From patchwork Tue Oct 31 01:24:02 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hengqi Chen X-Patchwork-Id: 13441088 X-Patchwork-Delegate: bpf@iogearbox.net Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7312D101ED for ; Tue, 31 Oct 2023 06:18:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="gOJzbdVm" Received: from mail-yb1-xb36.google.com (mail-yb1-xb36.google.com [IPv6:2607:f8b0:4864:20::b36]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5CBAFE6 for ; Mon, 30 Oct 2023 23:09:27 -0700 (PDT) Received: by mail-yb1-xb36.google.com with SMTP id 3f1490d57ef6-d9a58f5f33dso4605415276.1 for ; Mon, 30 Oct 2023 23:09:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1698732566; x=1699337366; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=LuU+s8K5qY6DLjk1vpQNd0S4x+HIhdAsE9ULK1mQDi4=; b=gOJzbdVm9vT1X3GUFA1tBcmAxGpz1E+5iS+/wBq6GZhwisRXXUzyZNdHZcQN6a/lhN i8xCs9qXtOYRdVvf3LCESAOtW0dlryvAT3cD5oQPd1H38wNYYkqdp9G5Irp4OcTQtB3h RkC5gcE4lhYkWIcZ6lkquRJocn+/lBxB9eidzpLYL99pEL9IcpT3tyUv7KnojTyAb44q +UOb116u4A63iIuJ7ixK5TW+c/KAD7Pd2WhUgs4vzoB2o6HpTwfSMmOiMoSULkGFZmrB BR9+DvEDjsJUoKYSwZXkLsN8OroyiPnOU038mHGTxbBXj+CGhfev3FovqaXzML8mQqzv 8GfQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698732566; x=1699337366; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=LuU+s8K5qY6DLjk1vpQNd0S4x+HIhdAsE9ULK1mQDi4=; b=LptzuLk4fMzKzdDrZ9Ba8mrRthCSVffQJIA6ICD2ImwnbZkNhBXUPnVnr7TdnPqRMG oxqwrLDwtLjbOgLmbjjSklXd7zTZWRVvLfuhYERd7SPKgAGxT/EeCmy2R/YS2UGaNbNQ mPPWIqz3bGQNZMRj5Ae9WSPr4DLKyRBpFW8gWxXXqoxsKOH0O/QLV7TYzDUWq5dFykRu XKEWdawskpWNAj2sUgUEG1w5Gv3R1WICpJre4iQSN5hcm9aMsYco5Hl4suFQOg4GGrSD fTz3AmPGxl5dS5ndroThRBE210xBn7hYCl01EaTIe98Q3sDDVXGuojsUwhhUewYsPy4F iXQg== X-Gm-Message-State: AOJu0YyoDTi6rfgpH2mYg7iS2b6smKTRvBBi7YFshSX77SiyGKBMParh qeFBMt5cdewR6f9X34Mx2ut9roA5U1Tu8A== X-Google-Smtp-Source: AGHT+IEu0SYEjJPy4HQULg/Z3NrURM7HhNBssMvdHj+lUKT+E9eSjvrIEyoi+5r+nupY4KYfBU/cWA== X-Received: by 2002:a17:902:c951:b0:1cc:5cbf:50d2 with SMTP id i17-20020a170902c95100b001cc5cbf50d2mr3181913pla.59.1698732018241; Mon, 30 Oct 2023 23:00:18 -0700 (PDT) Received: from ubuntu.. ([203.205.141.13]) by smtp.googlemail.com with ESMTPSA id x5-20020a170902b40500b001cc50f67fbasm460683plr.281.2023.10.30.23.00.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Oct 2023 23:00:17 -0700 (PDT) From: Hengqi Chen To: bpf@vger.kernel.org Cc: ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org, keescook@chromium.org, luto@amacapital.net, wad@chromium.org, hengqi.chen@gmail.com Subject: [PATCH bpf-next 1/6] bpf: Introduce BPF_PROG_TYPE_SECCOMP Date: Tue, 31 Oct 2023 01:24:02 +0000 Message-Id: <20231031012407.51371-2-hengqi.chen@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231031012407.51371-1-hengqi.chen@gmail.com> References: <20231031012407.51371-1-hengqi.chen@gmail.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: bpf@iogearbox.net This adds minimal support for seccomp eBPF programs which can be hooked into the existing seccomp framework. This allows users to write seccomp filter in eBPF language and enables seccomp filter reuse through bpf prog fd and bpffs. Currently, no helper calls are allowed just like its cBPF version. Signed-off-by: Hengqi Chen --- include/linux/bpf_types.h | 4 +++ include/uapi/linux/bpf.h | 1 + kernel/seccomp.c | 54 +++++++++++++++++++++++++++++++++++ tools/lib/bpf/libbpf.c | 2 ++ tools/lib/bpf/libbpf_probes.c | 1 + 5 files changed, 62 insertions(+) diff --git a/include/linux/bpf_types.h b/include/linux/bpf_types.h index fc0d6f32c687..7c0a9fc0b150 100644 --- a/include/linux/bpf_types.h +++ b/include/linux/bpf_types.h @@ -83,6 +83,10 @@ BPF_PROG_TYPE(BPF_PROG_TYPE_SYSCALL, bpf_syscall, BPF_PROG_TYPE(BPF_PROG_TYPE_NETFILTER, netfilter, struct bpf_nf_ctx, struct bpf_nf_ctx) #endif +#ifdef CONFIG_SECCOMP_FILTER +BPF_PROG_TYPE(BPF_PROG_TYPE_SECCOMP, seccomp, + struct seccomp_data, struct seccomp_data) +#endif BPF_MAP_TYPE(BPF_MAP_TYPE_ARRAY, array_map_ops) BPF_MAP_TYPE(BPF_MAP_TYPE_PERCPU_ARRAY, percpu_array_map_ops) diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h index 0f6cdf52b1da..f0fcfe0ccb2e 100644 --- a/include/uapi/linux/bpf.h +++ b/include/uapi/linux/bpf.h @@ -995,6 +995,7 @@ enum bpf_prog_type { BPF_PROG_TYPE_SK_LOOKUP, BPF_PROG_TYPE_SYSCALL, /* a program that can execute syscalls */ BPF_PROG_TYPE_NETFILTER, + BPF_PROG_TYPE_SECCOMP, }; enum bpf_attach_type { diff --git a/kernel/seccomp.c b/kernel/seccomp.c index 255999ba9190..5a6ed8630566 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c @@ -15,6 +15,7 @@ */ #define pr_fmt(fmt) "seccomp: " fmt +#include #include #include #include @@ -2513,3 +2514,56 @@ int proc_pid_seccomp_cache(struct seq_file *m, struct pid_namespace *ns, return 0; } #endif /* CONFIG_SECCOMP_CACHE_DEBUG */ + +#if defined(CONFIG_SECCOMP_FILTER) && defined(CONFIG_BPF_SYSCALL) +const struct bpf_prog_ops seccomp_prog_ops = { +}; + +static bool seccomp_is_valid_access(int off, int size, enum bpf_access_type type, + const struct bpf_prog *prog, + struct bpf_insn_access_aux *info) +{ + if (off < 0 || off >= sizeof(struct seccomp_data)) + return false; + + if (off % size != 0) + return