From: KP Singh
Updates the bpf_probe_map_type API to also support
BPF_MAP_TYPE_TASK_STORAGE similar to other local storage maps.
Acked-by: Martin KaFai Lau
Signed-off-by: KP Singh
---
tools/lib/bpf/libbpf_probes.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/lib/bpf
From: KP Singh
Usage of spin locks was not allowed for tracing programs due to
insufficient preemption checks. The verifier does not currently prevent
LSM programs from using spin locks, but the helpers are not exposed
via bpf_lsm_func_proto.
Based on the discussion in [1], non-sleepable LSM
From: KP Singh
Use the check_syscall_operations added for task_local_storage to
exercise syscall operations for other local storage maps:
* Check the absence of an element for the given fd.
* Create a new element, retrieve and compare its value.
* Delete the element and check again for absence
From: KP Singh
With the fixing of BTF pruning of embedded types being fixed, the test
can be simplified to use vmlinux.h
Acked-by: Song Liu
Signed-off-by: KP Singh
---
.../selftests/bpf/progs/local_storage.c | 20 +--
1 file changed, 1 insertion(+), 19 deletions
From: KP Singh
The test exercises the syscall based map operations by creating a pidfd
for the current process.
For verifying kernel / LSM functionality, the test implements a simple
MAC policy which denies an executable from unlinking itself. The LSM
program bprm_committed_creds sets
From: KP Singh
Similar to bpf_local_storage for sockets and inodes add local storage
for task_struct.
The life-cycle of storage is managed with the life-cycle of the
task_struct. i.e. the storage is destroyed along with the owning task
with a callback to the bpf_task_storage_free from
From: KP Singh
Updates the binary to handle the BPF_MAP_TYPE_TASK_STORAGE as
"task_storage" for printing and parsing. Also updates the documentation
and bash completion
Acked-by: Song Liu
Acked-by: Martin KaFai Lau
Signed-off-by: KP Singh
---
tools/bpf/bpftool/Documentation/bpfto
From: KP Singh
The {inode,sk}_storage_result checking if the correct value was retrieved
was being clobbered unconditionally by the return value of the
bpf_{inode,sk}_storage_delete call.
Also, consistently use the newly added BPF_LOCAL_STORAGE_GET_F_CREATE
flag.
Acked-by: Song Liu
Fixes
From: KP Singh
The currently available bpf_get_current_task returns an unsigned integer
which can be used along with BPF_CORE_READ to read data from
the task_struct but still cannot be used as an input argument to a
helper that accepts an ARG_PTR_TO_BTF_ID of type task_struct.
In order
From: KP Singh
# v4 -> v5
- Fixes to selftests as suggested by Martin.
- Added Martin's acks.
# v3 -> v4
- Move the patch that exposes spin lock helpers to LSM programs as the
first patch as some of the changes in the implementation are actually
for spin locks.
- Clarify the c
From: KP Singh
The current logic checks if the name of the BTF type passed in
attach_btf_id starts with "bpf_lsm_", this is not sufficient as it also
allows attachment to non-LSM hooks like the very function that performs
this check, i.e. bpf_lsm_verify_prog.
In order
On Fri, Nov 6, 2020 at 12:02 AM KP Singh wrote:
>
> From: KP Singh
>
> The current logic checks if the name of the BTF type passed in
> attach_btf_id starts with "bpf_lsm_", this is not sufficient as it also
> allows attachment to non-LSM hooks like the very functio
From: KP Singh
The current logic checks if the name of the BTF type passed in
attach_btf_id starts with "bpf_lsm_", this is not sufficient as it also
allows attachment to non-LSM hooks like the very function that performs
this check, i.e. bpf_lsm_verify_prog.
In order
From: KP Singh
Use the check_syscall_operations added for task_local_storage to
exercise syscall operations for other local storage maps:
* Check the absence of an element for the given fd.
* Create a new element, retrieve and compare its value.
* Delete the element and check again for absence
From: KP Singh
Usage of spin locks was not allowed for tracing programs due to
insufficient preemption checks. The verifier does not currently prevent
LSM programs from using spin locks, but the helpers are not exposed
via bpf_lsm_func_proto.
