From: KP Singh <kpsingh@kernel.org>
To: Roberto Sassu <roberto.sassu@huaweicloud.com>
Cc: ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org,
martin.lau@linux.dev, song@kernel.org, yhs@fb.com,
john.fastabend@gmail.com, sdf@google.com, haoluo@google.com,
jolsa@kernel.org, mykolal@fb.com, dhowells@redhat.com,
jarkko@kernel.org, rostedt@goodmis.org, mingo@redhat.com,
paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com,
shuah@kernel.org, bpf@vger.kernel.org, keyrings@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org,
deso@posteo.net, memxor@gmail.com,
Roberto Sassu <roberto.sassu@huawei.com>,
Joanne Koong <joannelkoong@gmail.com>
Subject: Re: [PATCH v17 11/12] selftests/bpf: Add test for bpf_verify_pkcs7_signature() kfunc
Date: Thu, 15 Sep 2022 17:11:39 +0100 [thread overview]
Message-ID: <CACYkzJ7uraUdmGV9gMmTZs1OMb_3Q2DttoaxU-irmrXFudOweQ@mail.gmail.com> (raw)
In-Reply-To: <20220909120736.1027040-12-roberto.sassu@huaweicloud.com>
On Fri, Sep 9, 2022 at 1:10 PM Roberto Sassu
<roberto.sassu@huaweicloud.com> wrote:
>
> From: Roberto Sassu <roberto.sassu@huawei.com>
>
[...]
> +}
> diff --git a/tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c b/tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c
> new file mode 100644
> index 000000000000..4ceab545d99a
> --- /dev/null
> +++ b/tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c
> @@ -0,0 +1,100 @@
> +// SPDX-License-Identifier: GPL-2.0
> +
> +/*
> + * Copyright (C) 2022 Huawei Technologies Duesseldorf GmbH
> + *
> + * Author: Roberto Sassu <roberto.sassu@huawei.com>
> + */
> +
> +#include "vmlinux.h"
> +#include <errno.h>
> +#include <bpf/bpf_helpers.h>
> +#include <bpf/bpf_tracing.h>
> +
> +#define MAX_DATA_SIZE (1024 * 1024)
> +#define MAX_SIG_SIZE 1024
> +
> +typedef __u8 u8;
> +typedef __u16 u16;
> +typedef __u32 u32;
> +typedef __u64 u64;
I think you can avoid this and just use u32 and u64 directly.
> +
> +struct bpf_dynptr {
> + __u64 :64;
> + __u64 :64;
> +} __attribute__((aligned(8)));
> +
I think you are doing this because including the uapi headers causes
type conflicts.
This does happen quite often. What do other folks think about doing
something like
#define DYNPTR(x) ((void *)x)
It seems like this will be an issue anytime we use the helpers with
vmlinux.h and users
will always have to define this type in their tests.
- KP
> +extern struct bpf_key *bpf_lookup_user_key(__u32 serial, __u64 flags) __ksym;
> +extern struct bpf_key *bpf_lookup_system_key(__u64 id) __ksym;
> +extern void bpf_key_put(struct bpf_key *key) __ksym;
> +extern int bpf_verify_pkcs7_signature(struct bpf_dynptr *data_ptr,
> + struct bpf_dynptr *sig_ptr,
> + struct bpf_key *trusted_keyring) __ksym;
> +
> +u32 monitored_pid;
> +u32 user_keyring_serial;
> +u64 system_keyring_id;
> +
> +struct data {
> + u8 data[MAX_DATA_SIZE];
> + u32 data_len;
> + u8 sig[MAX_SIG_SIZE];
> + u32 sig_len;
> +};
> +
> +struct {
> + __uint(type, BPF_MAP_TYPE_ARRAY);
> + __uint(max_entries, 1);
> + __type(key, __u32);
> + __type(value, struct data);
> +} data_input SEC(".maps");
> +
> +char _license[] SEC("license") = "GPL";
> +
> +SEC("lsm.s/bpf")
> +int BPF_PROG(bpf, int cmd, union bpf_attr *attr, unsigned int size)
> +{
> + struct bpf_dynptr data_ptr, sig_ptr;
> + struct data *data_val;
> + struct bpf_key *trusted_keyring;
> + u32 pid;
> + u64 value;
> + int ret, zero = 0;
> +
> + pid = bpf_get_current_pid_tgid() >> 32;
> + if (pid != monitored_pid)
> + return 0;
> +
> + data_val = bpf_map_lookup_elem(&data_input, &zero);
> + if (!data_val)
> + return 0;
> +
> + bpf_probe_read(&value, sizeof(value), &attr->value);
> +
> + bpf_copy_from_user(data_val, sizeof(struct data),
>
[...]