false; + + if (type == BPF_WRITE) + return false; + + switch (off) { + case bpf_ctx_range(struct seccomp_data, nr): + if (size != sizeof_field(struct seccomp_data, nr)) + return false; + return true; + case bpf_ctx_range(struct seccomp_data, arch): + if (size != sizeof_field(struct seccomp_data, arch)) + return false; + return true; + case bpf_ctx_range(struct seccomp_data, instruction_pointer): + if (size != sizeof_field(struct seccomp_data, instruction_pointer)) + return false; + return true; + case bpf_ctx_range(struct seccomp_data, args): + if (size != sizeof(__u64)) + return false; + return true; + default: + return false; + } + + return false; +} + +static const struct bpf_func_proto * +bpf_seccomp_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) +{ + return NULL; +} + +const struct bpf_verifier_ops seccomp_verifier_ops = { + .is_valid_access = seccomp_is_valid_access, + .get_func_proto = bpf_seccomp_func_proto, +}; +#endif /* CONFIG_SECCOMP_FILTER && CONFIG_BPF_SYSCALL */ diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c index e067be95da3c..455d733f7315 100644 --- a/tools/lib/bpf/libbpf.c +++ b/tools/lib/bpf/libbpf.c @@ -217,6 +217,7 @@ static const char * const prog_type_name[] = { [BPF_PROG_TYPE_SK_LOOKUP] = "sk_lookup", [BPF_PROG_TYPE_SYSCALL] = "syscall", [BPF_PROG_TYPE_NETFILTER] = "netfilter", + [BPF_PROG_TYPE_SECCOMP] = "seccomp", }; static int __base_pr(enum libbpf_print_level level, const char *format, @@ -8991,6 +8992,7 @@ static const struct bpf_sec_def section_defs[] = { SEC_DEF("struct_ops.s+", STRUCT_OPS, 0, SEC_SLEEPABLE), SEC_DEF("sk_lookup", SK_LOOKUP, BPF_SK_LOOKUP, SEC_ATTACHABLE), SEC_DEF("netfilter", NETFILTER, BPF_NETFILTER, SEC_NONE), + SEC_DEF("seccomp", SECCOMP, 0, SEC_NONE), }; int libbpf_register_prog_handler(const char *sec, diff --git a/tools/lib/bpf/libbpf_probes.c b/tools/lib/bpf/libbpf_probes.c index 9c4db90b92b6..b3ef3c0747be 100644 --- a/tools/lib/bpf/libbpf_probes.c +++ b/tools/lib/bpf/libbpf_probes.c @@ -180,6 +180,7 @@ static int probe_prog_load(enum bpf_prog_type prog_type, case BPF_PROG_TYPE_SK_REUSEPORT: case BPF_PROG_TYPE_FLOW_DISSECTOR: case BPF_PROG_TYPE_CGROUP_SYSCTL: + case BPF_PROG_TYPE_SECCOMP: break; case BPF_PROG_TYPE_NETFILTER: opts.expected_attach_type = BPF_NETFILTER; From patchwork Tue Oct 31 01:24:03 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hengqi Chen X-Patchwork-Id: 13441091 X-Patchwork-Delegate: bpf@iogearbox.net Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6032F107B4 for ; Tue, 31 Oct 2023 06:18:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="cLkPKecR" Received: from mail-qk1-x72e.google.com (mail-qk1-x72e.google.com [IPv6:2607:f8b0:4864:20::72e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D2B6EEE for ; Mon, 30 Oct 2023 23:09:30 -0700 (PDT) Received: by mail-qk1-x72e.google.com with SMTP id af79cd13be357-778925998cbso373240485a.0 for ; Mon, 30 Oct 2023 23:09:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1698732570; x=1699337370; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=MoFSLdNv9BgdZXMvRsLNv+khDd0bU37YBKNQN5ndCUM=; b=cLkPKecR4objqz1QIrgHbCCi9WKoLl0QCd1pKvso5TB8fDDyd5n/9yXweCaPpKH9cp qb3owUQB5XLMIzsrF3C+Xk2sg73uCi8R+fg3lEzx1cAk9Z5mIQ0ts/iU4VvwEckStaoZ GliZan1j8sJgJFv4xw1QuZFXNIDWe9W97hzduRWtF8qEKVnlNG3vfp9+ZDjUFqMVQTeA CIuaZIMyewb5anPPlv4dOaukWN3U10kvj9Rvopodpm28NHanhQVGXsX/d4jJXtvbi86t VQorewtYogfibZdlV93UX9QBZNyrYmmXBUAaMyRqfnfcKkCLaX+ed3yOLEUGIa2TsVJ5 L/jA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698732570; x=1699337370; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=MoFSLdNv9BgdZXMvRsLNv+khDd0bU37YBKNQN5ndCUM=; b=O1dGFr1mUhINdqG5wMVrAVxpLalNY35D8gD2ZMcLbHXQJgcQ/Kg6Q2zcYObqOZZvTz opYjbpln5rDYnL4BBOxi6jZimKa+RcSko0mhTaj9CuoY0OPz59YDt61ztBaHRWQlqE7C zd6z6a6Z7Vtw9hItM8ODtpC8+ScRe8l6Rjm0wiFuOTjenNqZwnd7yPGfMLYCsUEpM2hu c6zf4kwHz9c61bgHlgj5vbD4Trxu5nzeA/q48B83fktnVoEjYM0+LwUjasslLUfH+OXc PzjXrbFWiv08Z6wJ93nHeqVmhVGiBMVlvYsBBDHuhxaXmYP9VFp7IxINkPGmcBxZj+rB Ys5w== X-Gm-Message-State: AOJu0YzhqqfeuXnBJXgt60RxUreVJtWXu5Ak8mbKdFccynnj7diXB2AJ I9aTrSQ+6Po60MoOEJEb6hGjvzfK5kZ7/A== X-Google-Smtp-Source: AGHT+IFgahv4dofu1sz24kDo1ybg8cdXKxmHnl6Ij28tDiq9Ni78XN2pgtV51tBIwMF+yEg4VU5G1w== X-Received: by 2002:a17:902:e803:b0:1cc:482c:bc4d with SMTP id u3-20020a170902e80300b001cc482cbc4dmr4371642plg.5.1698732026837; Mon, 30 Oct 2023 23:00:26 -0700 (PDT) Received: from ubuntu.. ([203.205.141.13]) by smtp.googlemail.com with ESMTPSA id x5-20020a170902b40500b001cc50f67fbasm460683plr.281.2023.10.30.23.00.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Oct 2023 23:00:26 -0700 (PDT) From: Hengqi Chen To: bpf@vger.kernel.org Cc: ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org, keescook@chromium.org, luto@amacapital.net, wad@chromium.org, hengqi.chen@gmail.com Subject: [PATCH bpf-next 2/6] bpf: Add test_run support for seccomp program type Date: Tue, 31 Oct 2023 01:24:03 +0000 Message-Id: <20231031012407.51371-3-hengqi.chen@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231031012407.51371-1-hengqi.chen@gmail.com> References: <20231031012407.51371-1-hengqi.chen@gmail.