From patchwork Wed Jun 8 11:12:19 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Roberto Sassu X-Patchwork-Id: 12873322 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id DE854C433EF for ; Wed, 8 Jun 2022 11:15:19 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237795AbiFHLPS (ORCPT ); Wed, 8 Jun 2022 07:15:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56916 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237553AbiFHLPM (ORCPT ); Wed, 8 Jun 2022 07:15:12 -0400 Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C78A727B9B6; Wed, 8 Jun 2022 04:15:09 -0700 (PDT) Received: from fraeml714-chm.china.huawei.com (unknown [172.18.147.206]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4LJ4Nd37RXz67Vdy; Wed, 8 Jun 2022 19:13:53 +0800 (CST) Received: from roberto-ThinkStation-P620.huawei.com (10.204.63.22) by fraeml714-chm.china.huawei.com (10.206.15.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Wed, 8 Jun 2022 13:15:07 +0200 From: Roberto Sassu To: , , , CC: , , , , Roberto Sassu Subject: [PATCH v2 1/3] bpf: Add bpf_verify_pkcs7_signature() helper Date: Wed, 8 Jun 2022 13:12:19 +0200 Message-ID: <20220608111221.373833-2-roberto.sassu@huawei.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220608111221.373833-1-roberto.sassu@huawei.com> References: <20220608111221.373833-1-roberto.sassu@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.204.63.22] X-ClientProxiedBy: lhreml753-chm.china.huawei.com (10.201.108.203) To fraeml714-chm.china.huawei.com (10.206.15.33) X-CFilter-Loop: Reflected Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org Add the bpf_verify_pkcs7_signature() helper, to give the ability to eBPF security modules to check the validity of a PKCS#7 signature against supplied data. Use the 'keyring' parameter to select the keyring containing the verification key: 0 for the primary keyring, 1 for the primary and secondary keyrings, 2 for the platform keyring. Signed-off-by: Roberto Sassu Reported-by: kernel test robot --- include/uapi/linux/bpf.h | 8 ++++++++ kernel/bpf/bpf_lsm.c | 32 ++++++++++++++++++++++++++++++++ tools/include/uapi/linux/bpf.h | 8 ++++++++ 3 files changed, 48 insertions(+) diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h index f4009dbdf62d..40d0fc0d9493 100644 --- a/include/uapi/linux/bpf.h +++ b/include/uapi/linux/bpf.h @@ -5249,6 +5249,13 @@ union bpf_attr { * Pointer to the underlying dynptr data, NULL if the dynptr is * read-only, if the dynptr is invalid, or if the offset and length * is out of bounds. + * + * long bpf_verify_pkcs7_signature(u8 *data, u32 datalen, u8 *sig, u32 siglen, u64 keyring) + * Description + * Verify the PKCS#7 *sig* with length *siglen*, on *data* with + * length *datalen*, with key in *keyring*. + * Return + * 0 on success, a negative value on error. */ #define __BPF_FUNC_MAPPER(FN) \ FN(unspec), \ @@ -5455,6 +5462,7 @@ union bpf_attr { FN(dynptr_read), \ FN(dynptr_write), \ FN(dynptr_data), \ + FN(verify_pkcs7_signature), \ /* */ /* integer value in 'imm' field of BPF_CALL instruction selects which helper diff --git a/kernel/bpf/bpf_lsm.c b/kernel/bpf/bpf_lsm.c index c1351df9f7ee..1cda43cb541a 100644 --- a/kernel/bpf/bpf_lsm.c +++ b/kernel/bpf/bpf_lsm.c @@ -16,6 +16,7 @@ #include #include #include +#include /* For every LSM hook that allows attachment of BPF programs, declare a nop * function where a BPF program can be attached. @@ -132,6 +133,35 @@ static const struct bpf_func_proto bpf_get_attach_cookie_proto = { .arg1_type = ARG_PTR_TO_CTX, }; +BPF_CALL_5(bpf_verify_pkcs7_signature, u8 *, data, u32, datalen, u8 *, sig, + u32, siglen, u64, keyring) +{ + int ret = -EOPNOTSUPP; + +#ifdef CONFIG_SYSTEM_DATA_VERIFICATION + if (keyring > (unsigned