From: Kumar Kartikeya Dwivedi <memxor@gmail.com>
To: Roberto Sassu <roberto.sassu@huaweicloud.com>
Cc: ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org,
martin.lau@linux.dev, song@kernel.org, yhs@fb.com,
john.fastabend@gmail.com, kpsingh@kernel.org, sdf@google.com,
haoluo@google.com, jolsa@kernel.org, mykolal@fb.com,
dhowells@redhat.com, jarkko@kernel.org, rostedt@goodmis.org,
mingo@redhat.com, paul@paul-moore.com, jmorris@namei.org,
serge@hallyn.com, shuah@kernel.org, bpf@vger.kernel.org,
keyrings@vger.kernel.org, linux-security-module@vger.kernel.org,
linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org,
deso@posteo.net, Roberto Sassu <roberto.sassu@huawei.com>
Subject: Re: [PATCH v16 06/12] bpf: Add bpf_lookup_*_key() and bpf_key_put() kfuncs
Date: Tue, 6 Sep 2022 04:43:05 +0200 [thread overview]
Message-ID: <CAP01T74HKXuf9Aig4v3zsL1rwQAGRpUtTiaN2djWsMiJmaqF_A@mail.gmail.com> (raw)
In-Reply-To: <20220905143318.1592015-7-roberto.sassu@huaweicloud.com>
On Mon, 5 Sept 2022 at 16:35, Roberto Sassu
<roberto.sassu@huaweicloud.com> wrote:
>
> From: Roberto Sassu <roberto.sassu@huawei.com>
>
> Add the bpf_lookup_user_key(), bpf_lookup_system_key() and bpf_key_put()
> kfuncs, to respectively search a key with a given key handle serial number
> and flags, obtain a key from a pre-determined ID defined in
> include/linux/verification.h, and cleanup.
>
> Introduce system_keyring_id_check() to validate the keyring ID parameter of
> bpf_lookup_system_key().
>
> Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
> ---
With a small nit below,
Acked-by: Kumar Kartikeya Dwivedi <memxor@gmail.com>
> include/linux/bpf.h | 8 +++
> include/linux/verification.h | 8 +++
> kernel/trace/bpf_trace.c | 135 +++++++++++++++++++++++++++++++++++
> 3 files changed, 151 insertions(+)
>
> diff --git a/include/linux/bpf.h b/include/linux/bpf.h
> index 9dbd7c3f8929..f3db614aece6 100644
> --- a/include/linux/bpf.h
> +++ b/include/linux/bpf.h
> @@ -2595,4 +2595,12 @@ static inline void bpf_cgroup_atype_get(u32 attach_btf_id, int cgroup_atype) {}
> static inline void bpf_cgroup_atype_put(int cgroup_atype) {}
> #endif /* CONFIG_BPF_LSM */
>
> +struct key;
> +
> +#ifdef CONFIG_KEYS
> +struct bpf_key {
> + struct key *key;
> + bool has_ref;
> +};
> +#endif /* CONFIG_KEYS */
> #endif /* _LINUX_BPF_H */
> diff --git a/include/linux/verification.h b/include/linux/verification.h
> index a655923335ae..f34e50ebcf60 100644
> --- a/include/linux/verification.h
> +++ b/include/linux/verification.h
> @@ -17,6 +17,14 @@
> #define VERIFY_USE_SECONDARY_KEYRING ((struct key *)1UL)
> #define VERIFY_USE_PLATFORM_KEYRING ((struct key *)2UL)
>
> +static inline int system_keyring_id_check(u64 id)
> +{
> + if (id > (unsigned long)VERIFY_USE_PLATFORM_KEYRING)
> + return -EINVAL;
> +
> + return 0;
> +}
> +
> /*
> * The use to which an asymmetric key is being put.
> */
> diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
> index 68e5cdd24cef..7a7023704ac2 100644
> --- a/kernel/trace/bpf_trace.c
> +++ b/kernel/trace/bpf_trace.c
> @@ -20,6 +20,8 @@
> #include <linux/fprobe.h>
> #include <linux/bsearch.h>
> #include <linux/sort.h>
> +#include <linux/key.h>
> +#include <linux/verification.h>
>
> #include <net/bpf_sk_storage.h>
>
> @@ -1181,6 +1183,139 @@ static const struct bpf_func_proto bpf_get_func_arg_cnt_proto = {
> .arg1_type = ARG_PTR_TO_CTX,
> };
>
> +#ifdef CONFIG_KEYS
> +__diag_push();
> +__diag_ignore_all("-Wmissing-prototypes",
> + "kfuncs which will be used in BPF programs");
> +
> +/**
> + * bpf_lookup_user_key - lookup a key by its serial
> + * @serial: key handle serial number
> + * @flags: lookup-specific flags
> + *
> + * Search a key with a given *serial* and the provided *flags*.
> + * If found, increment the reference count of the key by one, and
> + * return it in the bpf_key structure.
> + *
> + * The bpf_key structure must be passed to bpf_key_put() when done
> + * with it, so that the key reference count is decremented and the
> + * bpf_key structure is freed.
