From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 47CE4C433F5 for ; Wed, 30 Mar 2022 07:22:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243772AbiC3HYG (ORCPT ); Wed, 30 Mar 2022 03:24:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57948 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S243820AbiC3HXW (ORCPT ); Wed, 30 Mar 2022 03:23:22 -0400 Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 889351117E; Wed, 30 Mar 2022 00:21:06 -0700 (PDT) Received: from fraeml710-chm.china.huawei.com (unknown [172.18.147.200]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4KSyV73jh2z67ZHP; Wed, 30 Mar 2022 15:19:11 +0800 (CST) Received: from fraeml714-chm.china.huawei.com (10.206.15.33) by fraeml710-chm.china.huawei.com (10.206.15.59) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Wed, 30 Mar 2022 09:21:03 +0200 Received: from fraeml714-chm.china.huawei.com ([10.206.15.33]) by fraeml714-chm.china.huawei.com ([10.206.15.33]) with mapi id 15.01.2375.024; Wed, 30 Mar 2022 09:21:03 +0200 From: Roberto Sassu To: Andrii Nakryiko CC: Jonathan Corbet , Al Viro , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , KP Singh , "Shuah Khan" , "mcoquelin.stm32@gmail.com" , "alexandre.torgue@foss.st.com" , Mimi Zohar , "Linux Doc Mailing List" , "linux-fsdevel@vger.kernel.org" , Networking , bpf , "open list:KERNEL SELFTEST FRAMEWORK" , "linux-stm32@st-md-mailman.stormreply.com" , linux-arm-kernel , "linux-integrity@vger.kernel.org" , "linux-security-module@vger.kernel.org" , open list Subject: RE: [PATCH 00/18] bpf: Secure and authenticated preloading of eBPF programs Thread-Topic: [PATCH 00/18] bpf: Secure and authenticated preloading of eBPF programs Thread-Index: AQHYQsxoL5kXhl8+JE6PJPNWV+NOTqzW6KkAgACTnqA= Date: Wed, 30 Mar 2022 07:21:03 +0000 Message-ID: <7574e95fb2304db7b8d64be5d2553b20@huawei.com> References: <20220328175033.2437312-1-roberto.sassu@huawei.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.81.209.190] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-CFilter-Loop: Reflected Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org PiBGcm9tOiBBbmRyaWkgTmFrcnlpa28gW21haWx0bzphbmRyaWkubmFrcnlpa29AZ21haWwuY29t XQ0KPiBTZW50OiBXZWRuZXNkYXksIE1hcmNoIDMwLCAyMDIyIDE6NTEgQU0NCj4gT24gTW9uLCBN YXIgMjgsIDIwMjIgYXQgMTA6NTEgQU0gUm9iZXJ0byBTYXNzdQ0KPiA8cm9iZXJ0by5zYXNzdUBo