>
> Fixes: 3f6719c7b62f ("bpf: Add bpf_bprm_opts_set helper")
> Fixes: 27672f0d280a ("bpf: Add a BPF helper for getting the IMA hash of an
> inode")
> Signed-off-by: Arnd Bergmann
Thanks for fixing!
Acked-by: KP Singh
On Tue, Feb 16, 2021 at 8:37 PM Dan Carpenter wrote:
>
> The WARN_ON() argument is a condition, and it generates a stack trace
> but it doesn't print the warning.
>
> Fixes: 4ddb74165ae5 ("bpf: Extract nullable reg type conversion into a helper
> function")
> Signed-off-by: Dan Carpenter
> ---
cing programs can attach to functions on the task free path, e.g.
> exit_creds(). To avoid allocating task local storage after
> bpf_task_storage_free(). bpf_task_storage_get() is updated to not allocate
> new storage when the task is not refcounted (task->usage == 0).
>
> Signed
LED unresolved symbol bpf_lsm_socket_socketpair
>
> To fix the error, conditionally add the relevant networking/keys
> LSM hooks to the sleepable set.
>
> Fixes: 423f16108c9d8 ("bpf: Augment the set of sleepable LSM hooks")
> Signed-off-by: Mikko Ylinen
Acked-by: KP Singh
On Mon, Jan 25, 2021 at 7:55 AM Mikko Ylinen
wrote:
>
> On Sat, Jan 23, 2021 at 12:50:21AM +0100, KP Singh wrote:
> > On Fri, Jan 22, 2021 at 11:33 PM KP Singh wrote:
> > >
> > > On Fri, Jan 22, 2021 at 1:32 PM Mikko Ylinen
> > > wrote:
> > >
On Fri, Jan 22, 2021 at 11:33 PM KP Singh wrote:
>
> On Fri, Jan 22, 2021 at 1:32 PM Mikko Ylinen
> wrote:
> >
> > Networking LSM hooks are conditionally enabled and when building the new
> > sleepable BPF LSM hooks with the networking LSM hooks disabled, the
>
LED unresolved symbol bpf_lsm_socket_socketpair
>
> To fix the error, conditionally add the networking LSM hooks to the
> sleepable set.
>
> Fixes: 423f16108c9d8 ("bpf: Augment the set of sleepable LSM hooks")
> Signed-off-by: Mikko Ylinen
Thanks!
Acked-by: KP Singh
tag when
you resubmit)
Fixes: 8ea636848aca ("bpf: Implement bpf_local_storage for inodes")
Acked-by: KP Singh
> > ---
> > kernel/bpf/bpf_inode_storage.c | 6 +-
> > 1 file changed, 5 insertions(+), 1 deletion(-)
> >
> > diff --git a/kernel/bpf/bpf_i
art of the test.
>
> Adding a tracing program to the existing objects requires a different
> attachment strategy and different headers.
>
> Signed-off-by: Florent Revest
Acked-by: KP Singh
(one minor note, doesn't really need fixing as a part of this though)
> ---
> .../selftests/
astly
> simplifies its logic by:
> - rewriting the loading code with BPF skeletons
> - rewriting the server/client code with network helpers
> - rewriting the cgroup code with test__join_cgroup
> - rewriting the error handling code with CHECKs
>
> Signed-off-by: Florent Revest
Acked-by: KP Singh
On Tue, Jan 19, 2021 at 5:00 PM Florent Revest wrote:
>
> This needs a new helper that:
> - can work in a sleepable context (using sock_gen_cookie)
> - takes a struct sock pointer and checks that it's not NULL
>
> Signed-off-by: Florent Revest
Acked-by: KP Singh
ookies are non-decreasing but we don't want users to rely on that.
>
> Reported-by: Daniel Borkmann
> Signed-off-by: Florent Revest
Acked-by: KP Singh
= ACCEPT part. I think it is correct
> by checking code.
>
> Acked-by: Yonghong Song
Thanks for the description!
Acked-by: KP Singh
atch was partially contributed by CyberArk Software, Inc.