Based on the discussion in [1], non-sleepable LSM
From: KP Singh
The currently available bpf_get_current_task returns an unsigned integer
which can be used along with BPF_CORE_READ to read data from
the task_struct but still cannot be used as an input argument to a
helper that accepts an ARG_PTR_TO_BTF_ID of type task_struct.
In order
From: KP Singh
# v5 -> v6
- Using a wrapper for copy_file_range in selftests since it's missing
in older libcs.
- Added Martin's acks.
# v4 -> v5
- Fixes to selftests as suggested by Martin.
- Added Martin's acks.
# v3 -> v4
- Move the patch that exposes spin lock helpers to LSM
From: KP Singh
The {inode,sk}_storage_result checking if the correct value was retrieved
was being clobbered unconditionally by the return value of the
bpf_{inode,sk}_storage_delete call.
Also, consistently use the newly added BPF_LOCAL_STORAGE_GET_F_CREATE
flag.
Acked-by: Song Liu
Fixes
From: KP Singh
The test exercises the syscall based map operations by creating a pidfd
for the current process.
For verifying kernel / LSM functionality, the test implements a simple
MAC policy which denies an executable from unlinking itself. The LSM
program bprm_committed_creds sets
From: KP Singh
With the fixing of BTF pruning of embedded types being fixed, the test
can be simplified to use vmlinux.h
Acked-by: Song Liu
Signed-off-by: KP Singh
---
.../selftests/bpf/progs/local_storage.c | 20 +--
1 file changed, 1 insertion(+), 19 deletions
From: KP Singh
Updates the bpf_probe_map_type API to also support
BPF_MAP_TYPE_TASK_STORAGE similar to other local storage maps.
Acked-by: Martin KaFai Lau
Signed-off-by: KP Singh
---
tools/lib/bpf/libbpf_probes.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/lib/bpf
From: KP Singh
Similar to bpf_local_storage for sockets and inodes add local storage
for task_struct.
The life-cycle of storage is managed with the life-cycle of the
task_struct. i.e. the storage is destroyed along with the owning task
with a callback to the bpf_task_storage_free from
From: KP Singh
Updates the binary to handle the BPF_MAP_TYPE_TASK_STORAGE as
"task_storage" for printing and parsing. Also updates the documentation
and bash completion
Acked-by: Song Liu
Acked-by: Martin KaFai Lau
Signed-off-by: KP Singh
---
tools/bpf/bpftool/Documentation/bpfto
On Fri, Nov 6, 2020 at 3:14 AM Alexei Starovoitov
wrote:
>
> On Thu, Nov 05, 2020 at 10:58:26PM +0000, KP Singh wrote:
> > +
> > + ret = copy_file_range(fd_in, NULL, fd_out, NULL, stat.st_size, 0);
>
> centos7 glibc doesn't have it.
>
> /prog_tests/test_local_sto
On 8/25/20 2:52 AM, Martin KaFai Lau wrote:
> On Sun, Aug 23, 2020 at 06:56:10PM +0200, KP Singh wrote:
>> From: KP Singh
>>
>> Similar to bpf_local_storage for sockets, add local storage for inodes.
>> The life-cycle of storage is managed with the life-cycle of the
From: KP Singh
# v9 -> v10
- Added NULL check for inode_storage_ptr before calling
bpf_local_storage_update
- Removed an extraneous include
- Rebased and added Acks / Signoff.
# v8 -> v9
- Fixed reference count logic for files for inode maps.
- Other fixes suggested by Martin
-
From: KP Singh
Similar to bpf_local_storage for sockets, add local storage for inodes.
The life-cycle of storage is managed with the life-cycle of the inode.
i.e. the storage is destroyed along with the owning inode.
The BPF LSM allocates an __rcu pointer to the bpf_local_storage
From: KP Singh
Refactor the functionality in bpf_sk_storage.c so that concept of
storage linked to kernel objects can be extended to other objects like
inode, task_struct etc.
Each new local storage will still be a separate map and provide its own
set of helpers. This allows for future object
From: KP Singh
Adds support for both bpf_{sk, inode}_storage_{get, delete} to be used
in LSM programs. These helpers are not used for tracing programs
(currently) as their usage is tied to the life-cycle of the object and
should only be used where the owning object won't be freed (when
From: KP Singh
A purely mechanical change to split the renaming from the actual
generalization.