dWF3ZWkuY29tPiB3cm90ZToNCg0KWy4uLl0NCg0KPiA+IFBhdGNoZXMgMS0yIGV4cG9ydCBzb21l IGRlZmluaXRpb25zLCB0byBidWlsZCBvdXQtb2YtdHJlZSBrZXJuZWwgbW9kdWxlcw0KPiA+IHdp dGggZUJQRiBwcm9ncmFtcyB0byBwcmVsb2FkLiBQYXRjaGVzIDMtNCBhbGxvdyBlQlBGIHByb2dy YW1zIHRvIHBpbg0KPiA+IG9iamVjdHMgYnkgdGhlbXNlbHZlcy4gUGF0Y2hlcyA1LTEwIGF1dG9t YXRpY2FsbHkgZ2VuZXJhdGUgdGhlIG1ldGhvZHMNCj4gZm9yDQo+ID4gcHJlbG9hZGluZyBpbiB0 aGUgbGlnaHQgc2tlbGV0b24uIFBhdGNoZXMgMTEtMTQgbWFrZSBpdCBwb3NzaWJsZSB0byBwcmVs b2FkDQo+ID4gbXVsdGlwbGUgZUJQRiBwcm9ncmFtcy4gUGF0Y2ggMTUgYXV0b21hdGljYWxseSBn ZW5lcmF0ZXMgdGhlIGtlcm5lbA0KPiBtb2R1bGUNCj4gPiBmb3IgcHJlbG9hZGluZyBhbiBlQlBG IHByb2dyYW0sIHBhdGNoIDE2IGRvZXMgYSBrZXJuZWwgbW91bnQgb2YgdGhlIGJwZg0KPiA+IGZp bGVzeXN0ZW0sIGFuZCBmaW5hbGx5IHBhdGNoZXMgMTctMTggdGVzdCB0aGUgZnVuY3Rpb25hbGl0 eSBpbnRyb2R1Y2VkLg0KPiA+DQo+IA0KPiBUaGlzIGFwcHJvYWNoIG9mIG1vdmluZyB0b25zIG9m IHByZXR0eSBnZW5lcmljIGNvZGUgaW50byBjb2RlZ2VuIG9mDQo+IGxza2VsIHNlZW1zIHN1Ym9w dGltYWwuIFdoeSBzbyBtdWNoIGNvZGUgaGFzIHRvIGJlIGNvZGVnZW5lcmF0ZWQ/DQo+IEVzcGVj aWFsbHkgdGhhdCB0aW55IG1vZHVsZSBjb2RlPw0KDQpIaSBBbmRyaWkNCg0KdGhlIG1haW4gZ29h bCBvZiB0aGlzIHBhdGNoIHNldCBpcyB0byB1c2UgdGhlIHByZWxvYWRpbmcNCm1lY2hhbmlzbSB0 byBwbHVnIGluIHNlY3VyZWx5IExTTXMgaW1wbGVtZW50ZWQgYXMgZUJQRg0KcHJvZ3JhbXMuDQoN CkkgaGF2ZSBhIHVzZSBjYXNlLCBJIHdhbnQgdG8gcGx1ZyBpbiBteSBlQlBGIHByb2dyYW0sDQpE SUdMSU0gZUJQRi4NCg0KSSBzdGFydGVkIHRvIG1vZGlmeSB0aGUgcHJlbG9hZGluZyBjb2RlIG1h bnVhbGx5LCBhbmQNCkkgcmVhbGl6ZWQgaG93IGNvbXBsaWNhdGVkIHRoZSBwcm9jZXNzIGlzIGlm IHlvdSB3YW50DQp0byBhZGQgc29tZXRoaW5nIG1vcmUgdGhhbiB0aGUgZXhpc3RpbmcgaXRlcmF0 b3JzX2JwZg0KcHJvZ3JhbS4NCg0KRmlyc3QsIHlvdSBoYXZlIHRvIGxvb2sgYXQgd2hpY2ggb2Jq ZWN0cyB5b3Ugd2FudCB0bw0KcHJlbG9hZCwgdGhlbiB3cml0ZSBjb2RlIGZvciBlYWNoIG9mIHRo ZW0uIFRoaXMgcHJvY2Vzcw0KaXMgcmVwZXRpdGl2ZSBhbmQgZGV0ZXJtaW5pc3RpYywgdGhpcyBp cyB3aHkgSSBpbW1lZGlhdGVseQ0KdGhvdWdodCB0aGF0IGl0IGlzIGEgZ29vZCBjYXNlIGZvciBh dXRvbWF0aWMgY29kZQ0KZ2VuZXJhdGlvbi4NCg0KTXkgaWRlYSBpcyB0aGF0LCBpZiB0aGlzIG1l Y2hhbmlzbSBpcyBhY2NlcHRlZCwgYW4NCmltcGxlbWVudGVyIG9mIGFuIExTTSB3aXNoaW5nIHRv IGJlIHByZWxvYWRlZCBhdA0KdGhlIHZlcnkgYmVnaW5uaW5nLCBvbmx5IGhhcyB0byB3cml0ZSBo aXMgZUJQRiBjb2RlLA0KdGhlIGtlcm5lbCBhbmQgYnBmdG9vbCB0YWtlIGNhcmUgb2YgdGhlIHJl c3QuDQpHZW5lcmF0aW9uIG9mIHRoZSBwcmVsb2FkaW5nIGNvZGUgaXMgb3B0aW9uYWwsIGFuZA0K bmVlZCB0byBiZSBlbmFibGVkIHdpdGggdGhlIC1QIG9wdGlvbiwgaW4gYWRkaXRpb24gdG8gLUwu DQoNClRoZSBsaWdodCBza2VsZXRvbiBvZiBESUdMSU0gZUJQRiBsb29rcyBsaWtlOg0KDQpodHRw