Re: [PATCH v2 13/13] selftests/bpf: Add test for signed programs

[PATCH v2 00/13] Signed BPF programs · KP Singh <kpsingh@kernel.org> · 2025-07-21
[PATCH v2 01/13] bpf: Update the bpf_prog_calc_tag to use SHA256 · KP Singh <kpsingh@kernel.org> · 2025-07-21
[PATCH v2 02/13] bpf: Implement exclusive map creation · KP Singh <kpsingh@kernel.org> · 2025-07-21
Re: [PATCH v2 02/13] bpf: Implement exclusive map creation · Fan Wu <wufan@kernel.org> · 2025-07-29
Re: [PATCH v2 02/13] bpf: Implement exclusive map creation · KP Singh <kpsingh@kernel.org> · 2025-08-11
[PATCH v2 03/13] libbpf: Implement SHA256 internal helper · KP Singh <kpsingh@kernel.org> · 2025-07-21
[PATCH v2 04/13] libbpf: Support exclusive map creation · KP Singh <kpsingh@kernel.org> · 2025-07-21
Re: [PATCH v2 04/13] libbpf: Support exclusive map creation · Alexei Starovoitov <hidden> · 2025-07-29
Re: [PATCH v2 04/13] libbpf: Support exclusive map creation · KP Singh <kpsingh@kernel.org> · 2025-08-11
[PATCH v2 05/13] selftests/bpf: Add tests for exclusive maps · KP Singh <kpsingh@kernel.org> · 2025-07-21
[PATCH v2 06/13] bpf: Return hashes of maps in BPF_OBJ_GET_INFO_BY_FD · KP Singh <kpsingh@kernel.org> · 2025-07-21
[PATCH v2 07/13] bpf: Move the signature kfuncs to helpers.c · KP Singh <kpsingh@kernel.org> · 2025-07-21
Re: [PATCH v2 07/13] bpf: Move the signature kfuncs to helpers.c · James Bottomley <James.Bottomley@HansenPartnership.com> · 2025-07-23
[PATCH v2 08/13] bpf: Implement signature verification for BPF programs · KP Singh <kpsingh@kernel.org> · 2025-07-21
Re: [PATCH v2 08/13] bpf: Implement signature verification for BPF programs · James Bottomley <James.Bottomley@HansenPartnership.com> · 2025-07-23
Re: [PATCH v2 08/13] bpf: Implement signature verification for BPF programs · KP Singh <kpsingh@kernel.org> · 2025-07-24
Re: [PATCH v2 08/13] bpf: Implement signature verification for BPF programs · Dan Carpenter <hidden> · 2025-07-31
Re: [PATCH v2 08/13] bpf: Implement signature verification for BPF programs · KP Singh <kpsingh@kernel.org> · 2025-08-11
Re: [PATCH v2 08/13] bpf: Implement signature verification for BPF programs · Blaise Boscaccy <hidden> · 2025-08-05
Re: [PATCH v2 08/13] bpf: Implement signature verification for BPF programs · Paul Moore <paul@paul-moore.com> · 2025-08-13
[PATCH v2 09/13] libbpf: Update light skeleton for signing · KP Singh <kpsingh@kernel.org> · 2025-07-21
[PATCH v2 10/13] libbpf: Embed and verify the metadata hash in the loader · KP Singh <kpsingh@kernel.org> · 2025-07-21
[PATCH v2 11/13] bpftool: Add support for signing BPF programs · KP Singh <kpsingh@kernel.org> · 2025-07-21
Re: [PATCH v2 11/13] bpftool: Add support for signing BPF programs · Quentin Monnet <qmo@kernel.org> · 2025-07-22
Re: [PATCH v2 11/13] bpftool: Add support for signing BPF programs · KP Singh <kpsingh@kernel.org> · 2025-07-24
Re: [PATCH v2 11/13] bpftool: Add support for signing BPF programs · KP Singh <kpsingh@kernel.org> · 2025-08-11
Re: [PATCH v2 11/13] bpftool: Add support for signing BPF programs · Quentin Monnet <qmo@kernel.org> · 2025-08-11
[PATCH v2 12/13] selftests/bpf: Enable signature verification for all lskel tests · KP Singh <kpsingh@kernel.org> · 2025-07-21
Re: [PATCH v2 12/13] selftests/bpf: Enable signature verification for all lskel tests · Alexei Starovoitov <hidden> · 2025-07-29
Re: [PATCH v2 12/13] selftests/bpf: Enable signature verification for all lskel tests · KP Singh <kpsingh@kernel.org> · 2025-08-11
[PATCH v2 13/13] selftests/bpf: Add test for signed programs · KP Singh <kpsingh@kernel.org> · 2025-07-21
Re: [PATCH v2 13/13] selftests/bpf: Add test for signed programs · Alexei Starovoitov <hidden> · 2025-07-29
Re: [PATCH v2 13/13] selftests/bpf: Add test for signed programs · KP Singh <kpsingh@kernel.org> · 2025-08-11

From: Alexei Starovoitov <hidden>
Date: 2025-07-29 02:30:43
Also in: bpf

On Mon, Jul 21, 2025 at 2:20 PM KP Singh [off-list ref] wrote:

+
+SEC("fexit/bpf_prog_verify_signature")
+int BPF_PROG(bpf_sign, struct bpf_prog *prog, union bpf_attr *attr, bool is_kernel, int ret)

I don't understand why it needs to peek into the kernel to
verify that it goes well. The exposed uapi should be good enough.
If the signature was specified and it is loaded fine we're good.
Double checking the kernel decisions goes too far.
Especially since this function can be inlined by the compiler.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help