> + *
> + * Permission checks are deferred to the time the key is used by
> + * one of the available key-specific kfuncs.
> + *
> + * Set *flags* with KEY_LOOKUP_CREATE, to attempt creating a requested
> + * special keyring (e.g. session keyring), if it doesn't yet exist.
> + * Set *flags* with KEY_LOOKUP_PARTIAL, to lookup a key without waiting
> + * for the key construction, and to retrieve uninstantiated keys (keys
> + * without data attached to them).
> + *
> + * Return: a bpf_key pointer with a valid key pointer if the key is found, a
> + * NULL pointer otherwise.
> + */
> +struct bpf_key *bpf_lookup_user_key(u32 serial, u64 flags)
> +{
> + key_ref_t key_ref;
> + struct bpf_key *bkey;
> +
> + if (flags & ~KEY_LOOKUP_ALL)
> + return NULL;
> +
> + /*
> + * Permission check is deferred until the key is used, as the
> + * intent of the caller is unknown here.
> + */
> + key_ref = lookup_user_key(serial, flags, KEY_DEFER_PERM_CHECK);
> + if (IS_ERR(key_ref))
> + return NULL;
> +
> + bkey = kmalloc(sizeof(*bkey), GFP_ATOMIC);
Since this function (due to lookup_user_key) is sleepable, do we
really need GFP_ATOMIC here?
> + if (!bkey) {
> + key_put(key_ref_to_ptr(key_ref));
> + return NULL;
> + }
> +
> + bkey->key = key_ref_to_ptr(key_ref);
> + bkey->has_ref = true;
> +
> + return bkey;
> +}
> +
> +/**
> + * bpf_lookup_system_key - lookup a key by a system-defined ID
> + * @id: key ID
> + *
> + * Obtain a bpf_key structure with a key pointer set to the passed key ID.
> + * The key pointer is marked as invalid, to prevent bpf_key_put() from
> + * attempting to decrement the key reference count on that pointer. The key
> + * pointer set in such way is currently understood only by
> + * verify_pkcs7_signature().
> + *
> + * Set *id* to one of the values defined in include/linux/verification.h:
> + * 0 for the primary keyring (immutable keyring of system keys);
> + * VERIFY_USE_SECONDARY_KEYRING for both the primary and secondary keyring
> + * (where keys can be added only if they are vouched for by existing keys
> + * in those keyrings); VERIFY_USE_PLATFORM_KEYRING for the platform
> + * keyring (primarily used by the integrity subsystem to verify a kexec'ed
> + * kerned image and, possibly, the initramfs signature).
> + *
> + * Return: a bpf_key pointer with an invalid key pointer set from the
> + * pre-determined ID on success, a NULL pointer otherwise
> + */
> +struct bpf_key *bpf_lookup_system_key(u64 id)
> +{
> + struct bpf_key *bkey;
> +
> + if (system_keyring_id_check(id) < 0)
> + return NULL;
> +
> + bkey = kmalloc(sizeof(*bkey), GFP_ATOMIC);
> + if (!bkey)
> + return NULL;
> +
> + bkey->key = (struct key *)(unsigned long)id;
> + bkey->has_ref = false;
> +
> + return bkey;
> +}
> +
> +/**
> + * bpf_key_put - decrement key reference count if key is valid and free bpf_key
> + * @bkey: bpf_key structure
> + *
> + * Decrement the reference count of the key inside *bkey*, if the pointer
> + * is valid, and free *bkey*.
> + */
> +void bpf_key_put(struct bpf_key *bkey)
> +{
> + if (bkey->has_ref)
> + key_put(bkey->key);
> +
> + kfree(bkey);
> +}
> +
> +__diag_pop();
> +
> +BTF_SET8_START(key_sig_kfunc_set)
> +BTF_ID_FLAGS(func, bpf_lookup_user_key, KF_ACQUIRE | KF_RET_NULL | KF_SLEEPABLE)
> +BTF_ID_FLAGS(func, bpf_lookup_system_key, KF_ACQUIRE | KF_RET_NULL)
> +BTF_ID_FLAGS(func, bpf_key_put, KF_RELEASE)
> +BTF_SET8_END(key_sig_kfunc_set)
> +
> +static const struct btf_kfunc_id_set bpf_key_sig_kfunc_set = {
> + .owner = THIS_MODULE,
> + .set = &key_sig_kfunc_set,
> +};
> +
> +static int __init bpf_key_sig_kfuncs_init(void)
> +{
> + return register_btf_kfunc_id_set(BPF_PROG_TYPE_TRACING,
> + &bpf_key_sig_kfunc_set);
> +}
> +
> +late_initcall(bpf_key_sig_kfuncs_init);
> +#endif /* CONFIG_KEYS */
> +