czovL2dpdGh1Yi5jb20vcm9iZXJ0b3Nhc3N1L2xpbnV4L2Jsb2IvYnBmLXByZWxvYWQtdjEva2Vy bmVsL2JwZi9wcmVsb2FkL2RpZ2xpbS9kaWdsaW0ubHNrZWwuaA0KDQpUaGUgcHJlbG9hZGluZyBp bnRlcmZhY2UgaXMgdmVyeSBzaW1pbGFyIHRvIHRoZSBvbmUgdXNlZA0KYnkgdGhlIHNlY3VyaXR5 IHN1YnN5c3RlbTogYW4gb3JkZXJlZCBsaXN0IG9mIGVCUEYNCnByb2dyYW1zIHRvIHByZWxvYWQg c2V0IGluIHRoZSBrZXJuZWwgY29uZmlndXJhdGlvbiwNCnRoYXQgY2FuIGJlIG92ZXJ3cml0dGVu IHdpdGggdGhlIGtlcm5lbCBvcHRpb24NCmJwZl9wcmVsb2FkX2xpc3Q9Lg0KDQpUaGUgY2hhbmdl cyB0aGF0IHdvdWxkIGJlIHJlcXVpcmVkIHRvIHByZWxvYWQgRElHTElNDQplQlBGIGxvb2sgbGlr ZToNCg0KaHR0cHM6Ly9naXRodWIuY29tL3JvYmVydG9zYXNzdS9saW51eC9jb21taXQvYzA3ZTFh Nzg1ODRlZTY4OGFlYjgxMmYwN2RjN2FiMzA2MGFjNjE1Mg0KDQpUaGFua3MNCg0KUm9iZXJ0bw0K DQpIVUFXRUkgVEVDSE5PTE9HSUVTIER1ZXNzZWxkb3JmIEdtYkgsIEhSQiA1NjA2Mw0KTWFuYWdp bmcgRGlyZWN0b3I6IExpIFBlbmcsIFpob25nIFJvbmdodWENCiANCj4gQ2FuIHlvdSBwbGVhc2Ug ZWxhYm9yYXRlIG9uIHdoeSBpdCBjYW4ndCBiZSBkb25lIGluIGEgd2F5IHRoYXQgZG9lc24ndA0K PiByZXF1aXJlIHN1Y2ggZXh0ZW5zaXZlIGxpZ2h0IHNrZWxldG9uIGNvZGVnZW4gY2hhbmdlcz8N Cj4gDQo+IA0KPiA+IFJvYmVydG8gU2Fzc3UgKDE4KToNCj4gPiAgIGJwZjogRXhwb3J0IGJwZl9s aW5rX2luYygpDQo+ID4gICBicGYtcHJlbG9hZDogTW92ZSBicGZfcHJlbG9hZC5oIHRvIGluY2x1 ZGUvbGludXgNCj4gPiAgIGJwZi1wcmVsb2FkOiBHZW5lcmFsaXplIG9iamVjdCBwaW5uaW5nIGZy b20gdGhlIGtlcm5lbA0KPiA+ICAgYnBmLXByZWxvYWQ6IEV4cG9ydCBhbmQgY2FsbCBicGZfb2Jq X2RvX3Bpbl9rZXJuZWwoKQ0KPiA+ICAgYnBmLXByZWxvYWQ6IEdlbmVyYXRlIHN0YXRpYyB2YXJp YWJsZXMNCj4gPiAgIGJwZi1wcmVsb2FkOiBHZW5lcmF0ZSBmcmVlX29ianNfYW5kX3NrZWwoKQ0K PiA+ICAgYnBmLXByZWxvYWQ6IEdlbmVyYXRlIHByZWxvYWQoKQ0KPiA+ICAgYnBmLXByZWxvYWQ6 IEdlbmVyYXRlIGxvYWRfc2tlbCgpDQo+ID4gICBicGYtcHJlbG9hZDogR2VuZXJhdGUgY29kZSB0 byBwaW4gbm9uLWludGVybmFsIG1hcHMNCj4gPiAgIGJwZi1wcmVsb2FkOiBHZW5lcmF0ZSBicGZf cHJlbG9hZF9vcHMNCj4gPiAgIGJwZi1wcmVsb2FkOiBTdG9yZSBtdWx0aXBsZSBicGZfcHJlbG9h ZF9vcHMgc3RydWN0dXJlcyBpbiBhIGxpbmtlZA0KPiA+ICAgICBsaXN0DQo+ID4gICBicGYtcHJl bG9hZDogSW1wbGVtZW50IG5ldyByZWdpc3RyYXRpb24gbWV0aG9kIGZvciBwcmVsb2FkaW5nIGVC UEYNCj4gPiAgICAgcHJvZ3JhbXMNCj4gPiAgIGJwZi1wcmVsb2FkOiBNb3ZlIHBpbm5lZCBsaW5r cyBhbmQgbWFwcyB0byBhIGRlZGljYXRlZCBkaXJlY3RvcnkgaW4NCj4gPiAgICAgYnBmZnMNCj4g PiAgIGJwZi1wcmVsb2FkOiBTd2l0Y2ggdG8gbmV3IHByZWxvYWQgcmVnaXN0cmF0aW9uIG1ldGhv ZA0KPiA+ICAgYnBmLXByZWxvYWQ6IEdlbmVyYXRlIGNvZGUgb2Yga2VybmVsIG1vZHVsZSB0byBw cmVsb2FkDQo+ID4gICBicGYtcHJlbG9hZDogRG8ga2VybmVsIG1vdW50IHRvIGVuc3VyZSB0aGF0 