From patchwork Tue Aug  2 23:27:40 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Sargun Dhillon <sargun@sargun.me>
X-Patchwork-Id: 9260483
Return-Path: <linux-security-module-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	044CC6077C
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Tue,  2 Aug 2016 23:28:38 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E9C2F284DE
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Tue,  2 Aug 2016 23:28:37 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id DDA1728518; Tue,  2 Aug 2016 23:28:37 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 68287284DE
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Tue,  2 Aug 2016 23:28:37 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1755199AbcHBX2g (ORCPT
	<rfc822;patchwork-linux-security-module@patchwork.kernel.org>);
	Tue, 2 Aug 2016 19:28:36 -0400
Received: from mail-it0-f44.google.com ([209.85.214.44]:38260 "EHLO
	mail-it0-f44.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1754773AbcHBX2g (ORCPT
	<rfc822;linux-security-module@vger.kernel.org>);
	Tue, 2 Aug 2016 19:28:36 -0400
Received: by mail-it0-f44.google.com with SMTP id j124so218507250ith.1
	for <linux-security-module@vger.kernel.org>;
	Tue, 02 Aug 2016 16:27:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sargun.me; s=google;
	h=date:from:to:subject:message-id:mime-version:content-disposition
	:user-agent; bh=ZQ3O4Lc2/tMScZGtIDom3MqIBmy6NNTeDL2Lx4xEh8c=;
	b=bi2Ney1xkjREwcTclJzGwE1h2w9Sx69sNQ1RULFxpBmGfBYkHpRa8sVqZxeRtiOFZ7
	Mioo9V2GiUPYjhGIImroWhZLSPXHpJwn8mKJVONdUKjPxESdkdQFLpYrwOZJY8pScq9Z
	99eLPBE4NtoYxU9IafMucsfKVWIlbx8WKaMV4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:date:from:to:subject:message-id:mime-version
	:content-disposition:user-agent;
	bh=ZQ3O4Lc2/tMScZGtIDom3MqIBmy6NNTeDL2Lx4xEh8c=;
	b=Kei3Z23e9Dk9LeWqMCaKqlj9BfV2IaKYu10uQ3/VLUhxrxe20nfLlzj6XUEijZTSKT
	Z9/EsIZRelntvuRLI2ETllwBnPckLIfu3dyrRKgAsR7TN0RMiuA8Z8t4Tj1hh8Ccm+yI
	gfz1+zIyAM38yooOPAGKmNVakR9FMJGAwoKHFKLYTWvSx486VgP1z1kLRg+4SMhCVJow
	z9+L75bO+a5uzzG6BTW6TkCuQUy/B5EMjEANQs3ZfhwVwyRST1OO35sHFj+K/lARRUsQ
	WYlBdNk/lauTi/hE3Sprmxo7Z2Ynex0VC4aRmu745e6OLVMXBd0P9/bFBh6pBAj/79L+
	+BLg==
X-Gm-Message-State: 
 AEkoouvt/xrA5Z6Zxw/8+qP2wf1jCUQFZkLkJXMHFY6xsXY4duz9R4BX3LlRfxCDxEHbjQ==
X-Received: by 10.36.112.11 with SMTP id f11mr53993368itc.57.1470180461716;
	Tue, 02 Aug 2016 16:27:41 -0700 (PDT)
Received: from ircssh.c.rugged-nimbus-611.internal
	(55.145.251.23.bc.googleusercontent.com. [23.251.145.55])
	by smtp.gmail.com with ESMTPSA id
	m128sm2343489iom.32.2016.08.02.16.27.41
	for <linux-security-module@vger.kernel.org>
	(version=TLS1_2 cipher=AES128-SHA bits=128/128);
	Tue, 02 Aug 2016 16:27:41 -0700 (PDT)
Date: Tue, 2 Aug 2016 16:27:40 -0700
From: Sargun Dhillon <sargun@sargun.me>
To: linux-security-module@vger.kernel.org
Subject: [RFC 4/4] bpf: Restrict Checmate bpf programs to current kernel ABI
Message-ID: <20160802232738.GA25315@ircssh.c.rugged-nimbus-611.internal>
MIME-Version: 1.0
Content-Disposition: inline
User-Agent: Mutt/1.5.21 (2010-09-15)
Sender: owner-linux-security-module@vger.kernel.org
Precedence: bulk
List-ID: <linux-security-module.vger.kernel.org>
X-Virus-Scanned: ClamAV using ClamSMTP

At least while this is in testing, I think it makes sense to restrict
Checmate to loading programs that have been compiled with the current
kernel ABI. We can further stabilize the ABI, and perhaps lift this
restriction later.

Signed-off-by: Sargun Dhillon <sargun@sargun.me>
---
 kernel/bpf/syscall.c         | 2 +-
 samples/bpf/checmate1_kern.c | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index 228f962..2a37b4d 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -741,7 +741,7 @@ static int bpf_prog_load(union bpf_attr *attr)
 	if (attr->insn_cnt >= BPF_MAXINSNS)
 		return -EINVAL;
 
-	if (type == BPF_PROG_TYPE_KPROBE &&
+	if ((type & (BPF_PROG_TYPE_KPROBE | BPF_PROG_TYPE_CHECMATE)) &&
 	    attr->kern_version != LINUX_VERSION_CODE)
 		return -EINVAL;
 
diff --git a/samples/bpf/checmate1_kern.c b/samples/bpf/checmate1_kern.c
index f78b66b..d4ec1fa 100644
--- a/samples/bpf/checmate1_kern.c
+++ b/samples/bpf/checmate1_kern.c
@@ -3,6 +3,7 @@
 #include <linux/in.h>
 #include <linux/checmate.h>
 #include "bpf_helpers.h"
+#include <linux/version.h>
 
 SEC("checmate")
 int prog(struct checmate_ctx *ctx)
@@ -24,4 +25,4 @@ int prog(struct checmate_ctx *ctx)
 }
 
 char _license[] SEC("license") = "GPL";
-
+u32 _version SEC("version") = LINUX_VERSION_CODE;