>
> Fixes: 457f44363a88 ("bpf: Implement BPF ring buffer and verifier support for
> it")
> Suggested-by: Yonghong Song
> Signed-off-by: Gilad Reti
Acked-by: KP Singh
On Tue, Jan 12, 2021 at 5:32 PM Yonghong Song wrote:
>
>
>
> On 1/11/21 3:45 PM, Song Liu wrote:
> >
> >
> >> On Jan 11, 2021, at 1:58 PM, Martin Lau wrote:
> >>
> >> On Mon, Jan 11, 2021 at 10:35:43PM +0100, KP Singh wrote:
> >&
On Tue, Jan 12, 2021 at 4:43 PM Daniel Borkmann wrote:
>
> On 1/12/21 4:35 PM, Gilad Reti wrote:
> > On Tue, Jan 12, 2021 at 4:56 PM KP Singh wrote:
> >> On Tue, Jan 12, 2021 at 10:16 AM Gilad Reti wrote:
> >>>
> >>> Add test to check th
On Tue, Jan 12, 2021 at 3:24 PM Gilad Reti wrote:
>
> On Tue, Jan 12, 2021 at 3:57 PM KP Singh wrote:
> >
> > On Tue, Jan 12, 2021 at 10:14 AM Gilad Reti wrote:
> > >
> > > Add support for pointer to mem register spilling, to allow the verifier
> > &g
On Tue, Jan 12, 2021 at 10:16 AM Gilad Reti wrote:
>
> Add test to check that the verifier is able to recognize spilling of
> PTR_TO_MEM registers.
>
It would be nice to have some explanation of what the test does to
recognize the spilling of the PTR_TO_MEM registers in the commit
log as well.
ted with you
on the patch? And, in that case:
"Co-developed-by:" would be a better tag here.
Acked-by: KP Singh
>
> Fixes: 457f44363a88 ("bpf: Implement BPF ring buffer and verifier
> support for it")
> Signed-off-by: Gilad Reti
> ---
> kernel/bpf/verifier.
ength of the [copied ]string" could also refer to
> the length of the input.
>
> Signed-off-by: Brendan Jackman
Acked-by: KP Singh
On Tue, Jan 12, 2021 at 1:39 PM Brendan Jackman wrote:
>
> The error message here is misleading, the argument will be rejected
> unless it is a known constant.
>
> Signed-off-by: Brendan Jackman
> ---
> kernel/bpf/verifier.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git
On Mon, Jan 11, 2021 at 7:57 PM Martin KaFai Lau wrote:
>
> On Fri, Jan 08, 2021 at 03:19:47PM -0800, Song Liu wrote:
>
> [ ... ]
>
> > diff --git a/kernel/bpf/bpf_local_storage.c b/kernel/bpf/bpf_local_storage.c
> > index dd5aedee99e73..9bd47ad2b26f1 100644
> > ---
On Mon, Jan 11, 2021 at 6:31 PM Yonghong Song wrote:
>
>
>
> On 1/8/21 3:19 PM, Song Liu wrote:
> > Task local storage is enabled for tracing programs. Add a test for it
> > without CONFIG_BPF_LSM.
Can you also explain what the test does in the commit log?
It would also be nicer to have a
On Mon, Jan 11, 2021 at 7:27 AM Yonghong Song wrote:
>
>
>
> On 1/8/21 3:19 PM, Song Liu wrote:
> > To access per-task data, BPF program typically creates a hash table with
> > pid as the key. This is not ideal because:
> > 1. The use need to estimate requires size of the hash table, with may
On Sat, Jan 9, 2021 at 12:35 AM Song Liu wrote:
>
> To access per-task data, BPF program typically creates a hash table with
> pid as the key. This is not ideal because:
> 1. The use need to estimate requires size of the hash table, with may be
> inaccurate;
> 2. Big hash tables are slow;
>
d to
> check it for NULLness.
>
> This helper could also be useful to other BPF program types such as LSM.
>
> Signed-off-by: Florent Revest
Acked-by: KP Singh
On Tue, Dec 8, 2020 at 9:20 PM Florent Revest wrote:
>
> This needs two new helpers, one that works in a sleepable context (using
> sock_gen_cookie which disables/enables preemption) and one that does not
> (for performance reasons). Both take a struct sock pointer and need to
> check it for
with BPF and without NET.
> Acked-by: Martin KaFai Lau
Acked-by: KP Singh
On Fri, Nov 27, 2020 at 5:29 AM Andrii Nakryiko
wrote:
>
> On Tue, Nov 24, 2020 at 7:16 AM KP Singh wrote:
> >
> > From: KP Singh
> >
[...]