Flags/consts:
SK_STORAGE_CREATE_FLAG_MASK BPF_LOCAL_STORAGE_CREATE_FLAG_MASK
BPF_SK_STORAGE_CACHE_SIZE BPF_LOCAL_STORAGE_CACHE_SIZE
MAX_VALUE_SIZE
From: KP Singh
inode_local_storage:
* Hook to the file_open and inode_unlink LSM hooks.
* Create and unlink a temporary file.
* Store some information in the inode's bpf_local_storage during
file_open.
* Verify that this information exists when the file is unlinked.
sk_local_storage:
* Hook
From: KP Singh
Provide the a ability to define local storage caches on a per-object
type basis. The caches and caching indices for different objects should
not be inter-mixed as suggested in:
https://lore.kernel.org/bpf/20200630193441.kdwnkestulg5e...@kafai-mbp.dhcp.thefacebook.com
From: KP Singh
A purely mechanical change:
bpf_sk_storage.c = bpf_sk_storage.c + bpf_local_storage.c
bpf_sk_storage.h = bpf_sk_storage.h + bpf_local_storage.h
Acked-by: Martin KaFai Lau
Signed-off-by: KP Singh
---
include/linux/bpf_local_storage.h | 163
include/net
On Wed, Aug 26, 2020 at 12:13 AM Alexei Starovoitov
wrote:
>
> On Tue, Aug 25, 2020 at 2:05 PM Alexei Starovoitov
> wrote:
> >
> > On Tue, Aug 25, 2020 at 11:29 AM KP Singh wrote:
> > >
> > > From: KP Singh
> > >
> > > # v9 -> v10
On 8/18/20 3:05 AM, Martin KaFai Lau wrote:
> On Mon, Aug 03, 2020 at 06:46:51PM +0200, KP Singh wrote:
>> From: KP Singh
>>
>> Refactor the functionality in bpf_sk_storage.c so that concept of
>> storage linked to kernel objects can be extended to other objects lik
On 8/18/20 6:16 AM, Martin KaFai Lau wrote:
> On Mon, Aug 03, 2020 at 06:46:54PM +0200, KP Singh wrote:
>> From: KP Singh
>>
>> Adds support for both bpf_{sk, inode}_storage_{get, delete} to be used
>> in LSM programs. These helpers are not used for tracing pro
On 19.08.20 19:12, Martin KaFai Lau wrote:
> On Wed, Aug 19, 2020 at 02:41:50PM +0200, KP Singh wrote:
>> On 8/18/20 3:05 AM, Martin KaFai Lau wrote:
>>> On Mon, Aug 03, 2020 at 06:46:51PM +0200, KP Singh wrote:
>>>> From: KP Singh
>>>>
>>>
On Thu, Aug 20, 2020 at 8:43 PM James Morris wrote:
>
> On Thu, 20 Aug 2020, Brendan Jackman wrote:
>
> > With this implementation, any overhead of the indirect call in the LSM
> > framework is completely mitigated (performance results: [7]). This
> > facilitates the adoption of "bpf" LSM on
On 8/18/20 1:56 AM, Martin KaFai Lau wrote:
> On Mon, Aug 03, 2020 at 06:46:49PM +0200, KP Singh wrote:
>> From: KP Singh
>>
>> Flags/consts:
>>
>> SK_STORAGE_CREATE_FLAG_MASKBPF_LOCAL_STORAGE_CREATE_FLAG_MASK
>> BPF_SK_STORAGE_C
On 8/18/20 3:27 AM, Martin KaFai Lau wrote:
> On Mon, Aug 03, 2020 at 06:46:53PM +0200, KP Singh wrote:
>> From: KP Singh
>>
>> Similar to bpf_local_storage for sockets, add local storage for inodes.
>> The life-cycle of storage is managed with the life-cycle of the
On 8/18/20 5:23 PM, Martin KaFai Lau wrote:
> On Tue, Aug 18, 2020 at 05:10:34PM +0200, KP Singh wrote:
>>
>>
>> On 8/18/20 3:27 AM, Martin KaFai Lau wrote:>>> On Mon, Aug 03, 2020 at
>> 06:46:53PM +0200, KP Singh wrote:
[...]
a get_file
>&
t;
> Additionally prepare IMA to start processing these cases.
>
> Signed-off-by: Kees Cook
Thanks for adding this! Would be really useful for us.
