mbox series

[bpf-next,v2,0/9] Add BPF LSM return value range check, BPF part

Message ID 20240719110059.797546-1-xukuohai@huaweicloud.com (mailing list archive)
Headers show
Series Add BPF LSM return value range check, BPF part | expand

Message

Xu Kuohai July 19, 2024, 11 a.m. UTC 
From: Xu Kuohai <xukuohai@huawei.com>

LSM BPF prog may make kernel panic when returning an unexpected value,
such as returning positive value on hook file_alloc_security.

To fix it, series [1] refactored LSM hook return values and added
BPF return value check on top of that. Since the refactoring of LSM
hooks and checking BPF prog return value patches is not closely related,
this series separates BPF-related patches from [1].

v2:
- Update Shung-Hsi's patch with [3]

v1: https://lore.kernel.org/bpf/20240719081749.769748-1-xukuohai@huaweicloud.com/

Changes to [1]:

1. Extend LSM disabled list to include hooks refactored in [1] to avoid
   dependency on the hooks return value refactoring patches.

2. Replace the special case patch for bitwise AND on [-1, 0] with Shung-Hsi's
   general bitwise AND improvement patch [2].

3. Remove unused patches.

[1] https://lore.kernel.org/bpf/20240711111908.3817636-1-xukuohai@huaweicloud.com
    https://lore.kernel.org/bpf/20240711113828.3818398-1-xukuohai@huaweicloud.com

[2] https://lore.kernel.org/bpf/ykuhustu7vt2ilwhl32kj655xfdgdlm2xkl5rff6tw2ycksovp@ss2n4gpjysnw

[3] https://lore.kernel.org/bpf/20240719081702.137173-1-shung-hsi.yu@suse.com/

Shung-Hsi Yu (1):
  bpf, verifier: improve signed ranges inference for BPF_AND

Xu Kuohai (8):
  bpf, lsm: Add disabled BPF LSM hook list
  bpf, lsm: Add check for BPF LSM return value
  bpf: Prevent tail call between progs attached to different hooks
  bpf: Fix compare error in function retval_range_within
  selftests/bpf: Avoid load failure for token_lsm.c
  selftests/bpf: Add return value checks for failed tests
  selftests/bpf: Add test for lsm tail call
  selftests/bpf: Add verifier tests for bpf lsm

 include/linux/bpf.h                           |   2 +
 include/linux/bpf_lsm.h                       |   8 +
 kernel/bpf/bpf_lsm.c                          |  65 ++++++-
 kernel/bpf/btf.c                              |   5 +-
 kernel/bpf/core.c                             |  21 ++-
 kernel/bpf/verifier.c                         | 139 ++++++++++----
 .../selftests/bpf/prog_tests/test_lsm.c       |  46 ++++-
 .../selftests/bpf/prog_tests/verifier.c       |   2 +
 tools/testing/selftests/bpf/progs/err.h       |  10 +
 .../selftests/bpf/progs/lsm_tailcall.c        |  34 ++++
 .../selftests/bpf/progs/test_sig_in_xattr.c   |   4 +
 .../bpf/progs/test_verify_pkcs7_sig.c         |   8 +-
 tools/testing/selftests/bpf/progs/token_lsm.c |   4 +-
 .../bpf/progs/verifier_global_subprogs.c      |   7 +-
 .../selftests/bpf/progs/verifier_lsm.c        | 178 ++++++++++++++++++
 15 files changed, 486 insertions(+), 47 deletions(-)
 create mode 100644 tools/testing/selftests/bpf/progs/lsm_tailcall.c
 create mode 100644 tools/testing/selftests/bpf/progs/verifier_lsm.c

Comments

patchwork-bot+netdevbpf@kernel.org July 23, 2024, 12:50 a.m. UTC | #1 
Hello:

This series was applied to bpf/bpf-next.git (master)
by Alexei Starovoitov <ast@kernel.org>:

On Fri, 19 Jul 2024 19:00:50 +0800 you wrote:
> From: Xu Kuohai <xukuohai@huawei.com>
> 
> LSM BPF prog may make kernel panic when returning an unexpected value,
> such as returning positive value on hook file_alloc_security.
> 
> To fix it, series [1] refactored LSM hook return values and added
> BPF return value check on top of that. Since the refactoring of LSM
> hooks and checking BPF prog return value patches is not closely related,
> this series separates BPF-related patches from [1].
> 
> [...]

Here is the summary with links:
  - [bpf-next,v2,1/9] bpf, lsm: Add disabled BPF LSM hook list
    https://git.kernel.org/bpf/bpf-next/c/afe4588df73f
  - [bpf-next,v2,2/9] bpf, lsm: Add check for BPF LSM return value
    https://git.kernel.org/bpf/bpf-next/c/af980eb89f06
  - [bpf-next,v2,3/9] bpf: Prevent tail call between progs attached to different hooks
    https://git.kernel.org/bpf/bpf-next/c/b39ffa50b415
  - [bpf-next,v2,4/9] bpf: Fix compare error in function retval_range_within
    https://git.kernel.org/bpf/bpf-next/c/9e14de5b9c12
  - [bpf-next,v2,5/9] bpf, verifier: improve signed ranges inference for BPF_AND
    (no matching commit)
  - [bpf-next,v2,6/9] selftests/bpf: Avoid load failure for token_lsm.c
    https://git.kernel.org/bpf/bpf-next/c/f81ad29cdf88
  - [bpf-next,v2,7/9] selftests/bpf: Add return value checks for failed tests
    https://git.kernel.org/bpf/bpf-next/c/fc2baf1730f9
  - [bpf-next,v2,8/9] selftests/bpf: Add test for lsm tail call
    https://git.kernel.org/bpf/bpf-next/c/2f56fae88135
  - [bpf-next,v2,9/9] selftests/bpf: Add verifier tests for bpf lsm
    https://git.kernel.org/bpf/bpf-next/c/cc1bfd52e4ca

You are awesome, thank you!