>
> > +cleanup() {
> > +local tmp_dir="$1"
> > +local mount_img="${tmp
On Fri, Nov 27, 2020 at 8:35 AM Yonghong Song wrote:
>
>
>
> On 11/26/20 8:57 AM, Florent Revest wrote:
> > This helper exposes the kallsyms_lookup function to eBPF tracing
> > programs. This can be used to retrieve the name of the symbol at an
> > address. For example, when hooking into
[...]
> diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
> index c3458ec1f30a..670998635eac 100644
> --- a/include/uapi/linux/bpf.h
> +++ b/include/uapi/linux/bpf.h
> @@ -3817,6 +3817,21 @@ union bpf_attr {
> * The **hash_algo** is returned on success,
> *
ialize a socket local storage with associations between
> processes and sockets or to selectively delete local storage values.
>
> Signed-off-by: Florent Revest
> Acked-by: Martin KaFai Lau
Acked-by: KP Singh
;
> This patch simplifies the API by letting callers deduce the error based
> on whether the returned socket is NULL or not.
>
> Suggested-by: Al Viro
> Signed-off-by: Florent Revest
Reviewed-by: KP Singh
[...]
> > + exit(errno);
>
> Running test_progs-no-alu32, the test failed as:
>
> root@arch-fb-vm1:~/net-next/net-next/tools/testing/selftests/bpf
> ./test_progs-no_alu32 -t test_ima
Note to self: Also start testing test_progs-no_alu32
>
> sh: ./ima_setup.sh: No such file or
On Tue, Nov 24, 2020 at 6:35 PM Yonghong Song wrote:
>
>
>
> On 11/24/20 7:12 AM, KP Singh wrote:
> > From: KP Singh
> >
> > This is in preparation to add a helper for BPF LSM programs to use
> > IMA hashes when attached to LSM hooks. There are LSM hooks lik
On Wed, Nov 25, 2020 at 3:20 AM Mimi Zohar wrote:
>
> On Tue, 2020-11-24 at 15:12 +0000, KP Singh wrote:
> > diff --git a/tools/testing/selftests/bpf/ima_setup.sh
> > b/tools/testing/selftests/bpf/ima_setup.sh
> > new file mode 100644
> > index ..
From: KP Singh
# v2 -> v3
- Fixed an issue pointed out by Alexei, the helper should only be
exposed to sleepable hooks.
- Update the selftests to constrain the IMA policy udpate to a loopback
filesystem specifically created for the test. Also, split this out
from the LSM test. I drop
From: KP Singh
Provide a wrapper function to get the IMA hash of an inode. This helper
is useful in fingerprinting files (e.g executables on execution) and
using these fingerprints in detections like an executable unlinking
itself.
Since the ima_inode_hash can sleep, it's only allowed
From: KP Singh
The test does the following:
- Mounts a loopback filesystem and appends the IMA policy to measure
executions only on this file-system. Restricting the IMA policy to a
particular filesystem prevents a system-wide IMA policy change.
- Executes an executable copied
From: KP Singh
This is in preparation to add a helper for BPF LSM programs to use
IMA hashes when attached to LSM hooks. There are LSM hooks like
inode_unlink which do not have a struct file * argument and cannot
use the existing ima_file_hash API.
An inode based API is, therefore, useful
On Tue, Nov 24, 2020 at 12:04 PM KP Singh wrote:
>
> On Tue, Nov 24, 2020 at 5:02 AM Alexei Starovoitov
> wrote:
> >
> > On Fri, Nov 20, 2020 at 01:17:07PM +, KP Singh wrote:
> > > +
> > > +static bool bpf_ima_inode_hash_allowed(const struct bpf_
On Tue, Nov 24, 2020 at 5:02 AM Alexei Starovoitov
wrote:
>
> On Fri, Nov 20, 2020 at 01:17:07PM +0000, KP Singh wrote:
> > +
> > +static bool bpf_ima_inode_hash_allowed(const struct bpf_prog *prog)
> > +{
> > + return bpf_lsm_is_sleepable
On Mon, Nov 23, 2020 at 7:36 PM Yonghong Song wrote:
>
>
>
> On 11/23/20 10:27 AM, KP Singh wrote:
> > [...]