long)VERIFY_USE_PLATFORM_KEYRING) + return -EINVAL; + + ret = verify_pkcs7_signature(data, datalen, sig, siglen, + (struct key *)keyring, + VERIFYING_UNSPECIFIED_SIGNATURE, NULL, + NULL); +#endif + return ret; +} + +static const struct bpf_func_proto bpf_verify_pkcs7_signature_proto = { + .func = bpf_verify_pkcs7_signature, + .gpl_only = false, + .ret_type = RET_INTEGER, + .arg1_type = ARG_PTR_TO_MEM, + .arg2_type = ARG_CONST_SIZE_OR_ZERO, + .arg3_type = ARG_PTR_TO_MEM, + .arg4_type = ARG_CONST_SIZE_OR_ZERO, + .arg5_type = ARG_ANYTHING, + .allowed = bpf_ima_inode_hash_allowed, +}; + static const struct bpf_func_proto * bpf_lsm_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) { @@ -158,6 +188,8 @@ bpf_lsm_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) return prog->aux->sleepable ? &bpf_ima_file_hash_proto : NULL; case BPF_FUNC_get_attach_cookie: return bpf_prog_has_trampoline(prog) ? &bpf_get_attach_cookie_proto : NULL; + case BPF_FUNC_verify_pkcs7_signature: + return prog->aux->sleepable ? &bpf_verify_pkcs7_signature_proto : NULL; default: return tracing_prog_func_proto(func_id, prog); } diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h index f4009dbdf62d..40d0fc0d9493 100644 --- a/tools/include/uapi/linux/bpf.h +++ b/tools/include/uapi/linux/bpf.h @@ -5249,6 +5249,13 @@ union bpf_attr { * Pointer to the underlying dynptr data, NULL if the dynptr is * read-only, if the dynptr is invalid, or if the offset and length * is out of bounds. + * + * long bpf_verify_pkcs7_signature(u8 *data, u32 datalen, u8 *sig, u32 siglen, u64 keyring) + * Description + * Verify the PKCS#7 *sig* with length *siglen*, on *data* with + * length *datalen*, with key in *keyring*. + * Return + * 0 on success, a negative value on error. */ #define __BPF_FUNC_MAPPER(FN) \ FN(unspec), \ @@ -5455,6 +5462,7 @@ union bpf_attr { FN(dynptr_read), \ FN(dynptr_write), \ FN(dynptr_data), \ + FN(verify_pkcs7_signature), \ /* */ /* integer value in 'imm' field of BPF_CALL instruction selects which helper From patchwork Wed Jun 8 11:12:20 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Roberto Sassu X-Patchwork-Id: 12873323 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id EE526C433EF for ; Wed, 8 Jun 2022 11:15:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237834AbiFHLPT (ORCPT ); Wed, 8 Jun 2022 07:15:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56920 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237554AbiFHLPM (ORCPT ); Wed, 8 Jun 2022 07:15:12 -0400 Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 79F72280B11; Wed, 8 Jun 2022 04:15:10 -0700 (PDT) Received: from fraeml714-chm.china.huawei.com (unknown [172.18.147.207]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4LJ4Jb24NMz6802B; Wed, 8 Jun 2022 19:10:23 +0800 (CST) Received: from roberto-ThinkStation-P620.huawei.com (10.204.63.22) by fraeml714-chm.china.huawei.com (10.206.15.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Wed, 8 Jun 2022 13:15:07 +0200 From: Roberto Sassu To: , , , CC: , , , , Roberto Sassu Subject: [PATCH v2 2/3] selftests/bpf: Add test_progs opts for sign-file and kernel priv key + cert Date: Wed, 8 Jun 2022 13:12:20 +0200 Message-ID: <20220608111221.373833-3-roberto.sassu@huawei.