From: Paul Moore <paul@paul-moore.com>
To: Andrii Nakryiko <andrii@kernel.org>, <bpf@vger.kernel.org>,
<netdev@vger.kernel.org>
Cc: <linux-fsdevel@vger.kernel.org>,
<linux-security-module@vger.kernel.org>, <keescook@chromium.org>,
<brauner@kernel.org>, <lennart@poettering.net>,
<kernel-team@meta.com>, <sargun@sargun.me>,
selinux@vger.kernel.org
Subject: Re: [PATCH v6 6/13] bpf: add BPF token support to BPF_PROG_LOAD command
Date: Tue, 10 Oct 2023 21:17:39 -0400 [thread overview]
Message-ID: <9fe88aef7deabbe87d3fc38c4aea3c69.paul@paul-moore.com> (raw)
In-Reply-To: <20230927225809.2049655-7-andrii@kernel.org>
On Sep 27, 2023 Andrii Nakryiko <andrii@kernel.org> wrote:
>
> Add basic support of BPF token to BPF_PROG_LOAD. Wire through a set of
> allowed BPF program types and attach types, derived from BPF FS at BPF
> token creation time. Then make sure we perform bpf_token_capable()
> checks everywhere where it's relevant.
>
> Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
> ---
> include/linux/bpf.h | 6 ++
> include/uapi/linux/bpf.h | 2 +
> kernel/bpf/core.c | 1 +
> kernel/bpf/inode.c | 6 +-
> kernel/bpf/syscall.c | 87 ++++++++++++++-----
> kernel/bpf/token.c | 25 ++++++
> tools/include/uapi/linux/bpf.h | 2 +
> .../selftests/bpf/prog_tests/libbpf_probes.c | 2 +
> .../selftests/bpf/prog_tests/libbpf_str.c | 3 +
> 9 files changed, 108 insertions(+), 26 deletions(-)
...
> diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
> index 5c5c2b6648b2..d0b219f09bcc 100644
> --- a/kernel/bpf/syscall.c
> +++ b/kernel/bpf/syscall.c
> @@ -2685,6 +2718,10 @@ static int bpf_prog_load(union bpf_attr *attr, bpfptr_t uattr, u32 uattr_size)
> prog->aux->sleepable = attr->prog_flags & BPF_F_SLEEPABLE;
> prog->aux->xdp_has_frags = attr->prog_flags & BPF_F_XDP_HAS_FRAGS;
>
> + /* move token into prog->aux, reuse taken refcnt */
> + prog->aux->token = token;
> + token = NULL;
> +
> err = security_bpf_prog_alloc(prog->aux);
> if (err)
> goto free_prog;
As we discussed in the earlier thread, let's tweak/rename/move the
security_bpf_prog_alloc() call down to just before the bpf_check() call
so it looks something like this:
err = security_bpf_prog_load(prog, &attr, token);
if (err)
goto proper_jump_label;
err = bpf_check(...);
With the idea being that LSMs which implement the token hooks would
skip any BPF_PROG_LOAD access controls in security_bpf() and instead
implement them in security_bpf_prog_load().
We should also do something similar for map_create() and
security_bpf_map_alloc() in patch 4/13.
--
paul-moore.com
next prev parent reply other threads:[~2023-10-11 1:17 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-27 22:57 [PATCH v6 bpf-next 00/13] BPF token and BPF FS-based delegation Andrii Nakryiko
2023-09-27 22:57 ` [PATCH v6 bpf-next 01/13] bpf: align CAP_NET_ADMIN checks with bpf_capable() approach Andrii Nakryiko
2023-09-27 22:57 ` [PATCH v6 bpf-next 02/13] bpf: add BPF token delegation mount options to BPF FS Andrii Nakryiko
2023-10-10 7:08 ` Hou Tao
2023-10-12 0:30 ` Andrii Nakryiko
2023-09-27 22:57 ` [PATCH v6 bpf-next 03/13] bpf: introduce BPF token object Andrii Nakryiko
2023-10-11 1:17 ` [PATCH v6 3/13] " Paul Moore
2023-10-12 0:31 ` Andrii Nakryiko
2023-10-12 21:48 ` Andrii Nakryiko
2023-10-12 23:43 ` Paul Moore
2023-10-12 23:51 ` Andrii Nakryiko
2023-10-12 23:18 ` Paul Moore
2023-10-12 23:45 ` Andrii Nakryiko
2023-10-11 2:35 ` [PATCH v6 bpf-next 03/13] " Hou Tao
2023-10-12 0:31 ` Andrii Nakryiko
2023-09-27 22:58 ` [PATCH v6 bpf-next 04/13] bpf: add BPF token support to BPF_MAP_CREATE command Andrii Nakryiko
2023-10-10 8:35 ` Jiri Olsa
2023-10-12 0:30 ` Andrii Nakryiko
2023-09-27 22:58 ` [PATCH v6 bpf-next 05/13] bpf: add BPF token support to BPF_BTF_LOAD command Andrii Nakryiko
2023-09-27 22:58 ` [PATCH v6 bpf-next 06/13] bpf: add BPF token support to BPF_PROG_LOAD command Andrii Nakryiko
2023-10-11 1:17 ` Paul Moore [this message]
2023-10-12 0:31 ` [PATCH v6 6/13] " Andrii Nakryiko
2023-09-27 22:58 ` [PATCH v6 bpf-next 07/13] bpf: take into account BPF token when fetching helper protos Andrii Nakryiko
2023-09-27 22:58 ` [PATCH v6 bpf-next 08/13] bpf: consistenly use BPF token throughout BPF verifier logic Andrii Nakryiko
2023-09-27 22:58 ` [PATCH v6 bpf-next 09/13] libbpf: add bpf_token_create() API Andrii Nakryiko
2023-09-27 22:58 ` [PATCH v6 bpf-next 10/13] libbpf: add BPF token support to bpf_map_create() API Andrii Nakryiko
2023-09-27 22:58 ` [PATCH v6 bpf-next 11/13] libbpf: add BPF token support to bpf_btf_load() API Andrii Nakryiko
2023-09-27 22:58 ` [PATCH v6 bpf-next 12/13] libbpf: add BPF token support to bpf_prog_load() API Andrii Nakryiko
2023-09-27 22:58 ` [PATCH v6 bpf-next 13/13] selftests/bpf: add BPF token-enabled tests Andrii Nakryiko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9fe88aef7deabbe87d3fc38c4aea3c69.paul@paul-moore.com \
--to=paul@paul-moore.com \
--cc=andrii@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=brauner@kernel.org \
--cc=keescook@chromium.org \
--cc=kernel-team@meta.com \
--cc=lennart@poettering.net \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=sargun@sargun.me \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).