> >
> >>>>
> >>>> Even if a custom policy has been loaded, potentially additional
> >>>> measurements unrelated
[...]
> > >
> > > Even if a custom policy has been loaded, potentially additional
> > > measurements unrelated to this test would be included the measurement
> > > list. One way of limiting a rule to a specific test is by loopback
> > > mounting a file system and defining a policy rule based on
On Mon, Nov 23, 2020 at 2:24 PM Mimi Zohar wrote:
>
> On Sat, 2020-11-21 at 00:50 +0000, KP Singh wrote:
> > From: KP Singh
> >
> > - Update the IMA policy before executing the test binary (this is not an
> > override of the policy, just an append that ensures th
From: KP Singh
- Update the IMA policy before executing the test binary (this is not an
override of the policy, just an append that ensures that hashes are
calculated on executions).
- Call the bpf_ima_inode_hash in the bprm_committed_creds hook and check
if the call succeeded and a hash
From: KP Singh
This is in preparation to add a helper for BPF LSM programs to use
IMA hashes when attached to LSM hooks. There are LSM hooks like
inode_unlink which do not have a struct file * argument and cannot
use the existing ima_file_hash API.
An inode based API is, therefore, useful
From: KP Singh
Provide a wrapper function to get the IMA hash of an inode. This helper
is useful in fingerprinting files (e.g executables on execution) and
using these fingerprints in detections like an executable unlinking
itself.
Since the ima_inode_hash can sleep, it's only allowed
On Fri, Nov 20, 2020 at 7:11 PM Yonghong Song wrote:
>
>
>
> On 11/20/20 5:17 AM, KP Singh wrote:
> > From: KP Singh
> >
> > - Update the IMA policy before executing the test binary (this is not an
> >override of the policy, just an append that ensur
[...]
> > + * long bpf_ima_inode_hash(struct inode *inode, void *dst, u32 size)
> > + * Description
> > + * Returns the stored IMA hash of the *inode* (if it's
> > avaialable).
> > + * If the hash is larger than *size*, then only *size*
> > + * bytes will be
[...]
> >
> > diff --git a/scripts/bpf_helpers_doc.py b/scripts/bpf_helpers_doc.py
> > index c5bc947a70ad..add7fcb32dcd 100755
> > --- a/scripts/bpf_helpers_doc.py
> > +++ b/scripts/bpf_helpers_doc.py
> > @@ -478,6 +478,7 @@ class PrinterHelpers(Printer):
> > 'struct
From: KP Singh
This is in preparation to add a helper for BPF LSM programs to use
IMA hashes when attached to LSM hooks. There are LSM hooks like
inode_unlink which do not have a struct file * argument and cannot
use the existing ima_file_hash API.
An inode based API is, therefore, useful
From: KP Singh
- Update the IMA policy before executing the test binary (this is not an
override of the policy, just an append that ensures that hashes are
calculated on executions).
- Call the bpf_ima_inode_hash in the bprm_committed_creds hook and check
if the call succeeded and a hash
From: KP Singh
Provide a wrapper function to get the IMA hash of an inode. This helper
is useful in fingerprinting files (e.g executables on execution) and
using these fingerprints in detections like an executable unlinking
itself.
Since the ima_inode_hash can sleep, it's only allowed
On Fri, Nov 20, 2020 at 1:32 AM Martin KaFai Lau wrote:
>
> On Thu, Nov 19, 2020 at 05:26:54PM +0100, Florent Revest wrote:
> > From: Florent Revest
> >
> > The eBPF program iterates over all files and tasks. For all socket
> > files, it stores the tgid of the last task it encountered with a
On Thu, Nov 19, 2020 at 5:27 PM Florent Revest wrote:
>
> From: Florent Revest
>
> Iterators are currently used to expose kernel information to userspace
> over fast procfs-like files but iterators could also be used to
> manipulate local storage. For example, the task_file iterator could be
>
do this a new helper
> wrapping sock_from_file is added.
>
> This is useful to tracing programs but also other program types
> inheriting this set of helpers such as iterators or LSM programs.
>
> Signed-off-by: Florent Revest
Acked-by: KP Singh
Some minor comments.
>
I think you meant to send these as [PATCH bpf-next] for bpf-next.
I guess we can do a round of reviews and update the next revision (if
any) with the correct prefixes.
