lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <9fe88aef7deabbe87d3fc38c4aea3c69.paul@paul-moore.com> Date: Tue, 10 Oct 2023 21:17:39 -0400 From: Paul Moore <paul@...l-moore.com> To: Andrii Nakryiko <andrii@...nel.org>, <bpf@...r.kernel.org>, <netdev@...r.kernel.org> Cc: <linux-fsdevel@...r.kernel.org>, <linux-security-module@...r.kernel.org>, <keescook@...omium.org>, <brauner@...nel.org>, <lennart@...ttering.net>, <kernel-team@...a.com>, <sargun@...gun.me>, selinux@...r.kernel.org Subject: Re: [PATCH v6 6/13] bpf: add BPF token support to BPF_PROG_LOAD command On Sep 27, 2023 Andrii Nakryiko <andrii@...nel.org> wrote: > > Add basic support of BPF token to BPF_PROG_LOAD. Wire through a set of > allowed BPF program types and attach types, derived from BPF FS at BPF > token creation time. Then make sure we perform bpf_token_capable() > checks everywhere where it's relevant. > > Signed-off-by: Andrii Nakryiko <andrii@...nel.org> > --- > include/linux/bpf.h | 6 ++ > include/uapi/linux/bpf.h | 2 + > kernel/bpf/core.c | 1 + > kernel/bpf/inode.c | 6 +- > kernel/bpf/syscall.c | 87 ++++++++++++++----- > kernel/bpf/token.c | 25 ++++++ > tools/include/uapi/linux/bpf.h | 2 + > .../selftests/bpf/prog_tests/libbpf_probes.c | 2 + > .../selftests/bpf/prog_tests/libbpf_str.c | 3 + > 9 files changed, 108 insertions(+), 26 deletions(-) ... > diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c > index 5c5c2b6648b2..d0b219f09bcc 100644 > --- a/kernel/bpf/syscall.c > +++ b/kernel/bpf/syscall.c > @@ -2685,6 +2718,10 @@ static int bpf_prog_load(union bpf_attr *attr, bpfptr_t uattr, u32 uattr_size) > prog->aux->sleepable = attr->prog_flags & BPF_F_SLEEPABLE; > prog->aux->xdp_has_frags = attr->prog_flags & BPF_F_XDP_HAS_FRAGS; > > + /* move token into prog->aux, reuse taken refcnt */ > + prog->aux->token = token; > + token = NULL; > + > err = security_bpf_prog_alloc(prog->aux); > if (err) > goto free_prog; As we discussed in the earlier thread, let's tweak/rename/move the security_bpf_prog_alloc() call down to just before the bpf_check() call so it looks something like this: err = security_bpf_prog_load(prog, &attr, token); if (err) goto proper_jump_label; err = bpf_check(...); With the idea being that LSMs which implement the token hooks would skip any BPF_PROG_LOAD access controls in security_bpf() and instead implement them in security_bpf_prog_load(). We should also do something similar for map_create() and security_bpf_map_alloc() in patch 4/13. -- paul-moore.com
Powered by blists - more mailing lists