> static const struct bpf_func_proto *
> bpf_tracing_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
> {
> --
> 2.25.1
>
next prev parent reply other threads:[~2022-09-06 2:43 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-05 14:33 [PATCH v16 00/12] bpf: Add kfuncs for PKCS#7 signature verification Roberto Sassu
2022-09-05 14:33 ` [PATCH v16 01/12] bpf: Allow kfuncs to be used in LSM programs Roberto Sassu
2022-09-06 2:28 ` Kumar Kartikeya Dwivedi
2022-09-05 14:33 ` [PATCH v16 02/12] bpf: Move dynptr type check to is_dynptr_type_expected() Roberto Sassu
2022-09-06 2:32 ` Kumar Kartikeya Dwivedi
2022-09-05 14:33 ` [PATCH v16 03/12] btf: Allow dynamic pointer parameters in kfuncs Roberto Sassu
2022-09-06 2:33 ` Kumar Kartikeya Dwivedi
2022-09-05 14:33 ` [PATCH v16 04/12] bpf: Export bpf_dynptr_get_size() Roberto Sassu
2022-09-06 2:33 ` Kumar Kartikeya Dwivedi
2022-09-06 3:06 ` Hou Tao
2022-09-05 14:33 ` [PATCH v16 05/12] KEYS: Move KEY_LOOKUP_ to include/linux/key.h and define KEY_LOOKUP_ALL Roberto Sassu
2022-09-05 21:38 ` Jarkko Sakkinen
2022-09-06 7:08 ` Roberto Sassu
2022-09-06 10:37 ` Jarkko Sakkinen
2022-09-06 11:04 ` Roberto Sassu
2022-09-06 11:43 ` Jarkko Sakkinen
2022-09-06 12:15 ` [PATCH v17 " Roberto Sassu
2022-09-06 12:26 ` Jarkko Sakkinen
2022-09-06 12:28 ` Roberto Sassu
2022-09-05 14:33 ` [PATCH v16 06/12] bpf: Add bpf_lookup_*_key() and bpf_key_put() kfuncs Roberto Sassu
2022-09-06 2:43 ` Kumar Kartikeya Dwivedi [this message]
2022-09-06 8:00 ` Roberto Sassu
2022-09-06 18:45 ` Alexei Starovoitov
2022-09-07 6:59 ` Roberto Sassu
2022-09-05 14:33 ` [PATCH v16 07/12] bpf: Add bpf_verify_pkcs7_signature() kfunc Roberto Sassu
2022-09-06 2:57 ` Kumar Kartikeya Dwivedi
2022-09-06 8:07 ` Roberto Sassu
2022-09-07 2:28 ` Kumar Kartikeya Dwivedi
2022-09-07 12:19 ` Roberto Sassu
2022-09-07 13:55 ` Kumar Kartikeya Dwivedi
2022-09-05 14:33 ` [PATCH v16 08/12] selftests/bpf: Compile kernel with everything as built-in Roberto Sassu
2022-09-06 3:01 ` Kumar Kartikeya Dwivedi
2022-09-05 14:33 ` [PATCH v16 09/12] selftests/bpf: Add verifier tests for bpf_lookup_*_key() and bpf_key_put() Roberto Sassu
2022-09-06 3:03 ` Kumar Kartikeya Dwivedi
2022-09-05 14:33 ` [PATCH v16 10/12] selftests/bpf: Add additional tests for bpf_lookup_*_key() Roberto Sassu
2022-09-05 14:33 ` [PATCH v16 11/12] selftests/bpf: Add test for bpf_verify_pkcs7_signature() kfunc Roberto Sassu
2022-09-05 14:33 ` [PATCH v16 12/12] selftests/bpf: Add tests for dynamic pointers parameters in kfuncs Roberto Sassu
2022-09-06 3:15 ` Kumar Kartikeya Dwivedi
2022-09-06 8:30 ` Roberto Sassu
2022-09-07 2:34 ` Kumar Kartikeya Dwivedi
2022-09-07 14:59 ` [PATCH v17 " Roberto Sassu
2022-09-07 16:02 ` Kumar Kartikeya Dwivedi
2022-09-05 19:26 ` [PATCH v16 00/12] bpf: Add kfuncs for PKCS#7 signature verification Kumar Kartikeya Dwivedi
2022-09-06 7:35 ` Roberto Sassu
2022-09-07 14:49 ` Roberto Sassu
2022-09-07 14:57 ` Kumar Kartikeya Dwivedi
2022-09-07 15:09 ` Roberto Sassu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAP01T74HKXuf9Aig4v3zsL1rwQAGRpUtTiaN2djWsMiJmaqF_A@mail.gmail.com \
--to=memxor@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=deso@posteo.net \
--cc=dhowells@redhat.com \
--cc=haoluo@google.com \
--cc=jarkko@kernel.org \
--cc=jmorris@namei.org \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=keyrings@vger.kernel.org \
--cc=kpsingh@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=martin.lau@linux.dev \
--cc=mingo@redhat.com \
--cc=mykolal@fb.com \
--cc=paul@paul-moore.com \
--cc=roberto.sassu@huawei.com \
--cc=roberto.sassu@huaweicloud.com \
--cc=rostedt@goodmis.org \
--cc=sdf@google.com \
--cc=serge@hallyn.com \
--cc=shuah@kernel.org \
--cc=song@kernel.org \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).