On Thu, Nov 19, 2020 at 5:27 PM Florent Revest wrote:
>
> From: Florent Revest
>
> Currently, the sock_from_file prototype
On Tue, Nov 17, 2020 at 11:41 PM Daniel Borkmann wrote:
>
> On 11/17/20 3:13 AM, KP Singh wrote:
> > From: KP Singh
> >
> > The helper allows modification of certain bits on the linux_binprm
> > struct starting with the secureexec bit which can be updated using the
From: KP Singh
The test forks a child process, updates the local storage to set/unset
the securexec bit.
The BPF program in the test attaches to bprm_creds_for_exec which checks
the local storage of the current task to set the secureexec bit on the
binary parameters (bprm).
The child
From: KP Singh
The helper allows modification of certain bits on the linux_binprm
struct starting with the secureexec bit which can be updated using the
BPF_F_BPRM_SECUREEXEC flag.
secureexec can be set by the LSM for privilege gaining executions to set
the AT_SECURE auxv for glibc. When set
From: KP Singh
The test forks a child process, updates the local storage to set/unset
the securexec bit.
The BPF program in the test attaches to bprm_creds_for_exec which checks
the local storage of the current task to set the secureexec bit on the
binary parameters (bprm).
The child
From: KP Singh
The helper allows modification of certain bits on the linux_binprm
struct starting with the secureexec bit which can be updated using the
BPF_LSM_F_BPRM_SECUREEXEC flag.
secureexec can be set by the LSM for privilege gaining executions to set
the AT_SECURE auxv for glibc. When
On Tue, Nov 17, 2020 at 3:03 AM KP Singh wrote:
>
> On Tue, Nov 17, 2020 at 1:11 AM Martin KaFai Lau wrote:
> >
> > On Mon, Nov 16, 2020 at 11:25:35PM +, KP Singh wrote:
> > > From: KP Singh
> > >
> > > The helper allows modification of certain b
On Tue, Nov 17, 2020 at 1:11 AM Martin KaFai Lau wrote:
>
> On Mon, Nov 16, 2020 at 11:25:35PM +0000, KP Singh wrote:
> > From: KP Singh
> >
> > The helper allows modification of certain bits on the linux_binprm
> > struct starting with the secureexec
On Tue, Nov 17, 2020 at 1:43 AM Martin KaFai Lau wrote:
>
> On Mon, Nov 16, 2020 at 11:25:36PM +0000, KP Singh wrote:
> > From: KP Singh
> >
> > The test forks a child process, updates the local storage to set/unset
> > the securexec bit.
> >
>
From: KP Singh
The helper allows modification of certain bits on the linux_binprm
struct starting with the secureexec bit which can be updated using the
BPF_LSM_F_BPRM_SECUREEXEC flag.
secureexec can be set by the LSM for privilege gaining executions to set
the AT_SECURE auxv for glibc. When
From: KP Singh
The test forks a child process, updates the local storage to set/unset
the securexec bit.
The BPF program in the test attaches to bprm_creds_for_exec which checks
the local storage of the current task to set the secureexec bit on the
binary parameters (bprm).
The child
On Mon, Nov 16, 2020 at 11:48 PM KP Singh wrote:
>
> [...]
>
> > >
> > > +BPF_CALL_2(bpf_lsm_set_bprm_opts, struct linux_binprm *, bprm, u64,
> > > flags)
> > > +{
> >
> > This should also reject invalid flags. I'd rather change this helpe
[...]
> >
> > +BPF_CALL_2(bpf_lsm_set_bprm_opts, struct linux_binprm *, bprm, u64, flags)
> > +{
>
> This should also reject invalid flags. I'd rather change this helper from
> RET_VOID
> to RET_INTEGER and throw -EINVAL for everything other than
> BPF_LSM_F_BPRM_SECUREEXEC
> passed in here
[...]
> +
> +#include "vmlinux.h"
> +#include
> +#include
> +#include
> +
> +char _license[] SEC("license") = "GPL";
> +
> +struct {
> + __uint(type, BPF_MAP_TYPE_TASK_STORAGE);
> + __uint(map_flags, BPF_F_NO_PREALLOC);
> + __type(key, int);
> + __type(value, int);
> +}
From: KP Singh
The helper allows modification of certain bits on the linux_binprm
struct starting with the secureexec bit which can be updated using the
BPF_LSM_F_BPRM_SECUREEXEC flag.
secureexec can be set by the LSM for privilege gaining executions to set
the AT_SECURE auxv for glibc. When
From: KP Singh
The test forks a child process, updates the local storage to set/unset
the securexec bit.
