Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp1281065ybt;
        Thu, 9 Jul 2020 03:14:24 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzmj841tAUzhwQTFLvGlRxq8+P5iSU+uF9aY32VayGtT9PhYD2YlE23nJ6XIecMph7DP8qX
X-Received: by 2002:a17:906:774d:: with SMTP id o13mr50207925ejn.373.1594289664016;
        Thu, 09 Jul 2020 03:14:24 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1594289664; cv=none;
        d=google.com; s=arc-20160816;
        b=O8NwjqpnbFH3ZwZNKC6XtMoNaC5gmBoj40dcshQ++D/LSYB6/rUgYgC0j9/fjqeAHJ
         mYwhdeqK/E4x7wyABq8vvWj9QGMSIMgGX04C1jfOQWsgF5UG6KW1GgQUxid9TGo8G1Ey
         Gr6mKNTGJltAWVKNqX1aEOxZoKuE1GXPVNiVo06YEYWfJKjnzFOTU/IVlU0puEW5hDt+
         j0Uts7tEvmWZysKEQUrKQH8wISpcw1Ci3+YUkw/rXHmBCyGADvwPZrAX40fWWOrM8+pX
         WBH9iLZWlxErTVYlcOb+w9qdmCKnL6C5frt5EAn20JGfcByr/lHr04Wboho0HgM09NYo
         eEwA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=p6F4vN9gejgjxw89ADeOeELjqWjWfdA4d7KsgDXKleE=;
        b=c/I6D3vs2cXVvYF9xcnRrSoQcL1Y+X2YROdaONtkRL63Nfxq+iYa6Y7ldZhfCKBoYJ
         uF1Wam5jhaqgyh5mV3dQDw1SBHYbvotts6u+Rs27F3eGVTT83FuKBGCTTyPO7xgfDUtf
         o1Lw0ri7kRDkYea0Ye1MmXE19VDFZK+SATAhiaedqIMhkBzS3Mk2Ye4WBbnj5IQUOyB2
         xf3pyU2qW5Szr3/hGQ1uXR6mXyEfhixTxoiNmG0QgpOPcrHD07HfBTOXI0LEo3Ez/4cC
         SfiJnGXaRAExVLvVHhA+JHlSvEq7bsYczUiflV30OHCWvNWaNR0Wv1C2Ypg2Tu7Rk+BV
         tnCA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=eew5zVjJ;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id z7si1538261ejf.367.2020.07.09.03.14.01;
        Thu, 09 Jul 2020 03:14:24 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=eew5zVjJ;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726761AbgGIKNE (ORCPT <rfc822;utfcpqpk@gmail.com> + 99 others);
        Thu, 9 Jul 2020 06:13:04 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35092 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726777AbgGIKMt (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 9 Jul 2020 06:12:49 -0400
Received: from mail-wr1-x441.google.com (mail-wr1-x441.google.com [IPv6:2a00:1450:4864:20::441])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D401FC035422
        for <linux-kernel@vger.kernel.org>; Thu,  9 Jul 2020 03:12:46 -0700 (PDT)
Received: by mail-wr1-x441.google.com with SMTP id r12so1690029wrj.13
        for <linux-kernel@vger.kernel.org>; Thu, 09 Jul 2020 03:12:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=p6F4vN9gejgjxw89ADeOeELjqWjWfdA4d7KsgDXKleE=;
        b=eew5zVjJu4diolgsc6S2biBl82wPJ0uR0K4eJDLhd2KSX7hlD5GaR2kcF5/vq2VXaM
         LHKM/9sPr8XUj9nHd5xbZScfkKkfZm+FZ2poVYochrMTYihKTSZ23JXPbKs2tRBUghP/
         eD7wuQGEbbztCUziW9a4iNotQneaxNQYci308=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=p6F4vN9gejgjxw89ADeOeELjqWjWfdA4d7KsgDXKleE=;
        b=j9TxBphZFtXnOHcBXriei4zv+Qv7ZMf8wN9Ni+ugzcvctUI/h4PO+sGWT2RESJW1FW
         8fe1hQ9RW6umFGPbmVQ7P0+Wjy8B2iOnhDwG4auVix9hxDoRbQJIDz7QaGkn0G5qIv7w
         vUP/VQ8OT9xXW5FnTQCipe9cDPkv04seE1gSEBTCIpIsZ+wzI9TBG4ndAay8f8xvZYPe
         VfuEl2fWdqcr07ACziCIPCz6ErRs/EsdBCbeXadGTFNYOOmLz4xBmC8QLqJa6kxLtEmo
         qOBf8hEfpy2CMY4yxZgnppw0nqNQdYrBbKDmVP5QLzPSDxOb6IaB0xPPe2tBEgbYJaac
         kRnQ==
X-Gm-Message-State: AOAM531aSNR4m6iE+8sPxzpdn44+fO8XgJWSGzBgqNai+Zv3g9XoZ4sr
        AeIxiCL1ZWpCfp88HfDC0zRL6eBxlHc=
X-Received: by 2002:a5d:474f:: with SMTP id o15mr59888815wrs.306.1594289565334;
        Thu, 09 Jul 2020 03:12:45 -0700 (PDT)
Received: from kpsingh.zrh.corp.google.com ([81.6.44.51])
        by smtp.gmail.com with ESMTPSA id g3sm5538287wrb.59.2020.07.09.03.12.44
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Jul 2020 03:12:44 -0700 (PDT)
From:   KP Singh <kpsingh@chromium.org>
To:     linux-kernel@vger.kernel.org, bpf@vger.kernel.org,
        linux-security-module@vger.kernel.org
Cc:     Alexei Starovoitov <ast@kernel.org>,
        Daniel Borkmann <daniel@iogearbox.net>,
        Martin KaFai Lau <kafai@fb.com>,
        Paul Turner <pjt@google.com>, Jann Horn <jannh@google.com>,
        Florent Revest <revest@chromium.org>
Subject: [PATCH bpf-next v4 3/4] bpf: Allow local storage to be used from LSM programs
Date:   Thu,  9 Jul 2020 12:12:38 +0200
Message-Id: <20200709101239.3829793-4-kpsingh@chromium.org>
X-Mailer: git-send-email 2.27.0.389.gc38d7665816-goog
In-Reply-To: <20200709101239.3829793-1-kpsingh@chromium.org>
References: <20200709101239.3829793-1-kpsingh@chromium.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: KP Singh <kpsingh@google.com>