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: bpf@iogearbox.net Implement test_run for seccomp program type. Default is to use an empty struct seccomp_data as bpf_context, but can be overridden by userspace. This will be used in selftests. Signed-off-by: Hengqi Chen --- include/linux/bpf.h | 3 +++ kernel/seccomp.c | 1 + net/bpf/test_run.c | 27 +++++++++++++++++++++++++++ 3 files changed, 31 insertions(+) diff --git a/include/linux/bpf.h b/include/linux/bpf.h index b4825d3cdb29..e25338e67ec4 100644 --- a/include/linux/bpf.h +++ b/include/linux/bpf.h @@ -2376,6 +2376,9 @@ int bpf_prog_test_run_sk_lookup(struct bpf_prog *prog, int bpf_prog_test_run_nf(struct bpf_prog *prog, const union bpf_attr *kattr, union bpf_attr __user *uattr); +int bpf_prog_test_run_seccomp(struct bpf_prog *prog, + const union bpf_attr *kattr, + union bpf_attr __user *uattr); bool btf_ctx_access(int off, int size, enum bpf_access_type type, const struct bpf_prog *prog, struct bpf_insn_access_aux *info); diff --git a/kernel/seccomp.c b/kernel/seccomp.c index 5a6ed8630566..1fa2312654a5 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c @@ -2517,6 +2517,7 @@ int proc_pid_seccomp_cache(struct seq_file *m, struct pid_namespace *ns, #if defined(CONFIG_SECCOMP_FILTER) && defined(CONFIG_BPF_SYSCALL) const struct bpf_prog_ops seccomp_prog_ops = { + .test_run = bpf_prog_test_run_seccomp, }; static bool seccomp_is_valid_access(int off, int size, enum bpf_access_type type, diff --git a/net/bpf/test_run.c b/net/bpf/test_run.c index 0841f8d82419..db159b9c56ca 100644 --- a/net/bpf/test_run.c +++ b/net/bpf/test_run.c @@ -20,6 +20,7 @@ #include #include #include +#include #include #include #include @@ -1665,6 +1666,32 @@ int bpf_prog_test_run_nf(struct bpf_prog *prog, return ret; } +int bpf_prog_test_run_seccomp(struct bpf_prog *prog, + const union bpf_attr *kattr, + union bpf_attr __user *uattr) +{ + void __user *ctx_in = u64_to_user_ptr(kattr->test.ctx_in); + __u32 ctx_size_in = kattr->test.ctx_size_in; + struct seccomp_data ctx = {}; + __u32 retval; + + if (kattr->test.flags || kattr->test.cpu || kattr->test.batch_size) + return -EINVAL; + + if (ctx_size_in && ctx_size_in < sizeof(ctx)) + return -EINVAL; + + if (ctx_size_in && copy_from_user(&ctx, ctx_in, sizeof(ctx))) + return -EFAULT; + + retval = bpf_prog_run_pin_on_cpu(prog, &ctx); + + if (copy_to_user(&uattr->test.retval, &retval, sizeof(retval))) + return -EFAULT; + + return 0; +} + static const struct btf_kfunc_id_set bpf_prog_test_kfunc_set = { .owner = THIS_MODULE, .set = &test_sk_check_kfunc_ids, From patchwork Tue Oct 31 01:24:04 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hengqi Chen X-Patchwork-Id: 13441089 X-Patchwork-Delegate: bpf@iogearbox.net Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 48DEE101FA for ; Tue, 31 Oct 2023 06:18:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="JeVtV7dy" Received: from mail-qt1-x832.google.com (mail-qt1-x832.google.com [IPv6:2607:f8b0:4864:20::832]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 655B4C1 for ; Mon, 30 Oct 2023 23:08:13 -0700 (PDT) Received: by mail-qt1-x832.google.com with SMTP id d75a77b69052e-41e1974783cso34264831cf.3 for ; Mon, 30 Oct 2023 23:08:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1698732492; x=1699337292; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=xUS+urLlc3l5lMxBmDrHF/GhNDqUeMARNzj5fIJEJlY=; b=JeVtV7dyjU0Bi3WhvlUK/pUXmXUZNauUBtuZmiHkB0zluH229dIhbHRGqKs0ytICL2 xNXmsWp7q7AmPek2Dg64XaZmjNjJsvezMUqnZ0cL+mNuYT5DHrRn5AtjeDrk4j0tu4WI RoJKFLRen42xYze32pTsI2TIeeTzfDy4VXYpppvpg4v01srIX4WoaEIx6lNr+rf2uNQ5 HoKXJDu6RtbYKGwexBgHThoDYKqkhDm6ji5SEeGh981as5Kl6Ji4lp+07p2/FKrUdevF tUQ1LmGevTmvPRIZ6dj6pdkosI1CmmHQe2OEWaZYuUBqc4ESABc/HM4wi4YldiQ5na+O yQOg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698732492; x=1699337292; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=xUS+urLlc3l5lMxBmDrHF/GhNDqUeMARNzj5fIJEJlY=; b=SSj6ZFicXK3xKrxDJMwvZONWrqOsE46GuzGek7K8Rjipkyo+L14SL6MJ3S8EIkKtAY 8MGz/uZwD6DdycEz56gTYFq0iFKeafEOzfzIV1aF+iDQQ/+P4VXvH0jTMnX6RlSMnzBc /HSsecJyYewpG6o5dcwog8i6PcUFWJLF3/wQl8kqZy7VySpO3pxrNeoxqA0xvcjV7sEj vFaj+mc3mcSE9wgmpzhSsPENkn8H2FqDtB6MMZ/qntfaV7TsQcZg1c8oxifAf1RmdWmo KlonHipz93XLAlNI5ObcnnmmOpT6KS1g4wiQ2BHYXuP8ktNybEa2QNIPJO4t30x138nJ y9xg== X-Gm-Message-State: AOJu0YzPWrcqQ5hN2F62sX3nkMmoBOIzEPoxo3c2yTyyha62a2JrrX/v IsnYsUnAcNVqDHsKfq30Kwbg6hCFXF8ZOg== X-Google-Smtp-Source: AGHT+IEMarcjHGbYarFj4G2ffbj28C5zjWId8cBBqSRV233XWfBRGcC7JYUo1+b9SW+iwY9DKnA0sw== X-Received: by 2002:a05:6a20:d90b:b0:180:f8c2:633c with SMTP id jd11-20020a056a20d90b00b00180f8c2633cmr732820pzb.53.1698732038967; Mon, 30 Oct 2023 23:00:38 -0700 (PDT) Received: from ubuntu.. ([203.205.141.13]) by smtp.googlemail.com with ESMTPSA id x5-20020a170902b40500b001cc50f67fbasm460683plr.281.2023.10.30.23.00.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Oct 2023 23:00:38 -0700 (PDT) From: Hengqi Chen To: bpf@vger.kernel.org Cc: ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org, keescook@chromium.org, luto@amacapital.net, wad@chromium.org, hengqi.chen@gmail.com Subject: [PATCH bpf-next 3/6] seccomp: Refactor filter copy/create for reuse Date: Tue, 31 Oct 2023 01:24:04 +0000 Message-Id: <20231031012407.51371-4-hengqi.chen@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231031012407.51371-1-hengqi.chen@gmail.com> References: <20231031012407.51371-1-hengqi.chen@gmail.