Re: [PATCH v6 6/13] bpf: add BPF token support to BPF_PROG_LOAD command

[PATCH v6 bpf-next 00/13] BPF token and BPF FS-based delegation · Andrii Nakryiko <andrii@kernel.org> · 2023-09-27
[PATCH v6 bpf-next 01/13] bpf: align CAP_NET_ADMIN checks with bpf_capable() approach · Andrii Nakryiko <andrii@kernel.org> · 2023-09-27
[PATCH v6 bpf-next 02/13] bpf: add BPF token delegation mount options to BPF FS · Andrii Nakryiko <andrii@kernel.org> · 2023-09-27
Re: [PATCH v6 bpf-next 02/13] bpf: add BPF token delegation mount options to BPF FS · Hou Tao <hidden> · 2023-10-10
Re: [PATCH v6 bpf-next 02/13] bpf: add BPF token delegation mount options to BPF FS · Andrii Nakryiko <hidden> · 2023-10-12
[PATCH v6 bpf-next 03/13] bpf: introduce BPF token object · Andrii Nakryiko <andrii@kernel.org> · 2023-09-27
Re: [PATCH v6 3/13] bpf: introduce BPF token object · Paul Moore <paul@paul-moore.com> · 2023-10-11
Re: [PATCH v6 3/13] bpf: introduce BPF token object · Andrii Nakryiko <hidden> · 2023-10-12
Re: [PATCH v6 3/13] bpf: introduce BPF token object · Andrii Nakryiko <hidden> · 2023-10-12
Re: [PATCH v6 3/13] bpf: introduce BPF token object · Paul Moore <paul@paul-moore.com> · 2023-10-12
Re: [PATCH v6 3/13] bpf: introduce BPF token object · Andrii Nakryiko <hidden> · 2023-10-12
Re: [PATCH v6 3/13] bpf: introduce BPF token object · Paul Moore <paul@paul-moore.com> · 2023-10-12
Re: [PATCH v6 3/13] bpf: introduce BPF token object · Andrii Nakryiko <hidden> · 2023-10-12
Re: [PATCH v6 bpf-next 03/13] bpf: introduce BPF token object · Hou Tao <hidden> · 2023-10-11
Re: [PATCH v6 bpf-next 03/13] bpf: introduce BPF token object · Andrii Nakryiko <hidden> · 2023-10-12
[PATCH v6 bpf-next 04/13] bpf: add BPF token support to BPF_MAP_CREATE command · Andrii Nakryiko <andrii@kernel.org> · 2023-09-27
Re: [PATCH v6 bpf-next 04/13] bpf: add BPF token support to BPF_MAP_CREATE command · Jiri Olsa <hidden> · 2023-10-10
Re: [PATCH v6 bpf-next 04/13] bpf: add BPF token support to BPF_MAP_CREATE command · Andrii Nakryiko <hidden> · 2023-10-12
[PATCH v6 bpf-next 08/13] bpf: consistenly use BPF token throughout BPF verifier logic · Andrii Nakryiko <andrii@kernel.org> · 2023-09-27
[PATCH v6 bpf-next 10/13] libbpf: add BPF token support to bpf_map_create() API · Andrii Nakryiko <andrii@kernel.org> · 2023-09-27
[PATCH v6 bpf-next 06/13] bpf: add BPF token support to BPF_PROG_LOAD command · Andrii Nakryiko <andrii@kernel.org> · 2023-09-27
Re: [PATCH v6 6/13] bpf: add BPF token support to BPF_PROG_LOAD command · Paul Moore <paul@paul-moore.com> · 2023-10-11
Re: [PATCH v6 6/13] bpf: add BPF token support to BPF_PROG_LOAD command · Andrii Nakryiko <hidden> · 2023-10-12
[PATCH v6 bpf-next 12/13] libbpf: add BPF token support to bpf_prog_load() API · Andrii Nakryiko <andrii@kernel.org> · 2023-09-27
[PATCH v6 bpf-next 13/13] selftests/bpf: add BPF token-enabled tests · Andrii Nakryiko <andrii@kernel.org> · 2023-09-27
[PATCH v6 bpf-next 05/13] bpf: add BPF token support to BPF_BTF_LOAD command · Andrii Nakryiko <andrii@kernel.org> · 2023-09-27
[PATCH v6 bpf-next 09/13] libbpf: add bpf_token_create() API · Andrii Nakryiko <andrii@kernel.org> · 2023-09-27
[PATCH v6 bpf-next 11/13] libbpf: add BPF token support to bpf_btf_load() API · Andrii Nakryiko <andrii@kernel.org> · 2023-09-27
[PATCH v6 bpf-next 07/13] bpf: take into account BPF token when fetching helper protos · Andrii Nakryiko <andrii@kernel.org> · 2023-09-27

From: Andrii Nakryiko <hidden>
Date: 2023-10-12 00:32:11
Also in: bpf, linux-fsdevel, linux-security-module, selinux

On Tue, Oct 10, 2023 at 6:17 PM Paul Moore [off-list ref] wrote:

On Sep 27, 2023 Andrii Nakryiko [off-list ref] wrote:

quoted

Add basic support of BPF token to BPF_PROG_LOAD. Wire through a set of
allowed BPF program types and attach types, derived from BPF FS at BPF
token creation time. Then make sure we perform bpf_token_capable()
checks everywhere where it's relevant.

Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
---
 include/linux/bpf.h                           |  6 ++
 include/uapi/linux/bpf.h                      |  2 +
 kernel/bpf/core.c                             |  1 +
 kernel/bpf/inode.c                            |  6 +-
 kernel/bpf/syscall.c                          | 87 ++++++++++++++-----
 kernel/bpf/token.c                            | 25 ++++++
 tools/include/uapi/linux/bpf.h                |  2 +
 .../selftests/bpf/prog_tests/libbpf_probes.c  |  2 +
 .../selftests/bpf/prog_tests/libbpf_str.c     |  3 +
 9 files changed, 108 insertions(+), 26 deletions(-)

...

quoted

diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index 5c5c2b6648b2..d0b219f09bcc 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c

@@ -2685,6 +2718,10 @@ static int bpf_prog_load(union bpf_attr *attr, bpfptr_t uattr, u32 uattr_size)
      prog->aux->sleepable = attr->prog_flags & BPF_F_SLEEPABLE;
      prog->aux->xdp_has_frags = attr->prog_flags & BPF_F_XDP_HAS_FRAGS;

+     /* move token into prog->aux, reuse taken refcnt */
+     prog->aux->token = token;
+     token = NULL;
+
      err = security_bpf_prog_alloc(prog->aux);
      if (err)
              goto free_prog;

As we discussed in the earlier thread, let's tweak/rename/move the
security_bpf_prog_alloc() call down to just before the bpf_check() call
so it looks something like this:

  err = security_bpf_prog_load(prog, &attr, token);
  if (err)
    goto proper_jump_label;

  err = bpf_check(...);

With the idea being that LSMs which implement the token hooks would
skip any BPF_PROG_LOAD access controls in security_bpf() and instead
implement them in security_bpf_prog_load().

We should also do something similar for map_create() and
security_bpf_map_alloc() in patch 4/13.

Sounds good, will do!

--
paul-moore.com

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help