Reviewed-by: KP Singh
> ---
> drivers/base/firmware_loader/fallback.c | 2 +-
[...]
> index 5de45010fb1a..1a5c68196faf 100644
k
>
> Acked-by: Jessica Yu
Thanks!
Reviewed-by: KP Singh
[...]
> > Ahh. Yes. That should do it. Right now I don't see concerns with safety
> > of the bpf_spin_lock in bpf_lsm progs.
>
> What about sleepable lsm hooks? Normally we wouldn't expect to sleep with
> a spinlock held. Should we have a check to ensure programs bpf_spin_lock
> are not also
On Wed, Nov 4, 2020 at 12:03 PM KP Singh wrote:
>
> [...]
>
> > > Ahh. Yes. That should do it. Right now I don't see concerns with safety
> > > of the bpf_spin_lock in bpf_lsm progs.
> >
> > What about sleepable lsm hooks? Normally we wouldn't expect to sl
From: KP Singh
# v2 -> v3
- Added bpf_spin_locks to the selftests for local storage, found that
these are not available for LSM programs.
- Made spin lock helpers available for LSM programs (except sleepable
programs which need more work).
- Minor fixes for includes and added short com
From: KP Singh
Updates the binary to handle the BPF_MAP_TYPE_TASK_STORAGE as
"task_storage" for printing and parsing. Also updates the documentation
and bash completion
Acked-by: Song Liu
Signed-off-by: KP Singh
---
tools/bpf/bpftool/Documentation/bpftool-map.rst | 3 ++-
tools/b
From: KP Singh
Use the check_syscall_operations added for task_local_storage to
exercise syscall operations for other local storage maps:
* Check the absence of an element for the given fd.
* Create a new element, retrieve and compare its value.
* Delete the element and check again for absence
From: KP Singh
The currently available bpf_get_current_task returns an unsigned integer
which can be used along with BPF_CORE_READ to read data from
the task_struct but still cannot be used as an input argument to a
helper that accepts an ARG_PTR_TO_BTF_ID of type task_struct.
In order
From: KP Singh
The {inode,sk}_storage_result checking if the correct value was retrieved
was being clobbered unconditionally by the return value of the
bpf_{inode,sk}_storage_delete call.
Also, consistently use the newly added BPF_LOCAL_STORAGE_GET_F_CREATE
flag.
Acked-by: Song Liu
Fixes
From: KP Singh
With the fixing of BTF pruning of embedded types being fixed, the test
can be simplified to use vmlinux.h
Acked-by: Song Liu
Signed-off-by: KP Singh
---
.../selftests/bpf/progs/local_storage.c | 20 +--
1 file changed, 1 insertion(+), 19 deletions
From: KP Singh
Usage of spin locks was not allowed for tracing programs due to
insufficient preemption checks. The verifier does not currently prevent
LSM programs from using spin locks, but the helpers are not exposed
via bpf_lsm_func_proto.
Based on the discussion in [1], non-sleepable LSM
From: KP Singh
Updates the bpf_probe_map_type API to also support
BPF_MAP_TYPE_TASK_STORAGE similar to other local storage maps.
Signed-off-by: KP Singh
---
tools/lib/bpf/libbpf_probes.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/lib/bpf/libbpf_probes.c b/tools/lib/bpf
From: KP Singh
Similar to bpf_local_storage for sockets and inodes add local storage
for task_struct.
The life-cycle of storage is managed with the life-cycle of the
task_struct. i.e. the storage is destroyed along with the owning task
with a callback to the bpf_task_storage_free from
From: KP Singh
The test exercises the syscall based map operations by creating a pidfd
for the current process.
For verifying kernel / LSM functionality, the test implements a simple
MAC policy which denies an executable from unlinking itself. The LSM
program bprm_committed_creds sets
On Wed, Nov 4, 2020 at 11:35 PM Martin KaFai Lau wrote:
>
> On Wed, Nov 04, 2020 at 05:44:49PM +0100, KP Singh wrote:
> > From: KP Singh
> >
> > Usage of spin locks was not allowed for tracing programs due to
> > insufficient preemption checks. The verifier does
> > + WARN_ON_ONCE(!rcu_read_lock_held());
> > + task = pid_task(pid, PIDTYPE_PID);
> > + if (!task) {
> > + err = -ENOENT;
> > + goto out;
> > + }
> > +
> > + sdata = bpf_local_storage_update(
> > + task, (struct bpf_local_storage_map *)map,
From: KP Singh
With the fixing of BTF pruning of embedded types being fixed, the test
can be simplified to use vmlinux.h
Acked-by: Song Liu
Signed-off-by: KP Singh
---
.../selftests/bpf/progs/local_storage.c | 20 +--
1 file changed, 1 insertion(+), 19 deletions
From: KP Singh
# v3 -> v4
- Move the patch that exposes spin lock helpers to LSM programs as the
first patch as some of the changes in the implementation are actually
for spin locks.