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: bpf@iogearbox.net This refactors seccomp_prepare_filter() for reuse in subsequent additions. No functional change intended. Signed-off-by: Hengqi Chen --- kernel/seccomp.c | 50 +++++++++++++++++++++++++++++++++--------------- 1 file changed, 35 insertions(+), 15 deletions(-) diff --git a/kernel/seccomp.c b/kernel/seccomp.c index 1fa2312654a5..2a724690a627 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c @@ -641,14 +641,14 @@ static inline void seccomp_sync_threads(unsigned long flags) } /** - * seccomp_prepare_filter: Prepares a seccomp filter for use. - * @fprog: BPF program to install + * seccomp_prepare_prog - prepares a JITed BPF filter for use. + * @pfp: the unattached filter that is created + * @fprog: the filter program * - * Returns filter on success or an ERR_PTR on failure. + * Returns 0 on success and non-zero otherwise. */ -static struct seccomp_filter *seccomp_prepare_filter(struct sock_fprog *fprog) +static int seccomp_prepare_prog(struct bpf_prog **pfp, struct sock_fprog *fprog) { - struct seccomp_filter *sfilter; int ret; const bool save_orig = #if defined(CONFIG_CHECKPOINT_RESTORE) || defined(SECCOMP_ARCH_NATIVE) @@ -658,10 +658,27 @@ static struct seccomp_filter *seccomp_prepare_filter(struct sock_fprog *fprog) #endif if (fprog->len == 0 || fprog->len > BPF_MAXINSNS) - return ERR_PTR(-EINVAL); + return -EINVAL; BUG_ON(INT_MAX / fprog->len < sizeof(struct sock_filter)); + ret = bpf_prog_create_from_user(pfp, fprog, seccomp_check_filter, save_orig); + if (ret < 0) + return ret; + + return 0; +} + +/** + * seccomp_prepare_filter: Prepares a seccomp filter for use. + * @prog: BPF program to install + * + * Returns filter on success or an ERR_PTR on failure. + */ +static struct seccomp_filter *seccomp_prepare_filter(struct bpf_prog *prog) +{ + struct seccomp_filter *sfilter; + /* * Installing a seccomp filter requires that the task has * CAP_SYS_ADMIN in its namespace or be running with no_new_privs. @@ -678,13 +695,7 @@ static struct seccomp_filter *seccomp_prepare_filter(struct sock_fprog *fprog) return ERR_PTR(-ENOMEM); mutex_init(&sfilter->notify_lock); - ret = bpf_prog_create_from_user(&sfilter->prog, fprog, - seccomp_check_filter, save_orig); - if (ret < 0) { - kfree(sfilter); - return ERR_PTR(ret); - } - + sfilter->prog = prog; refcount_set(&sfilter->refs, 1); refcount_set(&sfilter->users, 1); init_waitqueue_head(&sfilter->wqh); @@ -701,8 +712,10 @@ static struct seccomp_filter *seccomp_prepare_filter(struct sock_fprog *fprog) static struct seccomp_filter * seccomp_prepare_user_filter(const char __user *user_filter) { - struct sock_fprog fprog; struct seccomp_filter *filter = ERR_PTR(-EFAULT); + struct sock_fprog fprog; + struct bpf_prog *prog; + int ret; #ifdef CONFIG_COMPAT if (in_compat_syscall()) { @@ -715,7 +728,14 @@ seccomp_prepare_user_filter(const char __user *user_filter) #endif if (copy_from_user(&fprog, user_filter, sizeof(fprog))) goto out; - filter = seccomp_prepare_filter(&fprog); + + ret = seccomp_prepare_prog(&prog, &fprog); + if (ret) + return ERR_PTR(ret); + + filter = seccomp_prepare_filter(prog); + if (IS_ERR(filter)) + bpf_prog_destroy(prog); out: return filter; } From patchwork Tue Oct 31 01:24:05 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hengqi Chen X-Patchwork-Id: 13441092 X-Patchwork-Delegate: bpf@iogearbox.net Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D709E107A7 for ; Tue, 31 Oct 2023 06:18:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="HspflBVX" Received: from mail-io1-xd33.google.com (mail-io1-xd33.google.com [IPv6:2607:f8b0:4864:20::d33]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C08B2119 for ; Mon, 30 Oct 2023 23:07:37 -0700 (PDT) Received: by mail-io1-xd33.google.com with SMTP id ca18e2360f4ac-7a92727934eso185733039f.3 for ; Mon, 30 Oct 2023 23:07:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1698732457; x=1699337257; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=06zNutXrrHXE6Yd7yKwHsB6kGwBWRko0H6rYozsLVnE=; b=HspflBVXWdk6zVb1xhhmdJCOSptLb9pwaZp3Q38+js8jVkmDcCLwNP154z4Sm0rwGb t6hOtZomv6Vcl8MG/5LjYS2pD3vlWNBWfa75ekqHzJZh810xLfTQiNjCzMbS9lP9buJe D3cQWMghkwfLOnY40CrxbqoUsx3nqvv3ezJbihYrNdaVhUqxHR+WbqFD9584Dra9+m22 +1qnif7bmtZeoNV/hbzJHKUj+09W3FNgzVE5t7LThrvqRxE6VwFRNbg4xDOzPRxhgXTJ Y5rUCKfpT7grhNG7NOtwyMk0XqBECx1ud5VvpjX1y0oj9Fc/1WLLm50iBRZHY0an4fzO GrsA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698732457; x=1699337257; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=06zNutXrrHXE6Yd7yKwHsB6kGwBWRko0H6rYozsLVnE=; b=jcov/AHRFdo4lbeGbr/GDuxuSVXwPr8sIuNoMCCCSI9YjrdlN8aY5m5qpVBaVfI3FG hoRnVhHcXXu1lTJBFqBkag2jsRXl8hcNUjEmyf7dbi9KXeEtFBUKS3ZW7WTpoBwWvQR2 4zrY/BOIiEiZSG+1nzxrmuTV8zUlAnIVQC7dOtJQAwvY482qD2gh+CMLX2bLsS216Hg9 1s8stSHDPptZLGKMvhbwxYJANYFiwG+ZaQo6jdyyscBjvZ7OQ0UDZVa+k11R0fsZ3u8I YYkAeNmDoVFFsqPIrndL3qA8ZDPGDSYU8cS3ESJy9NMED7/Sqy31Aj5NO/0C50t0tGEv PU6Q== X-Gm-Message-State: AOJu0Yz1UQ/Oo+0C3VUQ+DbuhgjXJkLEFUvd6P6uS4veFkf+QaGEbRnH 6cxIjRI0jNinWJ9DIPGN6wjk3SZISBFrAQ== X-Google-Smtp-Source: AGHT+IFetsls8FzjWSp5KLTzfxSTL3T5JEQPLM0/AwMnI9lENO9M6v6BjwIZrUGTesqpLC6hw1ICqA== X-Received: by 2002:a05:6a21:a594:b0:163:9f1d:b464 with SMTP id gd20-20020a056a21a59400b001639f1db464mr12771389pzc.5.1698732042485; Mon, 30 Oct 2023 23:00:42 -0700 (PDT) Received: from ubuntu.. ([203.205.141.13]) by smtp.googlemail.com with ESMTPSA id x5-20020a170902b40500b001cc50f67fbasm460683plr.281.2023.10.30.23.00.