Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp2718840pxb; Tue, 12 Oct 2021 12:03:05 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxFRtNlLcF11JJg8qN4uQ4XmUoDuRzznGgRKZ+brWqt9wtlFLKzuifSZvXNktbpbcPRrs00 X-Received: by 2002:aa7:9542:0:b0:44c:6db9:f596 with SMTP id w2-20020aa79542000000b0044c6db9f596mr33105936pfq.21.1634065385637; Tue, 12 Oct 2021 12:03:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1634065385; cv=none; d=google.com; s=arc-20160816; b=j3ioYclkO8vV3YksCRNYyfIx0oAbrFT1GLOLxT1hNpp4YNWAOtwvComF4uKoaVFFQv ZDmWZtQpd1b4iorsxQ15aa38dVmL/1tnsVdAK4lj+LKeN7MSQPYm7GZFVFVZZJnb2ZE1 FJptmPmau6j9aJjfOVflgrjQpPsLhH3hz3QqK1xJcHESvLjpQ5NURSgFlJzdUq5nsCEA mxdoA0P4ZDbN3t1Q44NiJmfHV0kg5y/cvzq0t+d3NR5jlAFNuTIALdUMu58HdtKrQOKm Sk6Y06nlFzWZ7Hcy2A1gTVHtQ6RPHFL10PFMS2dvSzfGv/f6yCe4HPuSf1x4bm3uAg4i XiMA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=yc+DKOJfjStu6hJSmxsub9ya8Onyiq1AsqGptnT8sVs=; b=bg6rj2ytpOgmtB13xLalPj3sqcaEhTBThk/L2Jf46jMvXibskSx8/E25438tMM5V2J 68HTK6wy6Lh6aSpP3XzCJQ6V1RahKHIib2s/ah5z5u+3ek6C9FEsyEYetGtN6T7IZ46B 6+5Rkyh5Py2gBQuY+ZiQHi1JW1dAnZZDASlB+ImyE4Grw3H12zMxKrST40At0v8+BLZ4 m+8ybrsdps8ddoMgNt1cJv6FJlhHa8NNH+KfEZc1QbOgSZFvB9q8DjCn1HO2NMlru9FZ nDr2g1fwfHtVuy/bnq9Zmtj2i7VncaUCA3yGugwnDIqzCJrUfL/xkwti7rf2AJ2uAMYu cnVA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c8si5152358pgl.488.2021.10.12.12.02.51; Tue, 12 Oct 2021 12:03:05 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233658AbhJLTCf (ORCPT + 99 others); Tue, 12 Oct 2021 15:02:35 -0400 Received: from mail-ed1-f51.google.com ([209.85.208.51]:45805 "EHLO mail-ed1-f51.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231756AbhJLTCe (ORCPT ); Tue, 12 Oct 2021 15:02:34 -0400 Received: by mail-ed1-f51.google.com with SMTP id r18so87782edv.12; Tue, 12 Oct 2021 12:00:32 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=yc+DKOJfjStu6hJSmxsub9ya8Onyiq1AsqGptnT8sVs=; b=3Tme2rm12m4VU7m0zREjc4vl7s32Hp6iQ5kgA9uouw82RQUHnHwDV/QUzzDsxCIDRN 0aHDKm8ugJAl42vbYNNto0gcpNY4t16WS8njtFEe8QcG5E7vWoE2f2UcrQjVjtWKPrxH lBw7sJdaRsceafi+rey3Ao7SF/Rsm6/ydoBSk0B0H9kb5RWk/H4s9dduZWc9JU9FfHVs M0tQIrjDT1nRMYjv1A6UbUCvqKfZTKli9ZqOPGbF87V2VjHrsck+UlsjjVhNZmThA+GU Fm7wHQwKavnO49bVc1WyLY2zU+9g1U0l4oR3rwVfSBjy5EaVJSpse5+5/chkJOKwRKTP WG1w== X-Gm-Message-State: AOAM533vDQ/7XG6+uyn0QJN438fInKANhd5hz+uRcHJIGIy/jME/F2mX DDv1s4QuigOViXAVWC6yidD/VDtUkP4= X-Received: by 2002:a17:906:2cd5:: with SMTP id r21mr35456986ejr.435.1634065231608; Tue, 12 Oct 2021 12:00:31 -0700 (PDT) Received: from msft-t490s.teknoraver.net (net-2-34-36-22.cust.vodafonedsl.it. [2.34.36.22]) by smtp.gmail.com with ESMTPSA id g7sm4802965edu.48.2021.10.12.12.00.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 12 Oct 2021 12:00:31 -0700 (PDT) From: Matteo Croce To: bpf@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Arnaldo Carvalho de Melo , Luca Boccassi , "David S. Miller" Subject: [RFC bpf-next 0/2] bpf: sign bpf programs Date: Tue, 12 Oct 2021 21:00:26 +0200 Message-Id: <20211012190028.54828-1-mcroce@linux.microsoft.com> X-Mailer: git-send-email 2.33.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Matteo Croce Add a field in bpf_attr which contains a signature for the eBPF instructions. The signature is validated bpf_prog_load() in a similar way as kernel modules are checked in load_module(). This only works with CO-RE programs. The signature is generated by bpftool and embedded into the light skeleton along with the instructions. The bpftool crypto code is based on sign-file, supports the same interface, and is compiled only if libcrypto is available, to avoid potential breaks. Possible improvements: - Add a knob which makes the signature check mandatory, similarly to CONFIG_MODULE_SIG_FORCE - Add a dedicate key_being_used_for type instead of using VERIFYING_MODULE_SIGNATURE, e.g. VERIFYING_BPF_SIGNATURE This depends on the kernel side co-re relocation[1]. [1] https://lore.kernel.org/bpf/20210917215721.43491-1-alexei.starovoitov@gmail.com/ Matteo Croce (2): bpf: add signature to eBPF instructions bpftool: add signature in skeleton include/uapi/linux/bpf.h | 2 + kernel/bpf/syscall.c | 33 ++++- tools/bpf/bpftool/Makefile | 14 ++- tools/bpf/bpftool/gen.c | 33 +++++ tools/bpf/bpftool/main.c | 28 +++++ tools/bpf/bpftool/main.h | 7 ++ tools/bpf/bpftool/sign.c | 217 +++++++++++++++++++++++++++++++++ tools/include/uapi/linux/bpf.h | 2 + tools/lib/bpf/skel_internal.h | 4 + 9 files changed, 336 insertions(+), 4 deletions(-) create mode 100644 tools/bpf/bpftool/sign.c -- 2.33.0