- Clarify the comment in the bpf_task_storage_{get, delete} helper as
discussed with Martin.
- Ad
From: KP Singh
Updates the bpf_probe_map_type API to also support
BPF_MAP_TYPE_TASK_STORAGE similar to other local storage maps.
Acked-by: Martin KaFai Lau
Signed-off-by: KP Singh
---
tools/lib/bpf/libbpf_probes.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/lib/bpf
From: KP Singh
Use the check_syscall_operations added for task_local_storage to
exercise syscall operations for other local storage maps:
* Check the absence of an element for the given fd.
* Create a new element, retrieve and compare its value.
* Delete the element and check again for absence
From: KP Singh
The test exercises the syscall based map operations by creating a pidfd
for the current process.
For verifying kernel / LSM functionality, the test implements a simple
MAC policy which denies an executable from unlinking itself. The LSM
program bprm_committed_creds sets
From: KP Singh
The currently available bpf_get_current_task returns an unsigned integer
which can be used along with BPF_CORE_READ to read data from
the task_struct but still cannot be used as an input argument to a
helper that accepts an ARG_PTR_TO_BTF_ID of type task_struct.
In order
From: KP Singh
Usage of spin locks was not allowed for tracing programs due to
insufficient preemption checks. The verifier does not currently prevent
LSM programs from using spin locks, but the helpers are not exposed
via bpf_lsm_func_proto.
Based on the discussion in [1], non-sleepable LSM
From: KP Singh
Similar to bpf_local_storage for sockets and inodes add local storage
for task_struct.
The life-cycle of storage is managed with the life-cycle of the
task_struct. i.e. the storage is destroyed along with the owning task
with a callback to the bpf_task_storage_free from
From: KP Singh
The {inode,sk}_storage_result checking if the correct value was retrieved
was being clobbered unconditionally by the return value of the
bpf_{inode,sk}_storage_delete call.
Also, consistently use the newly added BPF_LOCAL_STORAGE_GET_F_CREATE
flag.
Acked-by: Song Liu
Fixes
From: KP Singh
Updates the binary to handle the BPF_MAP_TYPE_TASK_STORAGE as
"task_storage" for printing and parsing. Also updates the documentation
and bash completion
Acked-by: Song Liu
Signed-off-by: KP Singh
---
tools/bpf/bpftool/Documentation/bpftool-map.rst | 3 ++-
tools/b
On Fri, Oct 30, 2020 at 11:53 AM KP Singh wrote:
>
> Thanks for taking a look!
>
> On Wed, Oct 28, 2020 at 2:13 AM Martin KaFai Lau wrote:
> >
> > On Tue, Oct 27, 2020 at 06:03:13PM +0100, KP Singh wrote:
> > [ ... ]
> >
> > > diff --git
[,,,]
> > + *
> > + * void *bpf_task_storage_get(struct bpf_map *map, void *task, void
> > *value, u64 flags)
> After peeking patch 2, I think the pointer type should be
> "struct task_struct *task" instead of "void *task".
>
> Same for bpf_task_storage_delete().
Done. Thanks!
From: KP Singh
Signed-off-by: KP Singh
---
tools/lib/bpf/libbpf_probes.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/tools/lib/bpf/libbpf_probes.c b/tools/lib/bpf/libbpf_probes.c
index 5482a9b7ae2d..bed00ca194f0 100644
--- a/tools/lib/bpf/libbpf_probes.c
+++ b/tools/lib/bpf
From: KP Singh
Signed-off-by: KP Singh
---
.../bpf/prog_tests/test_local_storage.c | 16 +++-
1 file changed, 15 insertions(+), 1 deletion(-)
diff --git a/tools/testing/selftests/bpf/prog_tests/test_local_storage.c
b/tools/testing/selftests/bpf/prog_tests
From: KP Singh
The currently available bpf_get_current_task returns an unsigned integer
which can be used along with BPF_CORE_READ to read data from
the task_struct but still cannot be used as an input argument to a
helper that accepts an ARG_PTR_TO_BTF_ID of type task_struct.