IHBpbm5lZCBvYmplY3RzIGRvbid0DQo+ID4gICAgIGRpc2FwcGVhcg0KPiA+ICAgYnBmLXByZWxv YWQvc2VsZnRlc3RzOiBBZGQgdGVzdCBmb3IgYXV0b21hdGljIGdlbmVyYXRpb24gb2YgcHJlbG9h ZA0KPiA+ICAgICBtZXRob2RzDQo+ID4gICBicGYtcHJlbG9hZC9zZWxmdGVzdHM6IFByZWxvYWQg YSB0ZXN0IGVCUEYgcHJvZ3JhbSBhbmQgY2hlY2sgcGlubmVkDQo+ID4gICAgIG9iamVjdHMNCj4g DQo+IHBsZWFzZSB1c2UgcHJvcGVyIHByZWZpeGVzOiBicGYgKGZvciBrZXJuZWwtc2lkZSBjaGFu Z2VzKSwgbGliYnBmLA0KPiBicGZ0b29sLCBzZWxmdGVzdHMvYnBmLCBldGMNCj4gDQo+IA0KPiA+ DQo+ID4gIC4uLi9hZG1pbi1ndWlkZS9rZXJuZWwtcGFyYW1ldGVycy50eHQgICAgICAgICB8ICAg OCArDQo+ID4gIGZzL25hbWVzcGFjZS5jICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8 ICAgMSArDQo+ID4gIGluY2x1ZGUvbGludXgvYnBmLmggICAgICAgICAgICAgICAgICAgICAgICAg ICB8ICAgNSArDQo+ID4gIGluY2x1ZGUvbGludXgvYnBmX3ByZWxvYWQuaCAgICAgICAgICAgICAg ICAgICB8ICAzNyArKw0KPiA+ICBpbml0L21haW4uYyAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgfCAgIDIgKw0KPiA+ICBrZXJuZWwvYnBmL2lub2RlLmMgICAgICAgICAgICAgICAg ICAgICAgICAgICAgfCAyOTUgKysrKysrKysrLS0NCj4gPiAga2VybmVsL2JwZi9wcmVsb2FkL0tj b25maWcgICAgICAgICAgICAgICAgICAgIHwgIDI1ICstDQo+ID4gIGtlcm5lbC9icGYvcHJlbG9h ZC9icGZfcHJlbG9hZC5oICAgICAgICAgICAgICB8ICAxNiAtDQo+ID4gIGtlcm5lbC9icGYvcHJl bG9hZC9icGZfcHJlbG9hZF9rZXJuLmMgICAgICAgICB8ICA4NSArLS0tDQo+ID4gIGtlcm5lbC9i cGYvcHJlbG9hZC9pdGVyYXRvcnMvTWFrZWZpbGUgICAgICAgICB8ICAgOSArLQ0KPiA+ICAuLi4v YnBmL3ByZWxvYWQvaXRlcmF0b3JzL2l0ZXJhdG9ycy5sc2tlbC5oICAgfCA0NjYgKysrKysrKysr KystLS0tLS0tDQo+ID4gIGtlcm5lbC9icGYvc3lzY2FsbC5jICAgICAgICAgICAgICAgICAgICAg ICAgICB8ICAgMSArDQo+ID4gIC4uLi9icGYvYnBmdG9vbC9Eb2N1bWVudGF0aW9uL2JwZnRvb2wt Z2VuLnJzdCB8ICAxMyArDQo+ID4gIHRvb2xzL2JwZi9icGZ0b29sL2Jhc2gtY29tcGxldGlvbi9i cGZ0b29sICAgICB8ICAgNiArLQ0KPiA+ICB0b29scy9icGYvYnBmdG9vbC9nZW4uYyAgICAgICAg ICAgICAgICAgICAgICAgfCAzMzEgKysrKysrKysrKysrKw0KPiA+ICB0b29scy9icGYvYnBmdG9v bC9tYWluLmMgICAgICAgICAgICAgICAgICAgICAgfCAgIDcgKy0NCj4gPiAgdG9vbHMvYnBmL2Jw ZnRvb2wvbWFpbi5oICAgICAgICAgICAgICAgICAgICAgIHwgICAxICsNCj4gPiAgdG9vbHMvdGVz dGluZy9zZWxmdGVzdHMvYnBmL01ha2VmaWxlICAgICAgICAgIHwgIDMyICstDQo+ID4gIC4uLi9i cGYvYnBmX3Rlc3Rtb2RfcHJlbG9hZC8uZ2l0aWdub3JlICAgICAgICB8ICAgNyArDQo+ID4gIC4u Li9icGYvYnBmX3Rlc3Rtb2RfcHJlbG9hZC9NYWtlZmlsZSAgICAgICAgICB8ICAyMCArDQo+ID4g IC4uLi9nZW5fcHJlbG9hZF9tZXRob2RzLmV4cGVjdGVkLmRpZmYgICAgICAgICB8ICA5NyArKysr DQo+ID4gIC4uLi9icGYvcHJvZ190ZXN0cy90ZXN0X2dlbl9wcmVsb2FkX21ldGhvZHMuYyB8ICAy NyArDQo+ID4gIC4uLi9icGYvcHJvZ190ZXN0cy90ZXN0X3ByZWxvYWRfbWV0aG9kcy5jICAgICB8 