The BPF program in the test attaches to bprm_creds_for_exec which checks
the local storage of the current task to set the secureexec bit on the
binary parameters (bprm).
The child
From: KP Singh
Update the set of sleepable hooks with the ones that do not trigger
a warning with might_fault() when exercised with the correct kernel
config options enabled, i.e.
DEBUG_ATOMIC_SLEEP=y
LOCKDEP=y
PROVE_LOCKING=y
This means that a sleepable LSM eBPF
From: KP Singh
# v2 -> v3
* Remove the list of non-sleepable hooks, will send a separate patch
to the lsm list based on the discussion with Daniel.
* Add Andrii's ack for real
# v1 -> v2
* Fixed typos and formatting errors.
* Added Andrii's ack.
KP Singh (2):
bpf: A
From: KP Singh
Sleepable hooks are never called from an NMI/interrupt context, so it is
safe to use the bpf_d_path helper in LSM programs attaching to these
hooks.
The helper is not restricted to sleepable programs and merely uses the
list of sleeable hooks as the initial subset of LSM hooks
On Thu, Nov 12, 2020 at 11:35 PM Daniel Borkmann wrote:
>
> On 11/12/20 9:03 PM, KP Singh wrote:
> > From: KP Singh
> >
> > Update the set of sleepable hooks with the ones that do not trigger
> > a warning with might_fault() when exercised with the correct kernel
&
On Thu, Nov 12, 2020 at 9:03 PM KP Singh wrote:
>
> From: KP Singh
>
> # v1 -> v2
>
> * Fixed typos and formatting errors.
> * Added Andrii's ack.
Oops, I sent an older patch file which does not have Andrii's ack.
From: KP Singh
# v1 -> v2
* Fixed typos and formatting errors.
* Added Andrii's ack.
KP Singh (2):
bpf: Augment the set of sleepable LSM hooks
bpf: Expose bpf_d_path helper to sleepable LSM hooks
include/linux/bpf_lsm.h | 7 +++
kernel/bpf/bpf_lsm.c |
From: KP Singh
Sleepable hooks are never called from an NMI/interrupt context, so it is
safe to use the bpf_d_path helper in LSM programs attaching to these
hooks.
The helper is not restricted to sleepable programs and merely uses the
list of sleeable hooks as the initial subset of LSM hooks
From: KP Singh
Update the set of sleepable hooks with the ones that do not trigger
a warning with might_fault() when exercised with the correct kernel
config options enabled, i.e.
DEBUG_ATOMIC_SLEEP=y
LOCKDEP=y
PROVE_LOCKING=y
This means that a sleepable LSM eBPF
On Thu, Nov 12, 2020 at 7:48 PM Andrii Nakryiko
wrote:
>
> On Thu, Nov 12, 2020 at 9:20 AM KP Singh wrote:
> >
> > From: KP Singh
> >
> > Update the set of sleepable hooks with the ones that do not trigger
> > a warning with might_fault() when exercise
From: KP Singh
Sleepable hooks are never called from an NMI/interrupt context, so it is
safe to use the bpf_d_path helper in LSM programs attaching to these
hooks.
The helper is not restricted to sleepable programs and merely uses the
list of sleeable hooks as the initial subset of LSM hooks
From: KP Singh
Update the set of sleepable hooks with the ones that do not trigger
a warning with might_fault() when exercised with the correct kernel
config options enabled, i.e.
DEBUG_ATOMIC_SLEEP=y
LOCKDEP=y
PROVE_LOCKING=y
This means that a sleepable LSM eBPF
On Fri, Nov 6, 2020 at 3:14 AM Alexei Starovoitov
wrote:
>
> On Thu, Nov 05, 2020 at 10:58:26PM +0000, KP Singh wrote:
> > +
> > + ret = copy_file_range(fd_in, NULL, fd_out, NULL, stat.st_size, 0);
>
> centos7 glibc doesn't have it.
>
> /prog_tests/test_local_sto
From: KP Singh
Similar to bpf_local_storage for sockets and inodes add local storage
for task_struct.