In order
From: KP Singh
Similar to bpf_local_storage for sockets and inodes add local storage
for task_struct.
The life-cycle of storage is managed with the life-cycle of the
task_struct. i.e. the storage is destroyed along with the owning task
with a callback to the bpf_task_storage_free from
From: KP Singh
Signed-off-by: KP Singh
---
tools/bpf/bpftool/Documentation/bpftool-map.rst | 3 ++-
tools/bpf/bpftool/bash-completion/bpftool | 2 +-
tools/bpf/bpftool/map.c | 4 +++-
3 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/tools/bpf/bpftool
From: KP Singh
The {inode,sk}_storage_result checking if the correct value was retrieved
was being clobbered unconditionally by the return value of the
bpf_{inode,sk}_storage_delete call.
Also, consistently use the newly added BPF_LOCAL_STORAGE_GET_F_CREATE
flag.
Fixes: cd324d7abb3d ("bpf
From: KP Singh
# v1 -> v2
- Updated the refcounting for task_struct and simplified conversion
of fd -> struct pid.
- Some fixes suggested by Martin and Andrii, notably:
* long return type for the bpf_task_storage_delete helper (update
for bpf_inode_storage_delete will b
From: KP Singh
With the fixing of BTF pruning of embedded types being fixed, the test
can be simplified to use vmlinux.h
Signed-off-by: KP Singh
---
.../selftests/bpf/progs/local_storage.c | 20 +--
1 file changed, 1 insertion(+), 19 deletions(-)
diff --git a/tools
From: KP Singh
The test exercises the syscall based map operations by creating a pidfd
for the current process.
For verifying kernel / LSM functionality, the test implements a simple
MAC policy which denies an executable from unlinking itself. The LSM
program bprm_committed_creds sets
On Tue, Nov 3, 2020 at 7:47 PM Alexei Starovoitov
wrote:
>
> On Tue, Nov 03, 2020 at 04:31:31PM +0100, KP Singh wrote:
> > +
> > +struct storage {
> > + void *inode;
> > + unsigned int value;
> > + /* Lock ensures that spin locked versions of local
On Tue, Nov 3, 2020 at 8:28 PM Andrii Nakryiko
wrote:
>
> On Tue, Nov 3, 2020 at 7:34 AM KP Singh wrote:
> >
> > From: KP Singh
> >
> > Signed-off-by: KP Singh
> > ---
> > tools/lib/bpf/libbpf_probes.c | 2 ++
> > 1 file changed, 2
On Tue, Nov 3, 2020 at 11:32 PM Song Liu wrote:
>
>
>
> > On Nov 3, 2020, at 7:31 AM, KP Singh wrote:
> >
> > From: KP Singh
>
> A short commit log would be great...
Sure :) No excuses for not having one, will a
On Wed, Nov 4, 2020 at 12:47 AM Song Liu wrote:
>
>
> > On Nov 3, 2020, at 7:31 AM, KP Singh wrote:
> >
> > From: KP Singh
> >
> > Similar to bpf_local_storage for sockets and inodes add local storage
> > for task_struct.
> >
> > Th
On Tue, Nov 3, 2020 at 7:59 PM KP Singh wrote:
>
> On Tue, Nov 3, 2020 at 7:47 PM Alexei Starovoitov
> wrote:
> >
> > On Tue, Nov 03, 2020 at 04:31:31PM +0100, KP Singh wrote:
> > > +
> > > +struct storage {
> > > + void *inode;
> > &
[...]
> >
> > I saw the docs mention that these are not exposed to tracing programs due to
> > insufficient preemption checks. Do you think it would be okay to allow them
> > for LSM programs?
>
> hmm. Isn't it allowed already?
> The verifier does:
> if ((is_tracing_prog_type(prog_type)
cing programs can attach to functions on the task free path, e.g.
> exit_creds(). To avoid allocating task local storage after
> bpf_task_storage_free(). bpf_task_storage_get() is updated to not allocate
> new storage when the task is not refcounted (task->usage == 0).
