* [BPF] Unlocking the bpf_probe_write_user helper in controlled scenarios?
@ 2024-03-04 16:18 Nikola Grcevski
0 siblings, 0 replies; only message in thread
From: Nikola Grcevski @ 2024-03-04 16:18 UTC (permalink / raw)
To: linux-kernel
Since this kernel commit
https://github.com/torvalds/linux/commit/51e1bb9eeaf7868db56e58f47848e364ab4c4129,
the bpf_probe_write_user helper is locked down and cannot be used when
the kernel is set in integrity or security mode. We have a use case
for this helper for BPF enabled automatic context propagation of
OpenTelemetry trace headers (OpenTelemetry Go Auto Instrumentation and
Grafana Beyla). We write the W3C Trace Context header in outgoing HTTP
requests, by using uprobes attached to language specific HTTP/gRPC
libraries.
Writing the headers might be possible sometimes with the use of
bpf_skb_store_bytes helper, however it's not possible to be done when
TLS is enabled and it becomes very hard when the data is hpack encoded
(e.g. gRPC/HTTP2).
I'm asking if it's possible to reconsider unlocking this helper and if
it's not possible to be fully unlocked, can we unlock it for more
limited use? For example, allowed only in uprobes or only if certain
things (like memory range or PIDs) are specified though a BPF LSM
policy?
Currently when this helper is loaded by the BPF verifier, the lockdown
is checked in this order, so it seems we can only further restrict the
use by a LSM policy:
security_locked_down() {
lockdown_is_locked_down();
bpf_lsm_locked_down();
}
Thanks!
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2024-03-04 16:18 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-03-04 16:18 [BPF] Unlocking the bpf_probe_write_user helper in controlled scenarios? Nikola Grcevski
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.