From: Yonghong Song <yhs@meta.com>
To: Roberto Sassu <roberto.sassu@huaweicloud.com>,
dhowells@redhat.com, dwmw2@infradead.org,
herbert@gondor.apana.org.au, davem@davemloft.net,
jarkko@kernel.org, ast@kernel.org, daniel@iogearbox.net,
andrii@kernel.org, martin.lau@linux.dev, song@kernel.org,
yhs@fb.com, john.fastabend@gmail.com, kpsingh@kernel.org,
sdf@google.com, haoluo@google.com, jolsa@kernel.org,
rostedt@goodmis.org, mhiramat@kernel.org, mykolal@fb.com,
shuah@kernel.org
Cc: linux-kernel@vger.kernel.org, keyrings@vger.kernel.org,
linux-crypto@vger.kernel.org, bpf@vger.kernel.org,
linux-trace-kernel@vger.kernel.org,
linux-kselftest@vger.kernel.org,
Roberto Sassu <roberto.sassu@huawei.com>
Subject: Re: [RFC][PATCH 4/6] bpf: Introduce bpf_verify_umd_signature() kfunc
Date: Tue, 25 Apr 2023 14:25:54 -0700 [thread overview]
Message-ID: <23649e1d-8fee-079a-21de-87f7024add81@meta.com> (raw)
In-Reply-To: <20230425173557.724688-5-roberto.sassu@huaweicloud.com>
On 4/25/23 10:35 AM, Roberto Sassu wrote:
> From: Roberto Sassu <roberto.sassu@huawei.com>
>
> Introduce the bpf_verify_umd_signature() kfunc, to verify UMD-parsed
> signatures. The parameters and usage are the same as for
> bpf_verify_pkcs7_signature().
>
> Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
> ---
> kernel/trace/bpf_trace.c | 69 ++++++++++++++++++++++++++++++++--------
> 1 file changed, 55 insertions(+), 14 deletions(-)
>
> diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
> index e8da032bb6f..c9cae337596 100644
> --- a/kernel/trace/bpf_trace.c
> +++ b/kernel/trace/bpf_trace.c
> @@ -1271,7 +1271,7 @@ __bpf_kfunc struct bpf_key *bpf_lookup_user_key(u32 serial, u64 flags)
> * The key pointer is marked as invalid, to prevent bpf_key_put() from
> * attempting to decrement the key reference count on that pointer. The key
> * pointer set in such way is currently understood only by
> - * verify_pkcs7_signature().
> + * verify_pkcs7_signature() and verify_umd_signature().
> *
> * Set *id* to one of the values defined in include/linux/verification.h:
> * 0 for the primary keyring (immutable keyring of system keys);
> @@ -1317,6 +1317,27 @@ __bpf_kfunc void bpf_key_put(struct bpf_key *bkey)
> }
>
> #ifdef CONFIG_SYSTEM_DATA_VERIFICATION
> +static int validate_key(struct bpf_key *trusted_keyring)
> +{
> + int ret = 0;
> +
> + if (trusted_keyring->has_ref) {
> + /*
> + * Do the permission check deferred in bpf_lookup_user_key().
> + * See bpf_lookup_user_key() for more details.
> + *
> + * A call to key_task_permission() here would be redundant, as
> + * it is already done by keyring_search() called by
> + * find_asymmetric_key().
> + */
> + ret = key_validate(trusted_keyring->key);
> + if (ret < 0)
> + return ret;
The above
if (ret < 0)
return ret;
can be removed.
> + }
> +
> + return ret;
> +}
> +
> /**
> * bpf_verify_pkcs7_signature - verify a PKCS#7 signature
> * @data_ptr: data to verify
> @@ -1334,19 +1355,9 @@ __bpf_kfunc int bpf_verify_pkcs7_signature(struct bpf_dynptr_kern *data_ptr,
> {
> int ret;
>
> - if (trusted_keyring->has_ref) {
> - /*
> - * Do the permission check deferred in bpf_lookup_user_key().
> - * See bpf_lookup_user_key() for more details.
> - *
> - * A call to key_task_permission() here would be redundant, as
> - * it is already done by keyring_search() called by
> - * find_asymmetric_key().
