[v7,bpf-next,0/2] security: Propagate caller information in bpf hooks

Message ID	20250310221737.821889-1-bboscaccy@linux.microsoft.com (mailing list archive)
Headers	show Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 32DAE36B; Mon, 10 Mar 2025 22:17:56 +0000 (UTC) From: Blaise Boscaccy <bboscaccy@linux.microsoft.com> To: Paul Moore <paul@paul-moore.com>, James Morris <jmorris@namei.org>, "Serge E. Hallyn" <serge@hallyn.com>, Alexei Starovoitov <ast@kernel.org>, Daniel Borkmann <daniel@iogearbox.net>, John Fastabend <john.fastabend@gmail.com>, Andrii Nakryiko <andrii@kernel.org>, Martin KaFai Lau <martin.lau@linux.dev>, Eduard Zingerman <eddyz87@gmail.com>, Song Liu <song@kernel.org>, Yonghong Song <yonghong.song@linux.dev>, KP Singh <kpsingh@kernel.org>, Stanislav Fomichev <sdf@fomichev.me>, Hao Luo <haoluo@google.com>, Jiri Olsa <jolsa@kernel.org>, Stephen Smalley <stephen.smalley.work@gmail.com>, Ondrej Mosnacek <omosnace@redhat.com>, Mykola Lysenko <mykolal@fb.com>, Shuah Khan <shuah@kernel.org>, Blaise Boscaccy <bboscaccy@linux.microsoft.com>, Kumar Kartikeya Dwivedi <memxor@gmail.com>, Matt Bobrowski <mattbobrowski@google.com>, Xu Kuohai <xukuohai@huawei.com>, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, bpf@vger.kernel.org, selinux@vger.kernel.org, linux-kselftest@vger.kernel.org Subject: [PATCH v7 bpf-next 0/2] security: Propagate caller information in bpf hooks Date: Mon, 10 Mar 2025 15:17:10 -0700 Message-ID: <20250310221737.821889-1-bboscaccy@linux.microsoft.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	security: Propagate caller information in bpf hooks \| expand [v7,bpf-next,0/2] security: Propagate caller information in bpf hooks [v7,bpf-next,1/2] security: Propagate caller information in bpf hooks [v7,bpf-next,2/2] selftests/bpf: Add a kernel flag test for LSM bpf hook

Message ID

20250310221737.821889-1-bboscaccy@linux.microsoft.com (mailing list archive)

Headers

From: Blaise Boscaccy <bboscaccy@linux.microsoft.com>
To: Paul Moore <paul@paul-moore.com>,
	James Morris <jmorris@namei.org>,
	"Serge E. Hallyn" <serge@hallyn.com>,
	Alexei Starovoitov <ast@kernel.org>,
	Daniel Borkmann <daniel@iogearbox.net>,
	John Fastabend <john.fastabend@gmail.com>,
	Andrii Nakryiko <andrii@kernel.org>,
	Martin KaFai Lau <martin.lau@linux.dev>,
	Eduard Zingerman <eddyz87@gmail.com>,
	Song Liu <song@kernel.org>,
	Yonghong Song <yonghong.song@linux.dev>,
	KP Singh <kpsingh@kernel.org>,
	Stanislav Fomichev <sdf@fomichev.me>,
	Hao Luo <haoluo@google.com>,
	Jiri Olsa <jolsa@kernel.org>,
	Stephen Smalley <stephen.smalley.work@gmail.com>,
	Ondrej Mosnacek <omosnace@redhat.com>,
	Mykola Lysenko <mykolal@fb.com>,
	Shuah Khan <shuah@kernel.org>,
	Blaise Boscaccy <bboscaccy@linux.microsoft.com>,
	Kumar Kartikeya Dwivedi <memxor@gmail.com>,
	Matt Bobrowski <mattbobrowski@google.com>,
	Xu Kuohai <xukuohai@huawei.com>,
	linux-kernel@vger.kernel.org,
	linux-security-module@vger.kernel.org,
	bpf@vger.kernel.org,
	selinux@vger.kernel.org,
	linux-kselftest@vger.kernel.org
Subject: [PATCH v7 bpf-next 0/2] security: Propagate caller information in bpf
 hooks
Date: Mon, 10 Mar 2025 15:17:10 -0700
Message-ID: <20250310221737.821889-1-bboscaccy@linux.microsoft.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

security: Propagate caller information in bpf hooks | expand

Message

Blaise Boscaccy March 10, 2025, 10:17 p.m. UTC

Hello,

While trying to implement an eBPF gatekeeper program, we ran into an
issue whereas the LSM hooks are missing some relevant data.

