>From Chiara: This patch set introduces a new BPF LSM hook to validate firmware commands triggered by userspace before they are submitted to the device. The hook runs after the command buffer is constructed, right before it is sent to firmware.
The goal is to allow a security module to allow or deny a given command before it is submitted to firmware. BPF LSM can attach to this hook to implement such policies. This allows fine-grained policies for different firmware commands. In this series, the new hook is called from RDMA uverbs and from the fwctl subsystem. Both the uverbs and fwctl interfaces use ioctl, so an obvious candidate would seem to be the file_ioctl hook. However, the userspace attributes used to build the firmware command buffer are copied from userspace (copy_from_user()) deep in the driver, depending on various conditions. As a result, file_ioctl does not have the information required to make a policy decision. This newly introduced hook provides the command buffer together with relevant metadata (device, command class, and a class-specific device identifier), so security modules can distinguish between different command classes and devices. The hook can be used by other drivers that submit firmware commands via a command buffer. Thanks Signed-off-by: Leon Romanovsky <[email protected]> --- Changes in v2: - Fixed style formatting issues pointed by Jonathan - Added Jonathan's and Dave's ROB tags - Implemented as BPF LSM hook instead of general LSM hook - Added selftest to execute that new hook - Removed extra FW_CMD_CLASS_MAX enum, it is not needed - Link to v1: https://patch.msgid.link/[email protected] --- Chiara Meiohas (4): bpf: add firmware command validation hook selftests/bpf: add test cases for fw_validate_cmd hook RDMA/mlx5: Externally validate FW commands supplied in DEVX interface fwctl/mlx5: Externally validate FW commands supplied in fwctl drivers/fwctl/mlx5/main.c | 12 +++++- drivers/infiniband/hw/mlx5/devx.c | 49 ++++++++++++++++++------ include/linux/bpf_lsm.h | 41 ++++++++++++++++++++ kernel/bpf/bpf_lsm.c | 11 ++++++ tools/testing/selftests/bpf/progs/verifier_lsm.c | 23 +++++++++++ 5 files changed, 122 insertions(+), 14 deletions(-) --- base-commit: 11439c4635edd669ae435eec308f4ab8a0804808 change-id: 20260309-fw-lsm-hook-7c094f909ffc Best regards, -- Leon Romanovsky <[email protected]>