ICA2OSArKysNCj4gPiAgLi4uL3NlbGZ0ZXN0cy9icGYvcHJvZ3MvZ2VuX3ByZWxvYWRfbWV0aG9k cy5jIHwgIDIzICsNCj4gPiAgMjQgZmlsZXMgY2hhbmdlZCwgMTI0NiBpbnNlcnRpb25zKCspLCAz MzcgZGVsZXRpb25zKC0pDQo+ID4gIGNyZWF0ZSBtb2RlIDEwMDY0NCBpbmNsdWRlL2xpbnV4L2Jw Zl9wcmVsb2FkLmgNCj4gPiAgZGVsZXRlIG1vZGUgMTAwNjQ0IGtlcm5lbC9icGYvcHJlbG9hZC9i cGZfcHJlbG9hZC5oDQo+ID4gIGNyZWF0ZSBtb2RlIDEwMDY0NA0KPiB0b29scy90ZXN0aW5nL3Nl bGZ0ZXN0cy9icGYvYnBmX3Rlc3Rtb2RfcHJlbG9hZC8uZ2l0aWdub3JlDQo+ID4gIGNyZWF0ZSBt b2RlIDEwMDY0NA0KPiB0b29scy90ZXN0aW5nL3NlbGZ0ZXN0cy9icGYvYnBmX3Rlc3Rtb2RfcHJl bG9hZC9NYWtlZmlsZQ0KPiA+ICBjcmVhdGUgbW9kZSAxMDA2NDQNCj4gdG9vbHMvdGVzdGluZy9z ZWxmdGVzdHMvYnBmL3Byb2dfdGVzdHMvZ2VuX3ByZWxvYWRfbWV0aG9kcy5leHBlY3RlZC5kaWZm DQo+ID4gIGNyZWF0ZSBtb2RlIDEwMDY0NA0KPiB0b29scy90ZXN0aW5nL3NlbGZ0ZXN0cy9icGYv cHJvZ190ZXN0cy90ZXN0X2dlbl9wcmVsb2FkX21ldGhvZHMuYw0KPiA+ICBjcmVhdGUgbW9kZSAx MDA2NDQNCj4gdG9vbHMvdGVzdGluZy9zZWxmdGVzdHMvYnBmL3Byb2dfdGVzdHMvdGVzdF9wcmVs b2FkX21ldGhvZHMuYw0KPiA+ICBjcmVhdGUgbW9kZSAxMDA2NDQNCj4gdG9vbHMvdGVzdGluZy9z ZWxmdGVzdHMvYnBmL3Byb2dzL2dlbl9wcmVsb2FkX21ldGhvZHMuYw0KPiA+DQo+ID4gLS0NCj4g PiAyLjMyLjANCj4gPg0K From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 3FE24C433EF for ; Wed, 30 Mar 2022 07:22:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:In-Reply-To:References: Message-ID:Date:Subject:CC:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=nJzluWE9i7CLAqmSKQaon2eXuDdPJuYNBWQb782N5d8=; b=gf5JS7qNrt50s9 3nJLaaU/34DnRthvTPgKP5yKhg3U8YMOUCv5sz1AR0kGRmgBRwiCJ3lX2+7Nst3nIcaA5e10hyWsQ SeXaGL4dPw3i27WmWVJNDIT4Gk2us2+iD4nrsvDxS2b9Lzk+ToNY8+8aQvo1EwlIjA0SFelWCs/vz tE3wsB0yUqyNGRNfQHcogF+uj4ORnkSxU/VxZ2EtaP3SqwDlcXwfVE1NC25WAF2dM6UsM42MniQVW R1XNc3HWoQvoHX70OrG5dqaI3TtJ7bA6okyCwlR7GC5Lhio6tn2f0rqhs59fiKb9LfwVA2hKhnX2E TLcMk4mlEnA2fLRuRUJQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1nZSdm-00EYdr-Qt; Wed, 30 Mar 2022 07:21:14 +0000 Received: from frasgout.his.huawei.com ([185.176.79.56]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1nZSdi-00EYbH-FW for linux-arm-kernel@lists.infradead.org; Wed, 30 Mar 2022 07:21:13 +0000 Received: from fraeml710-chm.china.huawei.com (unknown [172.18.147.200]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4KSyV73jh2z67ZHP; Wed, 30 Mar 2022 15:19:11 +0800 (CST) Received: from fraeml714-chm.china.huawei.com (10.206.15.33) by fraeml710-chm.china.huawei.com (10.206.15.59) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Wed, 30 Mar 2022 09:21:03 +0200 Received: from fraeml714-chm.china.huawei.com ([10.206.15.33]) by fraeml714-chm.china.huawei.com ([10.206.15.33]) with mapi id 15.01.2375.024; Wed, 30 Mar 2022 09:21:03 +0200 From: Roberto Sassu To: Andrii Nakryiko CC: Jonathan Corbet , Al Viro , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , KP Singh , "Shuah Khan" , "mcoquelin.stm32@gmail.com" , "alexandre.torgue@foss.st.com" , Mimi Zohar , "Linux Doc Mailing List" , "linux-fsdevel@vger.kernel.org" , Networking , bpf , "open list:KERNEL SELFTEST FRAMEWORK" , "linux-stm32@st-md-mailman.stormreply.com" , linux-arm-kernel , "linux-integrity@vger.kernel.org" , "linux-security-module@vger.kernel.org" , open list Subject: RE: [PATCH 00/18] bpf: Secure and authenticated preloading of eBPF programs Thread-Topic: [PATCH 00/18] bpf: Secure and authenticated preloading of eBPF programs Thread-Index: AQHYQsxoL5kXhl8+JE6PJPNWV+NOTqzW6KkAgACTnqA= Date: Wed, 30 Mar 2022 07:21:03 +0000 Message-ID: <7574e95fb2304db7b8d64be5d2553b20@huawei.com> References: <20220328175033.2437312-1-roberto.sassu@huawei.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.81.209.190] MIME-Version: 1.0 X-CFilter-Loop: Reflected X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220330_002110_861154_45E3A99A X-CRM114-Status: GOOD ( 29.87 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org > From: Andrii Nakryiko [mailto:andrii.nakryiko@gmail.com] > Sent: Wednesday, March 30, 2022 1:51 AM > On Mon, Mar 28, 2022 at 10:51 AM Roberto Sassu > wrote: [...] > > Patches 1-2 export some definitions, to build out-of-tree kernel modules > > with eBPF programs to preload. Patches 3-4 allow eBPF programs to pin > > objects by themselves. Patches 5-10 automatically generate the methods > for > > preloading in the light skeleton. Patches 11-14 make it possible to preload > > multiple eBPF programs. Patch 15 automatically generates the kernel > module > > for preloading an eBPF program, patch 16 does a kernel mount of the bpf > > filesystem, and finally patches 17-18 test the functionality introduced. > > > > This approach of moving tons of pretty generic code into codegen of > lskel seems suboptimal. Why so much code has to be codegenerated? > Especially that tiny module code? Hi Andrii the main goal of this patch set