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Oct 2023 23:00:42 -0700 (PDT) From: Hengqi Chen To: bpf@vger.kernel.org Cc: ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org, keescook@chromium.org, luto@amacapital.net, wad@chromium.org, hengqi.chen@gmail.com Subject: [PATCH bpf-next 4/6] seccomp: Support attaching BPF_PROG_TYPE_SECCOMP progs Date: Tue, 31 Oct 2023 01:24:05 +0000 Message-Id: <20231031012407.51371-5-hengqi.chen@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231031012407.51371-1-hengqi.chen@gmail.com> References: <20231031012407.51371-1-hengqi.chen@gmail.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: bpf@iogearbox.net Add a new flag SECCOMP_FILTER_FLAG_BPF_PROG_FD for SECCOMP_SET_MODE_FILTER, which indicates the seccomp filter is a seccomp bpf prog fd, not a sock_fprog. This allows us to attach seccomp filter that is previously loaded via bpf syscall. Signed-off-by: Hengqi Chen --- include/linux/seccomp.h | 3 ++- include/uapi/linux/seccomp.h | 2 ++ kernel/seccomp.c | 37 ++++++++++++++++++++++++++++++++++-- 3 files changed, 39 insertions(+), 3 deletions(-) diff --git a/include/linux/seccomp.h b/include/linux/seccomp.h index 175079552f68..7caa53b629d9 100644 --- a/include/linux/seccomp.h +++ b/include/linux/seccomp.h @@ -9,7 +9,8 @@ SECCOMP_FILTER_FLAG_SPEC_ALLOW | \ SECCOMP_FILTER_FLAG_NEW_LISTENER | \ SECCOMP_FILTER_FLAG_TSYNC_ESRCH | \ - SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV) + SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV | \ + SECCOMP_FILTER_FLAG_BPF_PROG_FD) /* sizeof() the first published struct seccomp_notif_addfd */ #define SECCOMP_NOTIFY_ADDFD_SIZE_VER0 24 diff --git a/include/uapi/linux/seccomp.h b/include/uapi/linux/seccomp.h index dbfc9b37fcae..db792dc96b5a 100644 --- a/include/uapi/linux/seccomp.h +++ b/include/uapi/linux/seccomp.h @@ -25,6 +25,8 @@ #define SECCOMP_FILTER_FLAG_TSYNC_ESRCH (1UL << 4) /* Received notifications wait in killable state (only respond to fatal signals) */ #define SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV (1UL << 5) +/* Indicates that the filter is in form of bpf prog fd */ +#define SECCOMP_FILTER_FLAG_BPF_PROG_FD (1UL << 6) /* * All BPF programs must return a 32-bit value. diff --git a/kernel/seccomp.c b/kernel/seccomp.c index 2a724690a627..f88dc7880cfa 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c @@ -524,7 +524,10 @@ static inline pid_t seccomp_can_sync_threads(void) static inline void seccomp_filter_free(struct seccomp_filter *filter) { if (filter) { - bpf_prog_destroy(filter->prog); + if (filter->prog->type == BPF_PROG_TYPE_SECCOMP) + bpf_prog_put(filter->prog); + else + bpf_prog_destroy(filter->prog); kfree(filter); } } @@ -740,6 +743,33 @@ seccomp_prepare_user_filter(const char __user *user_filter) return filter; } +/** + * seccomp_prepare_filter_from_fd - prepares filter from a user-supplied fd + * @ufd: pointer to fd that refers to a seccomp bpf prog. + * + * Returns filter on success or an ERR_PTR on failure. + */ +static struct seccomp_filter * +seccomp_prepare_filter_from_fd(const char __user *ufd) +{ + struct seccomp_filter *sfilter; + struct bpf_prog *prog; + int fd; + + if (copy_from_user(&fd, ufd, sizeof(fd))) + return ERR_PTR(-EFAULT); + + prog = bpf_prog_get_type(fd, BPF_PROG_TYPE_SECCOMP); + if (IS_ERR(prog)) + return ERR_PTR(-EBADF); + + sfilter = seccomp_prepare_filter(prog); + if (IS_ERR(sfilter)) + bpf_prog_put(prog); + + return sfilter; +} + #ifdef SECCOMP_ARCH_NATIVE /** * seccomp_is_const_allow - check if filter is constant allow with given data @@ -1953,7 +1983,10 @@ static long seccomp_set_mode_filter(unsigned int flags, return -EINVAL; /* Prepare the new filter before holding any locks. */ - prepared = seccomp_prepare_user_filter(filter); + if (flags & SECCOMP_FILTER_FLAG_BPF_PROG_FD) + prepared = seccomp_prepare_filter_from_fd(filter); + else + prepared = seccomp_prepare_user_filter(filter); if (IS_ERR(prepared)) return PTR_ERR(prepared); From patchwork Tue Oct 31 01:24:06 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hengqi Chen X-Patchwork-Id: 13441090 X-Patchwork-Delegate: bpf@iogearbox.net Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6CE5F107A1 for ; Tue, 31 Oct 2023 06:18:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="DVT9yzmz" Received: from mail-oa1-x35.google.com (mail-oa1-x35.google.com [IPv6:2001:4860:4864:20::35]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A7E451A4 for ; Mon, 30 Oct 2023 23:07:25 -0700 (PDT) Received: by mail-oa1-x35.google.com with SMTP id 586e51a60fabf-1e9bb3a0bfeso3521251fac.3 for ; Mon, 30 Oct 2023 