | 11 +
kernel/bpf/cgroup.c | 361 +++++++++++++++---
kernel/bpf/syscall.c | 10 +
kernel/bpf/trampoline.c | 206 ++++++++--
kernel/bpf/verifier.c | 4 +-
tools/bpf/bpftool/common.c | 1 +
tools/include/uapi/linux/bpf.h | 1 +
tools/lib/bpf/libbpf.c | 2 +
.../selftests/bpf/prog_tests/lsm_cgroup.c | 213 +++++++++++
.../testing/selftests/bpf/progs/lsm_cgroup.c | 126 ++++++
tools/testing/selftests/bpf/test_verifier.c | 54 ++-
.../selftests/bpf/verifier/lsm_cgroup.c | 34 ++
18 files changed, 1102 insertions(+), 91 deletions(-)
create mode 100644 tools/testing/selftests/bpf/prog_tests/lsm_cgroup.c
create mode 100644 tools/testing/selftests/bpf/progs/lsm_cgroup.c
create mode 100644 tools/testing/selftests/bpf/verifier/lsm_cgroup.c
--
2.36.0.rc0.470.gd361397f0d-goog
Powered by blists - more mailing lists