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220608111221.373833-1-roberto.sassu@huawei.com> References: <20220608111221.373833-1-roberto.sassu@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.204.63.22] X-ClientProxiedBy: lhreml753-chm.china.huawei.com (10.201.108.203) To fraeml714-chm.china.huawei.com (10.206.15.33) X-CFilter-Loop: Reflected Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org According to the logs of the eBPF CI, built kernel and tests are copied to a virtual machine to run there. Since a test for a new helper to verify PKCS#7 signatures requires to sign data to be verified, extend test_progs to store in the test_env data structure (accessible by individual tests) the path of sign-file and of the kernel private key and cert. Signed-off-by: Roberto Sassu --- tools/testing/selftests/bpf/test_progs.c | 12 ++++++++++++ tools/testing/selftests/bpf/test_progs.h | 3 +++ 2 files changed, 15 insertions(+) diff --git a/tools/testing/selftests/bpf/test_progs.c b/tools/testing/selftests/bpf/test_progs.c index c639f2e56fc5..90ce2c06a15e 100644 --- a/tools/testing/selftests/bpf/test_progs.c +++ b/tools/testing/selftests/bpf/test_progs.c @@ -707,6 +707,8 @@ enum ARG_KEYS { ARG_TEST_NAME_GLOB_DENYLIST = 'd', ARG_NUM_WORKERS = 'j', ARG_DEBUG = -1, + ARG_SIGN_FILE = 'S', + ARG_KERNEL_PRIV_CERT = 'C', }; static const struct argp_option opts[] = { @@ -732,6 +734,10 @@ static const struct argp_option opts[] = { "Number of workers to run in parallel, default to number of cpus." }, { "debug", ARG_DEBUG, NULL, 0, "print extra debug information for test_progs." }, + { "sign-file", ARG_SIGN_FILE, "PATH", 0, + "sign-file path " }, + { "kernel-priv-cert", ARG_KERNEL_PRIV_CERT, "PATH", 0, + "kernel private key and cert path " }, {}, }; @@ -862,6 +868,12 @@ static error_t parse_arg(int key, char *arg, struct argp_state *state) case ARG_DEBUG: env->debug = true; break; + case ARG_SIGN_FILE: + env->sign_file_path = arg; + break; + case ARG_KERNEL_PRIV_CERT: + env->kernel_priv_cert_path = arg; + break; case ARGP_KEY_ARG: argp_usage(state); break; diff --git a/tools/testing/selftests/bpf/test_progs.h b/tools/testing/selftests/bpf/test_progs.h index 5fe1365c2bb1..9a860a59f06a 100644 --- a/tools/testing/selftests/bpf/test_progs.h +++ b/tools/testing/selftests/bpf/test_progs.h @@ -123,6 +123,9 @@ struct test_env { pid_t *worker_pids; /* array of worker pids */ int *worker_socks; /* array of worker socks */ int *worker_current_test; /* array of current running test for each worker */ + + const char *sign_file_path; /* sign-file path */ + const char *kernel_priv_cert_path; /* kernel priv key and cert path */ }; #define MAX_LOG_TRUNK_SIZE 8192 From patchwork Wed Jun 8 11:12:21 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Roberto Sassu X-Patchwork-Id: 12873324 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A972BCCA47E for ; Wed, 8 Jun 2022 11:15:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237556AbiFHLPV (ORCPT ); Wed, 8 Jun 2022 07:15:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57078 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237679AbiFHLPP (ORCPT ); Wed, 8 Jun 2022 07:15:15 -0400 Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4A9FC27B9AE; Wed, 8 Jun 2022 04:15:11 -0700 (PDT) Received: from fraeml714-chm.china.huawei.com (unknown [172.18.147.200]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4LJ4Jb7195z6GD8L; Wed, 8 Jun 2022 19:10:23 +0800 (CST) Received: from roberto-ThinkStation-P620.huawei.com (10.204.63.22) by fraeml714-chm.china.huawei.com (10.206.15.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Wed, 8 Jun 2022 13:15:08 +0200 From: Roberto Sassu To: , , , CC: , , , , Roberto Sassu Subject: [PATCH v2 3/3] selftests/bpf: Add test for bpf_verify_pkcs7_signature() helper Date: Wed, 8 Jun 2022 13:12:21 +0200 Message-ID: <20220608111221.373833-4-roberto.sassu@huawei.