23:07:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1698732444; x=1699337244; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=IUv+lLz98TsYmkmvnDaCDlL7ttL7iI1bx/gxb+W2XWQ=; b=DVT9yzmzJXZ+ATmaZYyeifXGxaHa6OX13bfoasQbyyOexNke2o+MZhIYmeXUWiEbcD 4UW8lKTOvy9OZq8yZfc5+De3UpCm7hTUQZfMLzE3Dg5FU6usRQznkyDvKGqOIoLc310Y f0jyAZLJ7cOi+ZI09E5FJcXUyDtPSp0RTHiqJ3cXD/9CzWDDIM0RaVnSA1P5kSLgALLf Cs5rGL4yTMRLgqrYfi5m4tAaDh2HbaNlbcNUXAlEf5ItDrDiL2GTyW6xalDu6nfNF8Kc 8IkukRZZP5xT9YlFLOIBgODsFfOPiKRBttx48+R0f0SRBc32kd/Ev/XpECh2+Nf8CQnU DF8g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698732444; x=1699337244; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=IUv+lLz98TsYmkmvnDaCDlL7ttL7iI1bx/gxb+W2XWQ=; b=QEGI5iFwyHMXETDw3HEYqwv/ZlVEqePxPo1w6J3+m1KU9JhnOVDoZDY/V+d0oAfYlq 3F8ZTr+Z07TtxSaRddwTDUXze/TzcZqugs5pNHSBKjrwWx0Ude0ucfsZd/+8CZyyotmB g0UVovQyJHViRC5tNBHq52wH2Nkxq9NWMEDvl7Hftfgn8f+GgObDHLP4d9hXig3/ag3z 7A2nyj2IUkW3QzNK1uvDO1o61YOfGgPDE3vb9hjUT84UGrSpwQ7ro0Toi3EZiMlHf248 AM8S5d0n+RKw9k0KkhPcddIupIOkKzhOy3QcVLCYR0rGkXwXoXX8WKN+v0rRcfoR4h5e FDZw== X-Gm-Message-State: AOJu0YyfJo1kqz9JqyZx9Opj77T+sotvRULB46bz6+ysGzWorwGwNiNH QsndahxhGEHqPVa0nbKjWgwizLKHajgLlQ== X-Google-Smtp-Source: AGHT+IGPe/7smLbT0AEowfaAnjO5L40awyT4WdaQx98d+FyeWkSQ2d4GeQCUZvE4ZFkGvig/Oh/xIg== X-Received: by 2002:a17:902:ecce:b0:1cc:59a1:79c6 with SMTP id a14-20020a170902ecce00b001cc59a179c6mr3579643plh.18.1698732045904; Mon, 30 Oct 2023 23:00:45 -0700 (PDT) Received: from ubuntu.. ([203.205.141.13]) by smtp.googlemail.com with ESMTPSA id x5-20020a170902b40500b001cc50f67fbasm460683plr.281.2023.10.30.23.00.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Oct 2023 23:00:45 -0700 (PDT) From: Hengqi Chen To: bpf@vger.kernel.org Cc: ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org, keescook@chromium.org, luto@amacapital.net, wad@chromium.org, hengqi.chen@gmail.com Subject: [PATCH bpf-next 5/6] selftests/bpf: Add seccomp verifier tests Date: Tue, 31 Oct 2023 01:24:06 +0000 Message-Id: <20231031012407.51371-6-hengqi.chen@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231031012407.51371-1-hengqi.chen@gmail.com> References: <20231031012407.51371-1-hengqi.chen@gmail.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: bpf@iogearbox.net This tests seccomp context access and helper call restriction. # ./test_progs -t verifier_seccomp #375/1 verifier_seccomp/seccomp no helper call:OK #375/2 verifier_seccomp/seccomp invalid ctx access, write:OK #375/3 verifier_seccomp/seccomp invalid ctx access, out of range:OK #375/4 verifier_seccomp/seccomp invalid ctx access, size too short:OK #375/5 verifier_seccomp/seccomp invalid ctx access, size too short:OK #375/6 verifier_seccomp/seccomp invalid ctx access, size too short:OK #375/7 verifier_seccomp/seccomp invalid ctx access, size too short:OK #375/8 verifier_seccomp/seccomp invalid ctx access, size too large:OK #375/9 verifier_seccomp/seccomp ctx access, valid:OK #375 verifier_seccomp:OK Summary: 1/9 PASSED, 0 SKIPPED, 0 FAILED Signed-off-by: Hengqi Chen --- .../selftests/bpf/prog_tests/verifier.c | 2 + .../selftests/bpf/progs/verifier_seccomp.c | 154 ++++++++++++++++++ 2 files changed, 156 insertions(+) create mode 100644 tools/testing/selftests/bpf/progs/verifier_seccomp.c diff --git a/tools/testing/selftests/bpf/prog_tests/verifier.c b/tools/testing/selftests/bpf/prog_tests/verifier.c index e3e68c97b40c..dfb40a11939e 100644 --- a/tools/testing/selftests/bpf/prog_tests/verifier.c +++ b/tools/testing/selftests/bpf/prog_tests/verifier.c @@ -57,6 +57,7 @@ #include "verifier_scalar_ids.skel.h" #include "verifier_sdiv.skel.h" #include "verifier_search_pruning.skel.h" +#include "verifier_seccomp.skel.h" #include "verifier_sock.skel.h" #include "verifier_spill_fill.skel.h" #include "verifier_spin_lock.skel.h" @@ -164,6 +165,7 @@ void test_verifier_runtime_jit(void) { RUN(verifier_runtime_jit); } void test_verifier_scalar_ids(void) { RUN(verifier_scalar_ids); } void test_verifier_sdiv(void) { RUN(verifier_sdiv); } void test_verifier_search_pruning(void) { RUN(verifier_search_pruning); } +void test_verifier_seccomp(void) { RUN(verifier_seccomp); } void test_verifier_sock(void) { RUN(verifier_sock); } void test_verifier_spill_fill(void) { RUN(verifier_spill_fill); } void test_verifier_spin_lock(void) { RUN(verifier_spin_lock); } diff --git a/tools/testing/selftests/bpf/progs/verifier_seccomp.c b/tools/testing/selftests/bpf/progs/verifier_seccomp.c new file mode 100644 index 000000000000..d3984a0cdae0 --- /dev/null +++ b/tools/testing/selftests/bpf/progs/verifier_seccomp.c @@ -0,0 +1,154 @@ +// SPDX-License-Identifier: GPL-2.0 +/* Copyright (c) 2023 Hengqi Chen */ + +#include "vmlinux.h" +#include "bpf_misc.h" + +#include +#include +#include + +SEC("seccomp") +__description("seccomp no helper call") +__failure __msg("unknown func bpf_get_prandom_u32") +__naked void seccomp_no_helper_call(void) +{ + asm volatile (" \ + call %[bpf_get_prandom_u32]; \ + r0 = 0; \ + exit;" \ + : + : __imm(bpf_get_prandom_u32) + : __clobber_all); +} + +SEC("seccomp") +__description("seccomp invalid ctx access, write") +__failure __msg("invalid bpf_context