mirror of
https://github.com/raspberrypi/linux.git
synced 2025-12-16 06:51:42 +00:00
082f1db02c
Certain bpf syscall subcommands are available for usage from both userspace and the kernel. LSM modules or eBPF gatekeeper programs may need to take a different course of action depending on whether or not a BPF syscall originated from the kernel or userspace. Additionally, some of the bpf_attr struct fields contain pointers to arbitrary memory. Currently the functionality to determine whether or not a pointer refers to kernel memory or userspace memory is exposed to the bpf verifier, but that information is missing from various LSM hooks. Here we augment the LSM hooks to provide this data, by simply passing a boolean flag indicating whether or not the call originated in the kernel, in any hook that contains a bpf_attr struct that corresponds to a subcommand that may be called from the kernel. Signed-off-by: Blaise Boscaccy <bboscaccy@linux.microsoft.com> Acked-by: Song Liu <song@kernel.org> Acked-by: Paul Moore <paul@paul-moore.com> Link: https://lore.kernel.org/r/20250310221737.821889-2-bboscaccy@linux.microsoft.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
87 lines
2.1 KiB
C
87 lines
2.1 KiB
C
// SPDX-License-Identifier: GPL-2.0
|
|
|
|
/*
|
|
* Copyright (C) 2022 Huawei Technologies Duesseldorf GmbH
|
|
*
|
|
* Author: Roberto Sassu <roberto.sassu@huawei.com>
|
|
*/
|
|
|
|
#include "vmlinux.h"
|
|
#include <errno.h>
|
|
#include <bpf/bpf_helpers.h>
|
|
#include <bpf/bpf_tracing.h>
|
|
#include "bpf_misc.h"
|
|
|
|
extern struct bpf_key *bpf_lookup_system_key(__u64 id) __ksym;
|
|
extern void bpf_key_put(struct bpf_key *key) __ksym;
|
|
extern int bpf_verify_pkcs7_signature(struct bpf_dynptr *data_ptr,
|
|
struct bpf_dynptr *sig_ptr,
|
|
struct bpf_key *trusted_keyring) __ksym;
|
|
|
|
struct {
|
|
__uint(type, BPF_MAP_TYPE_RINGBUF);
|
|
__uint(max_entries, 4096);
|
|
} ringbuf SEC(".maps");
|
|
|
|
struct {
|
|
__uint(type, BPF_MAP_TYPE_ARRAY);
|
|
__uint(max_entries, 1);
|
|
__type(key, __u32);
|
|
__type(value, __u32);
|
|
} array_map SEC(".maps");
|
|
|
|
int err, pid;
|
|
|
|
char _license[] SEC("license") = "GPL";
|
|
|
|
SEC("?lsm.s/bpf")
|
|
__failure __msg("cannot pass in dynptr at an offset=-8")
|
|
int BPF_PROG(not_valid_dynptr, int cmd, union bpf_attr *attr, unsigned int size, bool kernel)
|
|
{
|
|
unsigned long val;
|
|
|
|
return bpf_verify_pkcs7_signature((struct bpf_dynptr *)&val,
|
|
(struct bpf_dynptr *)&val, NULL);
|
|
}
|
|
|
|
SEC("?lsm.s/bpf")
|
|
__failure __msg("arg#0 expected pointer to stack or const struct bpf_dynptr")
|
|
int BPF_PROG(not_ptr_to_stack, int cmd, union bpf_attr *attr, unsigned int size, bool kernel)
|
|
{
|
|
unsigned long val = 0;
|
|
|
|
return bpf_verify_pkcs7_signature((struct bpf_dynptr *)val,
|
|
(struct bpf_dynptr *)val, NULL);
|
|
}
|
|
|
|
SEC("lsm.s/bpf")
|
|
int BPF_PROG(dynptr_data_null, int cmd, union bpf_attr *attr, unsigned int size, bool kernel)
|
|
{
|
|
struct bpf_key *trusted_keyring;
|
|
struct bpf_dynptr ptr;
|
|
__u32 *value;
|
|
int ret, zero = 0;
|
|
|
|
if (bpf_get_current_pid_tgid() >> 32 != pid)
|
|
return 0;
|
|
|
|
value = bpf_map_lookup_elem(&array_map, &zero);
|
|
if (!value)
|
|
return 0;
|
|
|
|
/* Pass invalid flags. */
|
|
ret = bpf_dynptr_from_mem(value, sizeof(*value), ((__u64)~0ULL), &ptr);
|
|
if (ret != -EINVAL)
|
|
return 0;
|
|
|
|
trusted_keyring = bpf_lookup_system_key(0);
|
|
if (!trusted_keyring)
|
|
return 0;
|
|
|
|
err = bpf_verify_pkcs7_signature(&ptr, &ptr, trusted_keyring);
|
|
|
|
bpf_key_put(trusted_keyring);
|
|
|
|
return 0;
|
|
}
|