From: Roberto Sassu <roberto.sassu@huawei.com>
To: Yonghong Song <yhs@fb.com>,
"zohar@linux.ibm.com" <zohar@linux.ibm.com>,
"shuah@kernel.org" <shuah@kernel.org>,
"ast@kernel.org" <ast@kernel.org>,
"daniel@iogearbox.net" <daniel@iogearbox.net>,
"andrii@kernel.org" <andrii@kernel.org>,
"kpsingh@kernel.org" <kpsingh@kernel.org>,
"revest@chromium.org" <revest@chromium.org>
Cc: "linux-integrity@vger.kernel.org"
<linux-integrity@vger.kernel.org>,
"linux-security-module@vger.kernel.org"
<linux-security-module@vger.kernel.org>,
"linux-kselftest@vger.kernel.org"
<linux-kselftest@vger.kernel.org>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
"bpf@vger.kernel.org" <bpf@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: RE: [PATCH v2 3/6] bpf-lsm: Introduce new helper bpf_ima_file_hash()
Date: Tue, 15 Feb 2022 17:04:56 +0000 [thread overview]
Message-ID: <b896e06f871645a6a2fb9a6f6cf4a8ff@huawei.com> (raw)
In-Reply-To: <f939bd53-96d0-d1dc-306f-6215ade6a7f1@fb.com>
> From: Yonghong Song [mailto:yhs@fb.com]
> Sent: Tuesday, February 15, 2022 6:03 PM
> On 2/15/22 4:40 AM, Roberto Sassu wrote:
> > ima_file_hash() has been modified to calculate the measurement of a file on
> > demand, if it has not been already performed by IMA. For compatibility
> > reasons, ima_inode_hash() remains unchanged.
> >
> > Keep the same approach in eBPF and introduce the new helper
> > bpf_ima_file_hash() to take advantage of the modified behavior of
> > ima_file_hash().
> >
> > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
> > ---
> > include/uapi/linux/bpf.h | 11 +++++++++++
> > kernel/bpf/bpf_lsm.c | 20 ++++++++++++++++++++
> > tools/include/uapi/linux/bpf.h | 11 +++++++++++
> > 3 files changed, 42 insertions(+)
> >
> > diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
> > index b0383d371b9a..ba33d5718d6b 100644
> > --- a/include/uapi/linux/bpf.h
> > +++ b/include/uapi/linux/bpf.h
> > @@ -4648,6 +4648,16 @@ union bpf_attr {
> > * **-EOPNOTSUP** if IMA is disabled or **-EINVAL** if
> > * invalid arguments are passed.
> > *
> > + * long bpf_ima_file_hash(struct file *file, void *dst, u32 size)
> > + * Description
> > + * Returns a calculated IMA hash of the *file*.
> > + * If the hash is larger than *size*, then only *size*
> > + * bytes will be copied to *dst*
> > + * Return
> > + * The **hash_algo** is returned on success,
> > + * **-EOPNOTSUP** if the hash calculation failed or **-EINVAL**
> if
> > + * invalid arguments are passed.
> > + *
> > * struct socket *bpf_sock_from_file(struct file *file)
> > * Description
> > * If the given file represents a socket, returns the associated
> > @@ -5182,6 +5192,7 @@ union bpf_attr {
> > FN(bprm_opts_set), \
> > FN(ktime_get_coarse_ns), \
> > FN(ima_inode_hash), \
> > + FN(ima_file_hash), \
>
> Please put the above FN(ima_file_hash) to the end of the list.
> Otherwise, we have a backward compatability issue.
Hi Yonghong
sure, will do.
Thanks
Roberto
HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063
Managing Director: Li Peng, Zhong Ronghua
> > FN(sock_from_file), \
> > FN(check_mtu), \
> > FN(for_each_map_elem), \
> > diff --git a/kernel/bpf/bpf_lsm.c b/kernel/bpf/bpf_lsm.c
> > index 9e4ecc990647..e8d27af5bbcc 100644
> > --- a/kernel/bpf/bpf_lsm.c
> > +++ b/kernel/bpf/bpf_lsm.c
> [...]
next prev parent reply other threads:[~2022-02-15 17:05 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-15 12:40 [PATCH v2 0/6] bpf-lsm: Extend interoperability with IMA Roberto Sassu
2022-02-15 12:40 ` [PATCH v2 1/6] ima: Fix documentation-related warnings in ima_main.c Roberto Sassu
2022-02-15 15:46 ` Shuah Khan
2022-02-15 15:58 ` Roberto Sassu
2022-02-15 12:40 ` [PATCH v2 2/6] ima: Always return a file measurement in ima_file_hash() Roberto Sassu
2022-02-15 12:40 ` [PATCH v2 3/6] bpf-lsm: Introduce new helper bpf_ima_file_hash() Roberto Sassu
2022-02-15 17:02 ` Yonghong Song
2022-02-15 17:04 ` Roberto Sassu [this message]
2022-02-15 12:40 ` [PATCH v2 4/6] selftests/bpf: Add test for bpf_ima_file_hash() Roberto Sassu
2022-02-15 16:00 ` Shuah Khan
2022-02-15 12:40 ` [PATCH v2 5/6] bpf-lsm: Make bpf_lsm_kernel_read_file() as sleepable Roberto Sassu
2022-02-15 12:40 ` [PATCH v2 6/6] selftests/bpf: Add test for bpf_lsm_kernel_read_file() Roberto Sassu
2022-02-15 16:11 ` Shuah Khan
2022-02-15 16:20 ` Roberto Sassu
2022-02-18 15:01 ` [PATCH v2 0/6] bpf-lsm: Extend interoperability with IMA Roberto Sassu
2022-02-25 0:22 ` Mimi Zohar
2022-02-25 8:41 ` Roberto Sassu
2022-02-25 19:11 ` Mimi Zohar
2022-02-26 8:07 ` Greg Kroah-Hartman
2022-02-27 17:46 ` Mimi Zohar
2022-02-28 9:07 ` Roberto Sassu
2022-02-28 9:12 ` Roberto Sassu
2022-02-28 10:43 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b896e06f871645a6a2fb9a6f6cf4a8ff@huawei.com \
--to=roberto.sassu@huawei.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=kpsingh@kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=revest@chromium.org \
--cc=shuah@kernel.org \
--cc=yhs@fb.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.