access") +__naked void seccomp_ctx_write(void) +{ + asm volatile (" \ + r2 = r1; \ + *(u64*)(r2 + 8) = r1; \ + r0 = 0; \ + exit;" \ + : + : + : __clobber_all); +} + +SEC("seccomp") +__description("seccomp invalid ctx access, out of range") +__failure __msg("invalid bpf_context access") +__naked void seccomp_ctx_read_out_of_range(void) +{ + asm volatile (" \ + r2 = *(u64*)(r1 + %[__bpf_seccomp_ctx_size]); \ + r0 = 0; \ + exit;" \ + : + : __imm_const(__bpf_seccomp_ctx_size, sizeof(struct seccomp_data)) + : __clobber_all); +} + +SEC("seccomp") +__description("seccomp invalid ctx access, size too short") +__failure __msg("invalid bpf_context access") +__naked void seccomp_ctx_read_too_short1(void) +{ + asm volatile (" \ + r2 = *(u8*)(r1 + %[__bpf_seccomp_ctx_nr]); \ + r0 = 0; \ + exit;" \ + : + : __imm_const(__bpf_seccomp_ctx_nr, offsetof(struct seccomp_data, nr)) + : __clobber_all); +} + +SEC("seccomp") +__description("seccomp invalid ctx access, size too short") +__failure __msg("invalid bpf_context access") +__naked void seccomp_ctx_read_too_short2(void) +{ + asm volatile (" \ + r2 = *(u16*)(r1 + %[__bpf_seccomp_ctx_arch]); \ + r0 = 0; \ + exit;" \ + : + : __imm_const(__bpf_seccomp_ctx_arch, offsetof(struct seccomp_data, arch)) + : __clobber_all); +} + +SEC("seccomp") +__description("seccomp invalid ctx access, size too short") +__failure __msg("invalid bpf_context access") +__naked void seccomp_ctx_read_too_short3(void) +{ + asm volatile (" \ + r2 = *(u32*)(r1 + %[__bpf_seccomp_ctx_ip]); \ + r0 = 0; \ + exit;" \ + : + : __imm_const(__bpf_seccomp_ctx_ip, offsetof(struct seccomp_data, instruction_pointer)) + : __clobber_all); +} + +SEC("seccomp") +__description("seccomp invalid ctx access, size too short") +__failure __msg("invalid bpf_context access") +__naked void seccomp_ctx_read_too_short4(void) +{ + asm volatile (" \ + r2 = *(u32*)(r1 + %[__bpf_seccomp_ctx_arg1]); \ + r0 = 0; \ + exit;" \ + : + : __imm_const(__bpf_seccomp_ctx_arg1, offsetof(struct seccomp_data, args[1])) + : __clobber_all); +} + +SEC("seccomp") +__description("seccomp invalid ctx access, size too large") +__failure __msg("invalid bpf_context access") +__naked void seccomp_ctx_read_too_large(void) +{ + asm volatile (" \ + r2 = *(u64*)(r1 + %[__bpf_seccomp_ctx_nr]); \ + r0 = 0; \ + exit;" \ + : + : __imm_const(__bpf_seccomp_ctx_nr, offsetof(struct seccomp_data, nr)) + : __clobber_all); +} + +SEC("seccomp") +__description("seccomp ctx access, valid") +__success __retval(0x5ecc0779) +__naked void seccomp_ctx_read_ok(void) +{ + asm volatile (" \ + r2 = *(u32*)(r1 + %[__bpf_seccomp_ctx_nr]); \ + r2 = *(u32*)(r1 + %[__bpf_seccomp_ctx_arch]); \ + r2 = *(u64*)(r1 + %[__bpf_seccomp_ctx_ip]); \ + r2 = *(u64*)(r1 + %[__bpf_seccomp_ctx_arg0]); \ + r2 = *(u64*)(r1 + %[__bpf_seccomp_ctx_arg1]); \ + r2 = *(u64*)(r1 + %[__bpf_seccomp_ctx_arg2]); \ + r2 = *(u64*)(r1 + %[__bpf_seccomp_ctx_arg3]); \ + r2 = *(u64*)(r1 + %[__bpf_seccomp_ctx_arg4]); \ + r2 = *(u64*)(r1 + %[__bpf_seccomp_ctx_arg5]); \ + r0 = 0x5ecc0779; \ + exit;" \ + : + : __imm_const(__bpf_seccomp_ctx_nr, offsetof(struct seccomp_data, nr)), + __imm_const(__bpf_seccomp_ctx_arch, offsetof(struct seccomp_data, arch)), + __imm_const(__bpf_seccomp_ctx_ip, offsetof(struct seccomp_data, instruction_pointer)), + __imm_const(__bpf_seccomp_ctx_arg0, offsetof(struct seccomp_data, args[0])), + __imm_const(__bpf_seccomp_ctx_arg1, offsetof(struct seccomp_data, args[1])), + __imm_const(__bpf_seccomp_ctx_arg2, offsetof(struct seccomp_data, args[2])), + __imm_const(__bpf_seccomp_ctx_arg3, offsetof(struct seccomp_data, args[3])), + __imm_const(__bpf_seccomp_ctx_arg4, offsetof(struct seccomp_data, args[4])), + __imm_const(__bpf_seccomp_ctx_arg5, offsetof(struct seccomp_data, args[5])) + : __clobber_all); +} + +char _license[] SEC("license") = "GPL"; From patchwork Tue Oct 31 01:24:07 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hengqi Chen X-Patchwork-Id: 13441087 X-Patchwork-Delegate: bpf@iogearbox.net Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C642DDF5D for ; Tue, 31 Oct 2023 06:01:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="hUxJq1Hw" Received: from mail-pl1-x630.google.com (mail-pl1-x630.google.com [IPv6:2607:f8b0:4864:20::630]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 07791F4 for ; Mon, 30 Oct 2023 23:01:08 -0700 (PDT) Received: by mail-pl1-x630.google.com with SMTP id d9443c01a7336-1c434c33ec0so40465985ad.3 for ; Mon, 30 Oct 2023 23:01:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1698732049; x=1699336849; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=KMitVK3rOTDVbT4Z+8x0bS93zlRA2h7260oX1PRTrQE=; b=hUxJq1Hwyb9l03FRPO0HLffR+E7eJu9Aai1DYQsWT4dG2Cfy4PhLGar1qk1YH/99pN 5nqfKPXh76oUBDWLd1iqueUCysBI89nfq65j+DgWo++hgd7Cd5ilJiivO1tVfWyJi95k 1mLU5z5+zTWNco8Gqfp3O2l57lW/+qRUHCEwLG9knG0P+/5wyVHfBnliaYXW00vvc/UO 1WNOC0IQhZw4uzHp2nFSy/RK42oyPf6Y68FXifQZ9Y01B/v4atRtzsD9hMzYQqMIrOwv xBWFDBIo90vvHNsDKHzCOxvbUX97kbNaFvLJGbop9nBIuhZD+GYapBZRm3VBPiMeIGcq XDJA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698732049; x=1699336849; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=KMitVK3rOTDVbT4Z+8x0bS93zlRA2h7260oX1PRTrQE=; b=jHVLTCYIoRAg/SdWWK0mzc9Ui2spIGpHC+JP3Z2//QypPyQx7W3Jpm9Tse7LYQLDUp