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220608111221.373833-1-roberto.sassu@huawei.com> References: <20220608111221.373833-1-roberto.sassu@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.204.63.22] X-ClientProxiedBy: lhreml753-chm.china.huawei.com (10.201.108.203) To fraeml714-chm.china.huawei.com (10.206.15.33) X-CFilter-Loop: Reflected Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org Ensure that signature verification is performed successfully from an eBPF program, with the new bpf_verify_pkcs7_signature() helper. The test requires access to the kernel modules signing key and the execution of the sign-file tool with the signing key path passed as argument. Signed-off-by: Roberto Sassu --- tools/testing/selftests/bpf/config | 2 + .../bpf/prog_tests/verify_pkcs7_sig.c | 149 ++++++++++++++++++ .../bpf/progs/test_verify_pkcs7_sig.c | 127 +++++++++++++++ 3 files changed, 278 insertions(+) create mode 100644 tools/testing/selftests/bpf/prog_tests/verify_pkcs7_sig.c create mode 100644 tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c diff --git a/tools/testing/selftests/bpf/config b/tools/testing/selftests/bpf/config index 3b3edc0fc8a6..43f92ce5f3f3 100644 --- a/tools/testing/selftests/bpf/config +++ b/tools/testing/selftests/bpf/config @@ -57,3 +57,5 @@ CONFIG_FPROBE=y CONFIG_IKCONFIG=y CONFIG_IKCONFIG_PROC=y CONFIG_MPTCP=y +CONFIG_MODULE_SIG_FORMAT=y +CONFIG_SECONDARY_TRUSTED_KEYRING=y diff --git a/tools/testing/selftests/bpf/prog_tests/verify_pkcs7_sig.c b/tools/testing/selftests/bpf/prog_tests/verify_pkcs7_sig.c new file mode 100644 index 000000000000..3c85b8cd13d4 --- /dev/null +++ b/tools/testing/selftests/bpf/prog_tests/verify_pkcs7_sig.c @@ -0,0 +1,149 @@ +// SPDX-License-Identifier: GPL-2.0 + +/* + * Copyright (C) 2022 Huawei Technologies Duesseldorf GmbH + * + * Author: Roberto Sassu + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "test_verify_pkcs7_sig.skel.h" + +#define MAX_DATA_SIZE 4096 + +struct data { + u8 payload[MAX_DATA_SIZE]; +}; + +static int populate_data_item(struct data *data_item) +{ + struct stat st; + char signed_file_template[] = "/tmp/signed_fileXXXXXX"; + int ret, fd, child_status, child_pid; + + fd = mkstemp(signed_file_template); + if (fd == -1) + return -errno; + + ret = write(fd, "test", 4); + + close(fd); + + if (ret != 4) { + ret = -EIO; + goto out; + } + + child_pid = fork(); + + if (child_pid == -1) { + ret = -errno; + goto out; + } + + if (child_pid == 0) + return execlp(env.sign_file_path, env.sign_file_path, "sha256", + env.kernel_priv_cert_path, + env.kernel_priv_cert_path, + signed_file_template, NULL); + + waitpid(child_pid, &child_status, 0); + + ret = WEXITSTATUS(child_status); + if (ret) + goto out; + + ret = stat(signed_file_template, &st); + if (ret == -1) { + ret = -errno; + goto out; + } + + if (st.st_size > sizeof(data_item->payload) - sizeof(u32)) { + ret = -EINVAL; + goto out; + } + + *(u32 *)data_item->payload = __cpu_to_be32(st.st_size); + + fd = open(signed_file_template, O_RDONLY); + if (fd == -1) { + ret = -errno; + goto out; + } + + ret = read(fd, data_item->payload + sizeof(u32), st.st_size); + + close(fd); + + if (ret != st.st_size) { + ret = -EIO; + goto out; + } + + ret = 0; +out: + unlink(signed_file_template); + return ret; +} + +void test_verify_pkcs7_sig(void) +{ + struct test_verify_pkcs7_sig *skel = NULL; + struct bpf_map *map; + struct data data; + u32 saved_len; + int ret, zero = 0; + + if (!env.sign_file_path || !env.kernel_priv_cert_path) { + printf( + "%s:SKIP:sign-file and kernel priv key cert paths missing\n", + __func__); + test__skip(); + return; + } + + skel = test_verify_pkcs7_sig__open_and_load(); + if (!ASSERT_OK_PTR(skel, "test_verify_pkcs7_sig__open_and_load")) + goto close_prog; + + ret = test_verify_pkcs7_sig__attach(skel); + if (!ASSERT_OK(ret, "test_verify_pkcs7_sig__attach\n")) + goto close_prog; + + map = bpf_object__find_map_by_name(skel->obj, "data_input"); + if (!ASSERT_OK_PTR(map, "data_input not found")) + goto close_prog; + + ret = populate_data_item(&data); + if (!ASSERT_OK(ret, "populate_data_item\n")) + goto close_prog; + + skel->bss->monitored_pid = getpid(); + + ret = bpf_map_update_elem(bpf_map__fd(map), &zero, &data, BPF_ANY); + if (!ASSERT_OK(ret, "bpf_map_update_elem\n")) + goto close_prog; + + saved_len = *(__u32 *)data.payload; + *(__u32 *)data.payload = sizeof(data.payload); + ret = bpf_map_update_elem(bpf_map__fd(map), &zero, &data, BPF_ANY); + if (!ASSERT_LT(ret, 0, "bpf_map_update_elem data_input\n")) + goto close_prog; + + *(__u32 *)data.payload = saved_len; + data.payload[sizeof(__u32)] = 'a'; + ret = bpf_map_update_elem(bpf_map__fd(map), &zero, &data, BPF_ANY); + ASSERT_LT(ret, 0, "bpf_map_update_elem data_input\n"); +close_prog: + skel->bss->monitored_pid = 0; + test_verify_pkcs7_sig__destroy(skel); +} diff --git a/tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c b/tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c new file mode 100644 index 000000000000..e72bcb7fb7a9 --- /dev/null +++ b/tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c @@ -0,0 +1,127 @@ +// SPDX-License-Identifier: GPL-2.0 + +/* + * Copyright (C) 2022 Huawei Technologies Duesseldorf GmbH + * + * Author: Roberto Sassu + */ + +#include "vmlinux.h" +#include +#include +#include +#include + +#define MAX_DATA_SIZE 4096 + +#ifdef __BIG_ENDIAN__ +#define be32_to_cpu(x) (x) +#else +#define be32_to_cpu(x) ___bpf_swab32(x) +#endif + +#define VERIFY_USE_SECONDARY_KEYRING (1UL) + +/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */ +#define MODULE_SIG_STRING "~Module signature appended~\n" + +u32 monitored_pid; + +struct data { + u8 payload[MAX_DATA_SIZE]; +}; + +struct { + __uint(type, BPF_MAP_TYPE_ARRAY); + __uint(max_entries, 1); + __type(key, __u32); + __type(value, struct data); +} data_input SEC(".maps"); + +char _license[] SEC("license") = "GPL"; + +static int mod_check_sig(const struct module_signature *ms, size_t file_len) +{ + if (!ms) + return -ENOENT; + + if (be32_to_cpu(ms->sig_len) >= file_len - sizeof(*ms)) + return -EBADMSG; + + if (ms->id_type != PKEY_ID_PKCS7) + return -ENOPKG; + + if (ms->algo != 0 || + ms->hash != 0 || + ms->signer_len != 0 || + ms->key_id_len != 0 || + ms->__pad[0] != 0 || + ms->__pad[1] != 0 || + ms->__pad[2] != 0) + return -EBADMSG; + + return 0; +} + +SEC("lsm.s/bpf") +int BPF_PROG(bpf, int cmd, union bpf_attr *attr, unsigned int size) +{ + const size_t marker_len = sizeof(MODULE_SIG_STRING) - 1; + char marker[sizeof(MODULE_SIG_STRING) - 1]; + struct module_signature ms; + struct data *data_ptr; + u32 modlen; + u32 sig_len; + u64 value; + u8 *mod; + u32 pid; + int ret, zero = 0; + + pid = bpf_get_current_pid_tgid() >> 32; + if (pid != monitored_pid) + return 0; + + data_ptr = bpf_map_lookup_elem(&data_input, &zero); + if (!data_ptr) + return 0; + + bpf_probe_read(&value, sizeof(value), &attr->value); + + bpf_copy_from_user(data_ptr, sizeof(struct data), + (void *)(unsigned long)value); + + modlen = be32_to_cpu(*(u32 *)data_ptr->payload); + mod = data_ptr->payload + sizeof(u32); + + if (modlen > sizeof(struct data) - sizeof(u32)) + return -EINVAL; + + if (modlen <= marker_len) + return -ENOENT; + + modlen &= sizeof(struct data) - 1; + bpf_probe_read(marker, marker_len, (char *)mod + modlen - marker_len); + + if (bpf_strncmp(marker, marker_len, MODULE_SIG_STRING)) + return -ENOENT; + + modlen -= marker_len; + + if (modlen <= sizeof(ms)) + return -EBADMSG; + + bpf_probe_read(&ms, sizeof(ms), (char *)mod + (modlen - sizeof(ms))); + + ret = mod_check_sig(&ms, modlen); + if (ret) + return ret; + + sig_len = be32_to_cpu(ms.sig_len); + modlen -= sig_len + sizeof(ms); + + modlen &= 0x3ff; + sig_len &= 0x3ff; + + return bpf_verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len, + VERIFY_USE_SECONDARY_KEYRING); +}