is to use the preloading mechanism to plug in securely LSMs implemented as eBPF programs. I have a use case, I want to plug in my eBPF program, DIGLIM eBPF. I started to modify the preloading code manually, and I realized how complicated the process is if you want to add something more than the existing iterators_bpf program. First, you have to look at which objects you want to preload, then write code for each of them. This process is repetitive and deterministic, this is why I immediately thought that it is a good case for automatic code generation. My idea is that, if this mechanism is accepted, an implementer of an LSM wishing to be preloaded at the very beginning, only has to write his eBPF code, the kernel and bpftool take care of the rest. Generation of the preloading code is optional, and need to be enabled with the -P option, in addition to -L. The light skeleton of DIGLIM eBPF looks like: https://github.com/robertosassu/linux/blob/bpf-preload-v1/kernel/bpf/preload/diglim/diglim.lskel.h The preloading interface is very similar to the one used by the security subsystem: an ordered list of eBPF programs to preload set in the kernel configuration, that can be overwritten with the kernel option bpf_preload_list=. The changes that would be required to preload DIGLIM eBPF look like: https://github.com/robertosassu/linux/commit/c07e1a78584ee688aeb812f07dc7ab3060ac6152 Thanks Roberto HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063 Managing Director: Li Peng, Zhong Ronghua > Can you please elaborate on why it can't be done in a way that doesn't > require such extensive light skeleton codegen changes? > > > > Roberto Sassu (18): > > bpf: Export bpf_link_inc() > > bpf-preload: Move bpf_preload.h to include/linux > > bpf-preload: Generalize object pinning from the kernel > > bpf-preload: Export and call bpf_obj_do_pin_kernel() > > bpf-preload: Generate static variables > > bpf-preload: Generate free_objs_and_skel() > > bpf-preload: Generate preload() > > bpf-preload: Generate load_skel() > > bpf-preload: Generate code to pin non-internal maps > > bpf-preload: Generate bpf_preload_ops > > bpf-preload: Store multiple bpf_preload_ops structures in a linked > > list > > bpf-preload: Implement new registration method for preloading eBPF > > programs > > bpf-preload: Move pinned links and maps to a dedicated