PnaddtLbF0w9E87/u5flpoCDgEoLZS7lt86MrQSVMn+nV4sZmSGWdQ5i5jILeDz6nRET D09ogrrw6J7oQE3tiyb6xiPS3pSssWRR0H/e/rEJmWzzSuyYH5zeJdo/gU2QrMLIu16p 9Nl91gYjxema5iYWDG7EhnkArnA2pt1x2J1nVcf/UKAJ168/nwWiOOnd+uF4urJjjPEB dXHJ92TcCyTUUsU01JrYsyAiSZ3XQXPlRXzUJvT+GYPxHiHidEd7lulMe2rKyb8Au+g7 T1KQ== X-Gm-Message-State: AOJu0YzkReuer3ai6Pq/XODEvcPXIJLK+gY6aE7+ugvoL4WRfI0ULBUr mLugcl/XsAJiPTMlyVqtJu7tQaf7rWIqZg== X-Google-Smtp-Source: AGHT+IHij17j15v/dEVO7nUcwFHlvhQi2eRQdf72y00nNcRRXLxzEUYBzkpOLoD6lOZKix231/WTaQ== X-Received: by 2002:a17:903:1104:b0:1c9:ea6e:5a63 with SMTP id n4-20020a170903110400b001c9ea6e5a63mr12217788plh.32.1698732048725; Mon, 30 Oct 2023 23:00:48 -0700 (PDT) Received: from ubuntu.. ([203.205.141.13]) by smtp.googlemail.com with ESMTPSA id x5-20020a170902b40500b001cc50f67fbasm460683plr.281.2023.10.30.23.00.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Oct 2023 23:00:48 -0700 (PDT) From: Hengqi Chen To: bpf@vger.kernel.org Cc: ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org, keescook@chromium.org, luto@amacapital.net, wad@chromium.org, hengqi.chen@gmail.com Subject: [PATCH bpf-next 6/6] selftests/bpf: Test BPF_PROG_TYPE_SECCOMP Date: Tue, 31 Oct 2023 01:24:07 +0000 Message-Id: <20231031012407.51371-7-hengqi.chen@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231031012407.51371-1-hengqi.chen@gmail.com> References: <20231031012407.51371-1-hengqi.chen@gmail.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: bpf@iogearbox.net Add a testcase to exercise BPF_PROG_TYPE_SECCOMP. # ./test_progs -n 194 #194 seccomp:OK Summary: 1/0 PASSED, 0 SKIPPED, 0 FAILED Signed-off-by: Hengqi Chen --- tools/include/uapi/linux/bpf.h | 1 + tools/include/uapi/linux/seccomp.h | 2 + .../selftests/bpf/prog_tests/seccomp.c | 40 +++++++++++++++++++ .../selftests/bpf/progs/test_seccomp.c | 24 +++++++++++ 4 files changed, 67 insertions(+) create mode 100644 tools/testing/selftests/bpf/prog_tests/seccomp.c create mode 100644 tools/testing/selftests/bpf/progs/test_seccomp.c diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h index 0f6cdf52b1da..f0fcfe0ccb2e 100644 --- a/tools/include/uapi/linux/bpf.h +++ b/tools/include/uapi/linux/bpf.h @@ -995,6 +995,7 @@ enum bpf_prog_type { BPF_PROG_TYPE_SK_LOOKUP, BPF_PROG_TYPE_SYSCALL, /* a program that can execute syscalls */ BPF_PROG_TYPE_NETFILTER, + BPF_PROG_TYPE_SECCOMP, }; enum bpf_attach_type { diff --git a/tools/include/uapi/linux/seccomp.h b/tools/include/uapi/linux/seccomp.h index dbfc9b37fcae..db792dc96b5a 100644 --- a/tools/include/uapi/linux/seccomp.h +++ b/tools/include/uapi/linux/seccomp.h @@ -25,6 +25,8 @@ #define SECCOMP_FILTER_FLAG_TSYNC_ESRCH (1UL << 4) /* Received notifications wait in killable state (only respond to fatal signals) */ #define SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV (1UL << 5) +/* Indicates that the filter is in form of bpf prog fd */ +#define SECCOMP_FILTER_FLAG_BPF_PROG_FD (1UL << 6) /* * All BPF programs must return a 32-bit value. diff --git a/tools/testing/selftests/bpf/prog_tests/seccomp.c b/tools/testing/selftests/bpf/prog_tests/seccomp.c new file mode 100644 index 000000000000..fc7db6af7d64 --- /dev/null +++ b/tools/testing/selftests/bpf/prog_tests/seccomp.c @@ -0,0 +1,40 @@ +// SPDX-License-Identifier: GPL-2.0 +/* Copyright (c) 2023 Hengqi Chen */ + +#include +#include +#include "test_seccomp.skel.h" + +static int seccomp(unsigned int op, unsigned int flags, void *args) +{ + errno = 0; + return syscall(__NR_seccomp, op, flags, args); +} + +void test_seccomp(void) +{ + struct test_seccomp *skel; + int fd, flags, ret; + + skel = test_seccomp__open(); + if (!ASSERT_OK_PTR(skel, "skel_open")) + return; + + skel->rodata->seccomp_syscall_nr = __NR_seccomp; + skel->rodata->seccomp_errno = 99; + + ret = test_seccomp__load(skel); + if (!ASSERT_OK(ret, "skel_load")) + goto cleanup; + + fd = bpf_program__fd(skel->progs.seccomp_prog); + flags = SECCOMP_FILTER_FLAG_BPF_PROG_FD; + ret = seccomp(SECCOMP_SET_MODE_FILTER, flags, &fd); + ASSERT_OK(ret, "seccomp_set_bpf_prog"); + ret = seccomp(SECCOMP_SET_MODE_FILTER, flags, &fd); + ASSERT_EQ(ret, -1, "seccomp should fail"); + ASSERT_EQ(errno, 99, "errno not equal to 99"); + +cleanup: + test_seccomp__destroy(skel); +} diff --git a/tools/testing/selftests/bpf/progs/test_seccomp.c b/tools/testing/selftests/bpf/progs/test_seccomp.c new file mode 100644 index 000000000000..c53e75b8c0ec --- /dev/null +++ b/tools/testing/selftests/bpf/progs/test_seccomp.c @@ -0,0 +1,24 @@ +// SPDX-License-Identifier: GPL-2.0 +/* Copyright (c) 2023 Hengqi Chen */ + +#include "vmlinux.h" +#include +#include + +#define SECCOMP_RET_ERRNO 0x00050000U +#define SECCOMP_RET_ALLOW 0x7fff0000U +#define SECCOMP_RET_DATA 0x0000ffffU + +const volatile int seccomp_syscall_nr = 0; +const volatile __u32 seccomp_errno = 0; + +SEC("seccomp") +int seccomp_prog(struct seccomp_data *ctx) +{ + if (ctx->nr != seccomp_syscall_nr) + return SECCOMP_RET_ALLOW; + + return SECCOMP_RET_ERRNO | (seccomp_errno & SECCOMP_RET_DATA); +} + +char _license[] SEC("license") = "GPL";