>
> Signed
On 17-Sep 16:58, Yonghong Song wrote:
>
>
> On 9/16/19 6:00 AM, KP Singh wrote:
> > Thanks for reviewing!
> >
> > On 15-Sep 00:16, Yonghong Song wrote:
> >>
> >>
> >> On 9/10/19 12:55 PM, KP Singh wrote:
> >>> From: KP Singh
&
From: KP Singh
# Motivation
Signaling and mitigation are two key aspects of security which go
hand-in-hand. Signals provide the necessary context to narrow down a
malicious actor and are key to creating effective MAC policies to
mitigate/prevent the malicious actor.
One can obtain signals
From: KP Singh
The LSM can be enabled by:
- Enabling CONFIG_SECURITY_KRSI.
- Adding "krsi" to the CONFIG_LSM string.
Signed-off-by: KP Singh
---
MAINTAINERS| 5 +
security/Kconfig | 1 +
security/Makefile | 2 ++
security/krsi/Kco
From: KP Singh
The LSM creates files in securityfs for each hook registered with the
LSM.
/sys/kernel/security/bpf/
The initialization of the hooks is done collectively in an internal
header "hooks.h" which results in:
* Creation of a file for the hook in the securityfs.
*
From: KP Singh
Add validation checks for the attachment of eBPF programs.
The following permissions are required:
- CAP_SYS_ADMIN to load eBPF programs
- CAP_MAC_ADMIN (to update the policy of an LSM)
- The securityfs file being a KRSI hook and writable (O_RDWR)
Signed-off-by: KP Singh
From: KP Singh
Allow the userspace to attach a newer version of a program without
having duplicates of the same program.
If BPF_F_ALLOW_OVERRIDE is passed, the attachment logic compares the
name of the new program to the names of existing attached programs. The
names are only compared till
From: KP Singh
Pin the memory allocated to the the argv + envv for the new
process and passes it in the context to the eBPF programs attached to
the hook.
The get_user_pages_remote cannot be called from an eBPF helper because
the helpers run in atomic context and the get_user_pages_remote
From: KP Singh
The helper returns the value of the environment variable in the buffer
that is passed to it. If the var is set multiple times, the helper
returns all the values as null separated strings.
If the buffer is too short for these values, the helper tries to fill it
the best it can
From: KP Singh
* The program takes the name of an environment variable as an
argument.
* An eBPF program is loaded and attached to the
process_execution hook.
* The name of the environment variable passed is updated in a
eBPF per-cpu
From: KP Singh
Adds a callback which is called when a new program is attached
to a hook. The callback registered by the process_exection hook
checks if a program that has calls to a helper that requires pages to
be pinned (eg. krsi_get_env_var).
Signed-off-by: KP Singh
---
include/linux
From: KP Singh
This helper is mapped to the existing operation
BPF_FUNC_perf_event_output.
An example usage of this function would be:
#define BUF_SIZE 64;
struct bpf_map_def SEC("maps") perf_map = {
.type = BPF_MAP_TYPE_PERF_EVENT_ARRAY,
.key_size =
From: KP Singh
Signed-off-by: KP Singh
---
tools/include/uapi/linux/bpf.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h
index a5aa7d3ac6a1..32ab38f1a2fe 100644
--- a/tools/include/uapi/linux/bpf.h
+++ b/tools/include/uapi
From: KP Singh
KRSI intrdocues a new eBPF program type BPF_PROG_TYPE_KRSI with an
expected attach type of BPF_KRSI. An -EINVAL error is returned if an
attachment is requested.
Signed-off-by: KP Singh
---
include/linux/bpf_types.h | 3 +++
include/uapi/linux/bpf.h | 2 ++
kernel/bpf
From: KP Singh
For inspectability the system administrator should be able to view the
list of active KRSI programs:
bash # cat /sys/kernel/security/krsi/process_execution
bpf_prog1
Signed-off-by: KP Singh
---
security/krsi/krsi_fs.c | 76 -
1
From: KP Singh
Update the libbpf library with functionality to load and
attach a program type BPF_PROG_TYPE_KRSI.
Since the bpf_prog_load does not allow the specification of an
expected attach type, it's recommended to use bpf_prog_load_xattr and
set the expected attach type as KRSI.
Signed
101 - 200 of 291 matches
Mail list logo