Il giorno sab 12 apr 2025 alle ore 02:19 Alexei Starovoitov alexei.starovoitov@gmail.com ha scritto:
Similar to what I proposed here?
https://lore.kernel.org/bpf/20211203191844.69709-2-mcroce@linux.microsoft.co...
The verification of module signatures is a job of the module loading process. The same thing should be done by the bpf system. The signature needs to be passed into sys_bpf syscall as a part of BPF_PROG_LOAD command.
static int bpf_prog_load(union bpf_attr *attr, bpfptr_t uattr) { @@ -2302,6 +2306,43 @@ static int bpf_prog_load(union bpf_attr *attr, bpfptr_t uattr)
It probably should be two new fields in union bpf_attr (signature and length),
@@ -1346,6 +1346,8 @@ union bpf_attr { __aligned_u64 fd_array; /* array of FDs */ __aligned_u64 core_relos; __u32 core_relo_rec_size; /* sizeof(struct bpf_core_relo) */ + __aligned_u64 signature; /* instruction's signature */ + __u32 sig_len; /* signature size */
and the whole thing should be processed as part of the loading with human readable error reported back through the verifier log in case of signature mismatch, etc.
+ if (err) { + pr_warn("Invalid BPF signature for '%s': %pe\n", + prog->aux->name, ERR_PTR(err)); + goto free_prog_sec; + }
It's been four years since my submission and the discussion was lengthy, what was the problem with the proposed signature in bpf_attr?
Regards,