The life-cycle of storage is managed with the life-cycle of the
task_struct. i.e. the storage is destroyed along with the owning task
with a callback to the bpf_task_storage_free from
From: KP Singh
Updates the bpf_probe_map_type API to also support
BPF_MAP_TYPE_TASK_STORAGE similar to other local storage maps.
Acked-by: Martin KaFai Lau
Signed-off-by: KP Singh
---
tools/lib/bpf/libbpf_probes.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/lib/bpf
From: KP Singh
The test exercises the syscall based map operations by creating a pidfd
for the current process.
For verifying kernel / LSM functionality, the test implements a simple
MAC policy which denies an executable from unlinking itself. The LSM
program bprm_committed_creds sets
From: KP Singh
With the fixing of BTF pruning of embedded types being fixed, the test
can be simplified to use vmlinux.h
Acked-by: Song Liu
Signed-off-by: KP Singh
---
.../selftests/bpf/progs/local_storage.c | 20 +--
1 file changed, 1 insertion(+), 19 deletions
From: KP Singh
Updates the binary to handle the BPF_MAP_TYPE_TASK_STORAGE as
"task_storage" for printing and parsing. Also updates the documentation
and bash completion
Acked-by: Song Liu
Acked-by: Martin KaFai Lau
Signed-off-by: KP Singh
---
tools/bpf/bpftool/Documentation/bpfto
From: KP Singh
Usage of spin locks was not allowed for tracing programs due to
insufficient preemption checks. The verifier does not currently prevent
LSM programs from using spin locks, but the helpers are not exposed
via bpf_lsm_func_proto.
Based on the discussion in [1], non-sleepable LSM
From: KP Singh
The currently available bpf_get_current_task returns an unsigned integer
which can be used along with BPF_CORE_READ to read data from
the task_struct but still cannot be used as an input argument to a
helper that accepts an ARG_PTR_TO_BTF_ID of type task_struct.
In order
From: KP Singh
# v5 -> v6
- Using a wrapper for copy_file_range in selftests since it's missing
in older libcs.
- Added Martin's acks.
# v4 -> v5
- Fixes to selftests as suggested by Martin.
- Added Martin's acks.
# v3 -> v4
- Move the patch that exposes spin lock helpers to LSM
From: KP Singh
The {inode,sk}_storage_result checking if the correct value was retrieved
was being clobbered unconditionally by the return value of the
bpf_{inode,sk}_storage_delete call.
Also, consistently use the newly added BPF_LOCAL_STORAGE_GET_F_CREATE
flag.
Acked-by: Song Liu
Fixes
From: KP Singh
Use the check_syscall_operations added for task_local_storage to
exercise syscall operations for other local storage maps:
* Check the absence of an element for the given fd.
* Create a new element, retrieve and compare its value.
* Delete the element and check again for absence
From: KP Singh
The current logic checks if the name of the BTF type passed in
attach_btf_id starts with "bpf_lsm_", this is not sufficient as it also
allows attachment to non-LSM hooks like the very function that performs
this check, i.e. bpf_lsm_verify_prog.
In order
On Fri, Nov 6, 2020 at 12:02 AM KP Singh wrote:
>
> From: KP Singh
>
> The current logic checks if the name of the BTF type passed in
> attach_btf_id starts with "bpf_lsm_", this is not sufficient as it also
> allows attachment to non-LSM hooks like the very functio
From: KP Singh
The current logic checks if the name of the BTF type passed in
attach_btf_id starts with "bpf_lsm_", this is not sufficient as it also
allows attachment to non-LSM hooks like the very function that performs
this check, i.e. bpf_lsm_verify_prog.
In order
From: KP Singh
# v4 -> v5
- Fixes to selftests as suggested by Martin.
- Added Martin's acks.
# v3 -> v4
- Move the patch that exposes spin lock helpers to LSM programs as the
first patch as some of the changes in the implementation are actually
for spin locks.
- Clarify the c
From: KP Singh
Updates the binary to handle the BPF_MAP_TYPE_TASK_STORAGE as
"task_storage" for printing and parsing. Also updates the documentation
and bash completion
Acked-by: Song Liu
Acked-by: Martin KaFai Lau
Signed-off-by: KP Singh
---
tools/bpf/bpftool/Documentation/bpfto
1 - 100 of 291 matches
Mail list logo