> --
> 2.25.1
>
next prev parent reply other threads:[~2022-09-15 16:12 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-09 12:07 [PATCH v17 00/12] bpf: Add kfuncs for PKCS#7 signature verification Roberto Sassu
2022-09-09 12:07 ` [PATCH v17 01/12] bpf: Allow kfuncs to be used in LSM programs Roberto Sassu
2022-09-09 12:07 ` [PATCH v17 02/12] bpf: Move dynptr type check to is_dynptr_type_expected() Roberto Sassu
2022-09-09 12:07 ` [PATCH v17 03/12] btf: Allow dynamic pointer parameters in kfuncs Roberto Sassu
2022-09-09 12:07 ` [PATCH v17 04/12] bpf: Export bpf_dynptr_get_size() Roberto Sassu
2022-09-09 12:07 ` [PATCH v17 05/12] KEYS: Move KEY_LOOKUP_ to include/linux/key.h and define KEY_LOOKUP_ALL Roberto Sassu
2022-09-09 12:07 ` [PATCH v17 06/12] bpf: Add bpf_lookup_*_key() and bpf_key_put() kfuncs Roberto Sassu
2022-09-09 16:05 ` Song Liu
2022-09-09 12:07 ` [PATCH v17 07/12] bpf: Add bpf_verify_pkcs7_signature() kfunc Roberto Sassu
2022-09-09 16:06 ` Song Liu
2022-09-11 11:40 ` KP Singh
2022-09-11 21:08 ` Kumar Kartikeya Dwivedi
2022-09-09 12:07 ` [PATCH v17 08/12] selftests/bpf: Compile kernel with everything as built-in Roberto Sassu
2022-09-09 12:07 ` [PATCH v17 09/12] selftests/bpf: Add verifier tests for bpf_lookup_*_key() and bpf_key_put() Roberto Sassu
2022-09-09 12:07 ` [PATCH v17 10/12] selftests/bpf: Add additional tests for bpf_lookup_*_key() Roberto Sassu
2022-09-09 12:07 ` [PATCH v17 11/12] selftests/bpf: Add test for bpf_verify_pkcs7_signature() kfunc Roberto Sassu
2022-09-15 16:11 ` KP Singh [this message]
2022-09-19 11:17 ` Roberto Sassu
2022-09-19 13:09 ` Roberto Sassu
2022-09-19 14:27 ` [PATCH v18 02/13] btf: Export bpf_dynptr definition Roberto Sassu
2022-09-20 5:30 ` Yonghong Song
2022-09-22 1:10 ` patchwork-bot+netdevbpf
2022-09-20 5:26 ` [PATCH v17 11/12] selftests/bpf: Add test for bpf_verify_pkcs7_signature() kfunc Yonghong Song
2022-09-20 4:21 ` Yonghong Song
2022-09-09 12:07 ` [PATCH v17 12/12] selftests/bpf: Add tests for dynamic pointers parameters in kfuncs Roberto Sassu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CACYkzJ7uraUdmGV9gMmTZs1OMb_3Q2DttoaxU-irmrXFudOweQ@mail.gmail.com \
--to=kpsingh@kernel.org \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=deso@posteo.net \
--cc=dhowells@redhat.com \
--cc=haoluo@google.com \
--cc=jarkko@kernel.org \
--cc=jmorris@namei.org \
--cc=joannelkoong@gmail.com \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=martin.lau@linux.dev \
--cc=memxor@gmail.com \
--cc=mingo@redhat.com \
--cc=mykolal@fb.com \
--cc=paul@paul-moore.com \
--cc=roberto.sassu@huawei.com \
--cc=roberto.sassu@huaweicloud.com \
--cc=rostedt@goodmis.org \
--cc=sdf@google.com \
--cc=serge@hallyn.com \
--cc=shuah@kernel.org \
--cc=song@kernel.org \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.