> - */
> - ret = key_validate(trusted_keyring->key);
> - if (ret < 0)
> - return ret;
> - }
> + ret = validate_key(trusted_keyring);
> + if (ret < 0)
> + return ret;
>
> return verify_pkcs7_signature(data_ptr->data,
> bpf_dynptr_get_size(data_ptr),
> @@ -1356,6 +1367,35 @@ __bpf_kfunc int bpf_verify_pkcs7_signature(struct bpf_dynptr_kern *data_ptr,
> VERIFYING_UNSPECIFIED_SIGNATURE, NULL,
> NULL);
> }
> +
> +/**
> + * bpf_verify_umd_signature - Verify a UMD-parsed signature
> + * @data_ptr: Data to verify
> + * @sig_ptr: Signature of the data
> + * @trusted_keyring: Keyring with keys trusted for signature verification
> + *
> + * Verify the UMD-parsed signature *sig_ptr* against the supplied *data_ptr*
> + * with keys in a keyring referenced by *trusted_keyring*.
> + *
> + * Return: 0 on success, a negative value on error.
> + */
> +__bpf_kfunc int bpf_verify_umd_signature(struct bpf_dynptr_kern *data_ptr,
> + struct bpf_dynptr_kern *sig_ptr,
> + struct bpf_key *trusted_keyring)
> +{
> + int ret;
> +
> + ret = validate_key(trusted_keyring);
> + if (ret < 0)
> + return ret;
> +
> + return verify_umd_signature(data_ptr->data,
> + bpf_dynptr_get_size(data_ptr),
> + sig_ptr->data, bpf_dynptr_get_size(sig_ptr),
> + trusted_keyring->key,
> + VERIFYING_UNSPECIFIED_SIGNATURE, NULL,
> + NULL);
> +}
> #endif /* CONFIG_SYSTEM_DATA_VERIFICATION */
>
> __diag_pop();
> @@ -1366,6 +1406,7 @@ BTF_ID_FLAGS(func, bpf_lookup_system_key, KF_ACQUIRE | KF_RET_NULL)
> BTF_ID_FLAGS(func, bpf_key_put, KF_RELEASE)
> #ifdef CONFIG_SYSTEM_DATA_VERIFICATION
> BTF_ID_FLAGS(func, bpf_verify_pkcs7_signature, KF_SLEEPABLE)
> +BTF_ID_FLAGS(func, bpf_verify_umd_signature, KF_SLEEPABLE)
> #endif
> BTF_SET8_END(key_sig_kfunc_set)
>
next prev parent reply other threads:[~2023-04-25 21:28 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-25 17:35 [RFC][PATCH 0/6] KEYS: Introduce user mode key and signature parsers Roberto Sassu
2023-04-25 17:35 ` [RFC][PATCH 1/6] KEYS: asymmetric: Introduce UMD-based asymmetric key parser Roberto Sassu
2023-04-25 17:35 ` [RFC][PATCH 2/6] KEYS: asymmetric: Introduce UMD-based asymmetric key signature parser Roberto Sassu
2023-04-25 17:35 ` [RFC][PATCH 3/6] verification: Introduce verify_umd_signature() and verify_umd_message_sig() Roberto Sassu
2023-04-26 0:28 ` Jarkko Sakkinen
2023-04-26 11:42 ` Roberto Sassu
2023-04-26 18:25 ` Jarkko Sakkinen
2023-04-26 18:27 ` Jarkko Sakkinen
2023-04-25 17:35 ` [RFC][PATCH 4/6] bpf: Introduce bpf_verify_umd_signature() kfunc Roberto Sassu
2023-04-25 21:25 ` Yonghong Song [this message]
2023-04-26 11:44 ` Roberto Sassu
2023-04-25 17:35 ` [RFC][PATCH 5/6] selftests/bpf: Prepare a test for UMD-parsed signatures Roberto Sassu
2023-04-25 17:35 ` [RFC][PATCH 6/6] KEYS: asymmetric: Add UMD handler Roberto Sassu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=23649e1d-8fee-079a-21de-87f7024add81@meta.com \
--to=yhs@meta.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=dwmw2@infradead.org \
--cc=haoluo@google.com \
--cc=herbert@gondor.apana.org.au \
--cc=jarkko@kernel.org \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=keyrings@vger.kernel.org \
--cc=kpsingh@kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-trace-kernel@vger.kernel.org \
--cc=martin.lau@linux.dev \
--cc=mhiramat@kernel.org \
--cc=mykolal@fb.com \
--cc=roberto.sassu@huawei.com \
--cc=roberto.sassu@huaweicloud.com \
--cc=rostedt@goodmis.org \
--cc=sdf@google.com \
--cc=shuah@kernel.org \
--cc=song@kernel.org \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.