Adds support for both bpf_{sk, inode}_storage_{get, delete} to be used
in LSM programs. These helpers are not used for tracing programs
(currently) as their usage is tied to the life-cycle of the object and
should only be used where the owning object won't be freed (when the
owning object is passed as an argument to the LSM hook). Thus, they
are safer to use in LSM hooks than tracing. Usage of local storage in
tracing programs will probably follow a per function based whitelist
approach.

Since the UAPI helper signature for bpf_sk_storage expect a bpf_sock,
it, leads to a compilation warning for LSM programs, it's also updated
to accept a void * pointer instead.

Signed-off-by: KP Singh <kpsingh@google.com>
---
 include/net/bpf_sk_storage.h   |  2 ++
 include/uapi/linux/bpf.h       |  4 ++--
 kernel/bpf/bpf_lsm.c           | 21 ++++++++++++++++++++-
 net/core/bpf_sk_storage.c      | 22 ++++++++++++++++++++++
 tools/include/uapi/linux/bpf.h |  4 ++--
 5 files changed, 48 insertions(+), 5 deletions(-)

diff --git a/include/net/bpf_sk_storage.h b/include/net/bpf_sk_storage.h
index 5036c94c0503..d231da1b57ca 100644
--- a/include/net/bpf_sk_storage.h
+++ b/include/net/bpf_sk_storage.h
@@ -9,6 +9,8 @@ void bpf_sk_storage_free(struct sock *sk);
 
 extern const struct bpf_func_proto bpf_sk_storage_get_proto;
 extern const struct bpf_func_proto bpf_sk_storage_delete_proto;
+extern const struct bpf_func_proto sk_storage_get_btf_proto;
+extern const struct bpf_func_proto sk_storage_delete_btf_proto;
 
 struct bpf_sk_storage_diag;
 struct sk_buff;
diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
index 42fc442f4586..3d2859ccc7ae 100644
--- a/include/uapi/linux/bpf.h
+++ b/include/uapi/linux/bpf.h
@@ -2787,7 +2787,7 @@ union bpf_attr {
  *
  *		**-ERANGE** if resulting value was out of range.
  *
- * void *bpf_sk_storage_get(struct bpf_map *map, struct bpf_sock *sk, void *value, u64 flags)
+ * void *bpf_sk_storage_get(struct bpf_map *map, void *sk, void *value, u64 flags)
  *	Description
  *		Get a bpf-local-storage from a *sk*.
  *
@@ -2815,7 +2815,7 @@ union bpf_attr {
  *		**NULL** if not found or there was an error in adding
  *		a new bpf-local-storage.
  *
- * long bpf_sk_storage_delete(struct bpf_map *map, struct bpf_sock *sk)
+ * long bpf_sk_storage_delete(struct bpf_map *map, void *sk)
  *	Description
  *		Delete a bpf-local-storage from a *sk*.
  *	Return
diff --git a/kernel/bpf/bpf_lsm.c b/kernel/bpf/bpf_lsm.c
index fb278144e9fd..9cd1428c7199 100644
--- a/kernel/bpf/bpf_lsm.c
+++ b/kernel/bpf/bpf_lsm.c
@@ -11,6 +11,8 @@
 #include <linux/bpf_lsm.h>
 #include <linux/kallsyms.h>
 #include <linux/bpf_verifier.h>
+#include <net/bpf_sk_storage.h>
+#include <linux/bpf_local_storage.h>
 
 /* For every LSM hook that allows attachment of BPF programs, declare a nop
  * function where a BPF program can be attached.
@@ -45,10 +47,27 @@ int bpf_lsm_verify_prog(struct bpf_verifier_log *vlog,
 	return 0;
 }
 
+static const struct bpf_func_proto *
+bpf_lsm_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
+{
+	switch (func_id) {
+	case BPF_FUNC_inode_storage_get:
+		return &bpf_inode_storage_get_proto;
+	case BPF_FUNC_inode_storage_delete:
+		return &bpf_inode_storage_delete_proto;
+	case BPF_FUNC_sk_storage_get:
+		return &sk_storage_get_btf_proto;
+	case BPF_FUNC_sk_storage_delete:
+		return &sk_storage_delete_btf_proto;
+	default:
+		return tracing_prog_func_proto(func_id, prog);
+	}
+}
+
 const struct bpf_prog_ops lsm_prog_ops = {
 };
 
 const struct bpf_verifier_ops lsm_verifier_ops = {
-	.get_func_proto = tracing_prog_func_proto,
+	.get_func_proto = bpf_lsm_func_proto,
 	.is_valid_access = btf_ctx_access,
 };
diff --git a/net/core/bpf_sk_storage.c b/net/core/bpf_sk_storage.c
index a2b00a09d843..ed0a07e0bb67 100644
--- a/net/core/bpf_sk_storage.c
+++ b/net/core/bpf_sk_storage.c
@@ -456,6 +456,28 @@ const struct bpf_func_proto bpf_sk_storage_delete_proto = {
 	.arg2_type	= ARG_PTR_TO_SOCKET,
 };
 
+static int sk_storage_get_btf_ids[4];
+const struct bpf_func_proto sk_storage_get_btf_proto = {
+	.func		= bpf_sk_storage_get,
+	.gpl_only	= false,
+	.ret_type	= RET_PTR_TO_MAP_VALUE_OR_NULL,
+	.arg1_type	= ARG_CONST_MAP_PTR,
+	.arg2_type	= ARG_PTR_TO_BTF_ID,
+	.arg3_type	= ARG_PTR_TO_MAP_VALUE_OR_NULL,
+	.arg4_type	= ARG_ANYTHING,
+	.btf_id		= sk_storage_get_btf_ids,
+};
+
+static int sk_storage_delete_btf_ids[2];
+const struct bpf_func_proto sk_storage_delete_btf_proto = {
+	.func		= bpf_sk_storage_delete,
+	.gpl_only	= false,
+	.ret_type	= RET_INTEGER,
+	.arg1_type	= ARG_CONST_MAP_PTR,
+	.arg2_type	= ARG_PTR_TO_BTF_ID,
+	.btf_id		= sk_storage_delete_btf_ids,
+};
+
 struct bpf_sk_storage_diag {
 	u32 nr_maps;
 	struct bpf_map *maps[];
diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h
index 42fc442f4586..3d2859ccc7ae 100644
--- a/tools/include/uapi/linux/bpf.h
+++ b/tools/include/uapi/linux/bpf.h
@@ -2787,7 +2787,7 @@ union bpf_attr {
  *
  *		**-ERANGE** if resulting value was out of range.
  *
- * void *bpf_sk_storage_get(struct bpf_map *map, struct bpf_sock *sk, void *value, u64 flags)
+ * void *bpf_sk_storage_get(struct bpf_map *map, void *sk, void *value, u64 flags)
  *	Description
  *		Get a bpf-local-storage from a *sk*.
  *
@@ -2815,7 +2815,7 @@ union bpf_attr {
  *		**NULL** if not found or there was an error in adding
  *		a new bpf-local-storage.
  *
- * long bpf_sk_storage_delete(struct bpf_map *map, struct bpf_sock *sk)
+ * long bpf_sk_storage_delete(struct bpf_map *map, void *sk)
  *	Description
  *		Delete a bpf-local-storage from a *sk*.
  *	Return
-- 
2.27.0.389.gc38d7665816-goog