Certain subcommands passed to the bpf() syscall can be invoked from
either the kernel or userspace. Additionally, some fields in the
bpf_attr struct contain pointers, and depending on where the
subcommand was invoked, they could point to either user or kernel
memory. One example of this is the bpf_prog_load subcommand and its
fd_array. This data is made available and used by the verifier but not
made available to the LSM subsystem. This patchset simply exposes that
information to applicable LSM hooks.

Change list:
- v6 -> v7
  - use gettid/pid in lieu of getpid/tgid in test condition
- v5 -> v6
  - fix regression caused by is_kernel renaming
  - simplify test logic
- v4 -> v5
  - merge v4 selftest breakout patch back into a single patch
  - change "is_kernel" to "kernel"
  - add selftest using new kernel flag
- v3 -> v4
  - split out selftest changes into a separate patch
- v2 -> v3
  - reorder params so that the new boolean flag is the last param
  - fixup function signatures in bpf selftests
- v1 -> v2
  - Pass a boolean flag in lieu of bpfptr_t

Revisions:
- v6
  https://lore.kernel.org/bpf/20250308013314.719150-1-bboscaccy@linux.microsoft.com/
- v5
  https://lore.kernel.org/bpf/20250307213651.3065714-1-bboscaccy@linux.microsoft.com/
- v4
  https://lore.kernel.org/bpf/20250304203123.3935371-1-bboscaccy@linux.microsoft.com/
- v3
  https://lore.kernel.org/bpf/20250303222416.3909228-1-bboscaccy@linux.microsoft.com/
- v2
  https://lore.kernel.org/bpf/20250228165322.3121535-1-bboscaccy@linux.microsoft.com/
- v1
  https://lore.kernel.org/bpf/20250226003055.1654837-1-bboscaccy@linux.microsoft.com/


Blaise Boscaccy (2):
  security: Propagate caller information in bpf hooks
  selftests/bpf: Add a kernel flag test for LSM bpf hook

 include/linux/lsm_hook_defs.h                 |  6 +--
 include/linux/security.h                      | 12 +++---
 kernel/bpf/syscall.c                          | 10 ++---
 security/security.c                           | 15 ++++---
 security/selinux/hooks.c                      |  6 +--
 .../selftests/bpf/prog_tests/kernel_flag.c    | 43 +++++++++++++++++++
 .../selftests/bpf/progs/rcu_read_lock.c       |  3 +-
 .../bpf/progs/test_cgroup1_hierarchy.c        |  4 +-
 .../selftests/bpf/progs/test_kernel_flag.c    | 28 ++++++++++++
 .../bpf/progs/test_kfunc_dynptr_param.c       |  6 +--
 .../selftests/bpf/progs/test_lookup_key.c     |  2 +-
 .../selftests/bpf/progs/test_ptr_untrusted.c  |  2 +-
 .../bpf/progs/test_task_under_cgroup.c        |  2 +-
 .../bpf/progs/test_verify_pkcs7_sig.c         |  2 +-
 14 files changed, 108 insertions(+), 33 deletions(-)
 create mode 100644 tools/testing/selftests/bpf/prog_tests/kernel_flag.c
 create mode 100644 tools/testing/selftests/bpf/progs/test_kernel_flag.c

Comments

patchwork-bot+netdevbpf@kernel.org March 11, 2025, 11:40 a.m. UTC | #1

Hello:

This series was applied to bpf/bpf-next.git (master)
by Alexei Starovoitov <ast@kernel.org>:

On Mon, 10 Mar 2025 15:17:10 -0700 you wrote:
> Hello,
> 
> While trying to implement an eBPF gatekeeper program, we ran into an
> issue whereas the LSM hooks are missing some relevant data.
> 
> Certain subcommands passed to the bpf() syscall can be invoked from
> either the kernel or userspace. Additionally, some fields in the
> bpf_attr struct contain pointers, and depending on where the
> subcommand was invoked, they could point to either user or kernel
> memory. One example of this is the bpf_prog_load subcommand and its
> fd_array. This data is made available and used by the verifier but not
> made available to the LSM subsystem. This patchset simply exposes that
> information to applicable LSM hooks.
> 
> [...]

Here is the summary with links:
  - [v7,bpf-next,1/2] security: Propagate caller information in bpf hooks
    https://git.kernel.org/bpf/bpf-next/c/a8cd03532fc9
  - [v7,bpf-next,2/2] selftests/bpf: Add a kernel flag test for LSM bpf hook
    https://git.kernel.org/bpf/bpf-next/c/f563314d7293

You are awesome, thank you!