Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp3443816pxb; Mon, 16 Nov 2020 15:07:24 -0800 (PST) X-Google-Smtp-Source: ABdhPJzmmYdr+47I5PYQzDL1pLsQpwgO/22pWOjAiPNa37VPqs6lKTHlSKZTs0ViiGItw4M+BW/G X-Received: by 2002:a50:9e29:: with SMTP id z38mr18395108ede.220.1605568044252; Mon, 16 Nov 2020 15:07:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1605568044; cv=none; d=google.com; s=arc-20160816; b=SGfFbm5/UJYIr6R62prGvjNHyvNeYEJyPISlZQCdctq972aZ47orvxJP39p888WDlR UJGx4ITAGsSyA5J6OnXk31zYyGAo5b9xRpbAnDI/f9bcDVsVnGuGgT82duev+cjAL62G RXG133wg0rDZMLtKNDCZEF1LUv9XKywHkrn+0iZk5PKnGwsPCcOOlLimJpb4Fo7WYOZF 9ArqOIhNwbQyKM88ZMW5Mkhadypsgexr+/7kq2VZWhT4aQQtytV7T+4VzHiXLsEHDC5U TODAsrxf65daWyHdtkRLBTIumM0fY8TrIH5odIp/OuuD8/PDJCD1UGuzWDB4RjuwhOE/ OOgA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=Oqw9epQWjuqQxumm1qz/wnmcqCFBLpywk+xBolP4O8c=; b=XRvn1dsQ0oKIw8TcL6FQlGSTX45Ao2yk6b+tuiHASP/CvH020c6NZF7PuLCjtgrJ4r baXWBpnxM6xk2MCMGa4LUEDncmSFTXXHzfLzkXOa2eDZw8VjW+9u/iE1SAU/uEY3Ej+y iWho68pn4iSgZ/OBhUC+bsaU5TleiaWo8FNHQUEAEd66EWFIF/R4ik0KkBnL9uz6UUwA 1J+hCYfOMPAWuYAYYIs/CXNzp3aneIcIJmd5AFo5b9XBRE76o9oNq0EL3Hv0yv7d80ph Dg6dNNC7IJovq/7cOgm+u9/KnV+qizGXBZit2dX1suexlOpAQEq+5kvqXOphJYmVKxVh Lk3A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=a90FLjLD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id rl2si12290747ejb.720.2020.11.16.15.07.01; Mon, 16 Nov 2020 15:07:24 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=a90FLjLD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728709AbgKPWs4 (ORCPT + 99 others); Mon, 16 Nov 2020 17:48:56 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38268 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726391AbgKPWsz (ORCPT ); Mon, 16 Nov 2020 17:48:55 -0500 Received: from mail-lj1-x242.google.com (mail-lj1-x242.google.com [IPv6:2a00:1450:4864:20::242]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 617C8C0613CF for ; Mon, 16 Nov 2020 14:48:55 -0800 (PST) Received: by mail-lj1-x242.google.com with SMTP id y16so22046017ljk.1 for ; Mon, 16 Nov 2020 14:48:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Oqw9epQWjuqQxumm1qz/wnmcqCFBLpywk+xBolP4O8c=; b=a90FLjLDw/opYyMk6t7cdGXGKSI2b8IgRXgsEkBadTQC29AJ9CCSviJX9AD7WM6PVL E0JkHgnaJ5tEEAHvGwGV+kSKMaS9V2q57MKbIxjxkp91f4ZV6ytzTZyMZoOG28QGnVxm +TIE2ZrOQP9ZxrvCS17/+R7gt2w1RSldJ462M= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Oqw9epQWjuqQxumm1qz/wnmcqCFBLpywk+xBolP4O8c=; b=tsUwl0yEYFhpnIZIAYup7snJZiUQNus910V0Q5BUzJ9q02qxvPUmoLIvz8CsLPw+DV R/LUDB6ctTh/SnLHy1BMnCwFZYEL2psQlPGKWyF2Oafjbvye0mFVUEUIhjvvfVgaWcdX CwxkBgQqGLZQpifRz6NQJ2lN6ZtvvaRBmFdwnKKd5eM+u5SVoyTAF3+6F7IbyS/BP1Iz HaOA8O275dl05H73PVxEJ3Xgjnt4pIXJMi+8AbqD3ndLsRfRdIJY5l7nwO8vxJnX8TV+ VK7oyXqqeoV23Z0SaPQ6+vLYMubRUZ72ulqy3g6GhPOmFG65iWawe/KmyONEsJx8jDC1 59Bg== X-Gm-Message-State: AOAM533NT29hSHXx8ya2sGwBM4TTZkuuMdhB7IoPlf0Zmi165zGKiUAO zw040lEZa1u5wic6GnhmQscVhw7R6XgaG3N3+s2x7Q== X-Received: by 2002:a2e:b16f:: with SMTP id a15mr643461ljm.430.1605566933909; Mon, 16 Nov 2020 14:48:53 -0800 (PST) MIME-Version: 1.0 References: <20201116140110.1412642-1-kpsingh@chromium.org> <793acf23-b263-6ae5-2206-18fcdfa991eb@iogearbox.net> In-Reply-To: <793acf23-b263-6ae5-2206-18fcdfa991eb@iogearbox.net> From: KP Singh Date: Mon, 16 Nov 2020 23:48:43 +0100 Message-ID: Subject: Re: [PATCH bpf-next 1/2] bpf: Add bpf_lsm_set_bprm_opts helper To: Daniel Borkmann Cc: open list , bpf , Alexei Starovoitov , Martin KaFai Lau , Song Liu , Paul Turner , Pauline Middelink Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org [...] > > > > +BPF_CALL_2(bpf_lsm_set_bprm_opts, struct linux_binprm *, bprm, u64, flags) > > +{ > > This should also reject invalid flags. I'd rather change this helper from RET_VOID > to RET_INTEGER and throw -EINVAL for everything other than BPF_LSM_F_BPRM_SECUREEXEC > passed in here including zero so it can be extended in future. Sounds good, I added: enum { BPF_LSM_F_BPRM_SECUREEXEC = (1ULL << 0), + /* Mask for all the currently supported BPRM options */ + BPF_LSM_F_BRPM_OPTS_MASK = 0x1ULL, }; changed the return type to RET_INTEGER as suggested checking for invalid flags as: BPF_CALL_2(bpf_lsm_set_bprm_opts, struct linux_binprm *, bprm, u64, flags) { + + if (flags & !BPF_LSM_F_BRPM_OPTS_MASK) + return -EINVAL; Do let me know if this is okay and I can spin up a v2 with these changes. - KP > > > + bprm->secureexec = (flags & BPF_LSM_F_BPRM_SECUREEXEC); > > + return 0; > > +} > > + > > +BTF_ID_LIST_SINGLE(bpf_lsm_set_bprm_opts_btf_ids, struct, linux_binprm) > > + > > +const static struct bpf_func_proto bpf_lsm_set_bprm_opts_proto = { > > + .func = bpf_lsm_set_bprm_opts, > > + .gpl_only = false, > > + .ret_type = RET_VOID, > > + .arg1_type = ARG_PTR_TO_BTF_ID, > > + .arg1_btf_id = &bpf_lsm_set_bprm_opts_btf_ids[0], > > + .arg2_type = ARG_ANYTHING, > > +}; > > +