directory in > > bpffs > > bpf-preload: Switch to new preload registration method > > bpf-preload: Generate code of kernel module to preload > > bpf-preload: Do kernel mount to ensure that pinned objects don't > > disappear > > bpf-preload/selftests: Add test for automatic generation of preload > > methods > > bpf-preload/selftests: Preload a test eBPF program and check pinned > > objects > > please use proper prefixes: bpf (for kernel-side changes), libbpf, > bpftool, selftests/bpf, etc > > > > > > .../admin-guide/kernel-parameters.txt | 8 + > > fs/namespace.c | 1 + > > include/linux/bpf.h | 5 + > > include/linux/bpf_preload.h | 37 ++ > > init/main.c | 2 + > > kernel/bpf/inode.c | 295 +++++++++-- > > kernel/bpf/preload/Kconfig | 25 +- > > kernel/bpf/preload/bpf_preload.h | 16 - > > kernel/bpf/preload/bpf_preload_kern.c | 85 +--- > > kernel/bpf/preload/iterators/Makefile | 9 +- > > .../bpf/preload/iterators/iterators.lskel.h | 466 +++++++++++------- > > kernel/bpf/syscall.c | 1 + > > .../bpf/bpftool/Documentation/bpftool-gen.rst | 13 + > > tools/bpf/bpftool/bash-completion/bpftool | 6 +- > > tools/bpf/bpftool/gen.c | 331 +++++++++++++ > > tools/bpf/bpftool/main.c | 7 +- > > tools/bpf/bpftool/main.h | 1 + > > tools/testing/selftests/bpf/Makefile | 32 +- > > .../bpf/bpf_testmod_preload/.gitignore | 7 + > > .../bpf/bpf_testmod_preload/Makefile | 20 + > > .../gen_preload_methods.expected.diff | 97 ++++ > > .../bpf/prog_tests/test_gen_preload_methods.c | 27 + > > .../bpf/prog_tests/test_preload_methods.c | 69 +++ > > .../selftests/bpf/progs/gen_preload_methods.c | 23 + > > 24 files changed, 1246 insertions(+), 337 deletions(-) > > create mode 100644 include/linux/bpf_preload.h > > delete mode 100644 kernel/bpf/preload/bpf_preload.h > > create mode 100644 > tools/testing/selftests/bpf/bpf_testmod_preload/.gitignore > > create mode 100644 > tools/testing/selftests/bpf/bpf_testmod_preload/Makefile > > create mode 100644 > tools/testing/selftests/bpf/prog_tests/gen_preload_methods.expected.diff > > create mode 100644 > tools/testing/selftests/bpf/prog_tests/test_gen_preload_methods.c > > create mode 100644 > tools/testing/selftests/bpf/prog_tests/test_preload_methods.c > > create mode 100644 > tools/testing/selftests/bpf/progs/gen_preload_methods.c > > > > -- > > 2.32.0 > > _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel