Received: by 2002:a05:6a10:9afc:0:0:0:0 with SMTP id t28csp2252172pxm;
        Fri, 4 Mar 2022 12:22:05 -0800 (PST)
X-Google-Smtp-Source: ABdhPJzGz1w3fpxxOnWAPhQgebJjQqsfr62nfEj84GF7XS7+NYablCzyx8QB0pRWR20JfLnzt5zw
X-Received: by 2002:a63:1d4b:0:b0:37f:f10b:726f with SMTP id d11-20020a631d4b000000b0037ff10b726fmr120324pgm.562.1646425325705;
        Fri, 04 Mar 2022 12:22:05 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1646425325; cv=none;
        d=google.com; s=arc-20160816;
        b=g01jisIPQJrYzWFMGqK/4/AH6B1ELCtH0+0WWaVyTHMZcbnQ7amDHefYFFVovL0t3L
         r7n9mxKJ7nLfLoNYpZvaB5NoVTff0GXKoet3AQ31F6Gbc1ZzNEkeZH7JICYJKwMyz2Lo
         8hD5PxMEy8JMFyeuljJN4naD0DtXdPAQ5maM5c93ndVoO1gIv/GQllcZ4h+hazc6vefB
         727+xTxHcxCRDR7SGkjLTLPi3+PgzGNjzMH2gbrS6RxuEqaE/Xs7MSLdYDUizYT1/QL2
         yzH+E/jHwT52eO8lNBfXMMzUiBBnwqqsZemvYIEf+uu8f/NNxPFErgsDLyvhCP5wPrZY
         9mqQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=hyjhRPbC8PoyGPK2vPUfa6keKBWHXHhBVk1iPd78sYA=;
        b=YrY2MjDBNyiP9P28330p7iPMtPdssU3eLLFh3iDEahepHVPZuDr+RzQup57syGfyXq
         2eaYz99GMqul3AzL1N+rdHQvj4KQV0qwjyHC2UaDLLMdNw6bRSaQpeIQRIQvm2vmzw47
         AyImV0UFXBlus6XxAKCJ7zCAcnbMHnF4u2Mk7ZQBCjNxYwTobGtoM57P3sWCvkXGGRx3
         /Onw5GQeEmp46xdKY/NxTUM2QBVEvlIAz+aUZ4ZtBFufLyWaFKyOPNG9xe36XB5srEu9
         v0k7ISOoM7De3lAL0X4acQM++uiaMFOqN3TRK7eIDWaUHq7tN4hVpFNMtPgboznjx3Ue
         a+3Q==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=dPRqQ+AT;
       spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19])
        by mx.google.com with ESMTPS id n18-20020a170902f61200b001514a0303e2si5156051plg.464.2022.03.04.12.22.05
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 04 Mar 2022 12:22:05 -0800 (PST)
Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=dPRqQ+AT;
       spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by lindbergh.monkeyblade.net (Postfix) with ESMTP id 201272858B3;
	Fri,  4 Mar 2022 11:32:09 -0800 (PST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S241260AbiCDRg1 (ORCPT <rfc822;anothersharkwizard@gmail.com>
        + 99 others); Fri, 4 Mar 2022 12:36:27 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47922 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S241234AbiCDRgR (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 4 Mar 2022 12:36:17 -0500
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124])
        by lindbergh.monkeyblade.net (Postfix) with ESMTP id 483341D0D57
        for <linux-kernel@vger.kernel.org>; Fri,  4 Mar 2022 09:34:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
        s=mimecast20190719; t=1646415275;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=hyjhRPbC8PoyGPK2vPUfa6keKBWHXHhBVk1iPd78sYA=;
        b=dPRqQ+ATVS41bpcgFfZUeaP6RgpMJ2ponGSdOFEGe5KkTx5qx1mULRpvWfdDp4nn2GGDu0
        wRFmtw+de6hiRwolEQqcK9Wwb/pyXuGid+pxeqK2XVjm+Kziw8IdZGq8gUYTgt3kWR+dCE
        Q7SctIlU8XCObTi6sp2B2ftWnTOxyHE=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-640-SBCJqgcINg6uDPA-vRyA7w-1; Fri, 04 Mar 2022 12:34:29 -0500
X-MC-Unique: SBCJqgcINg6uDPA-vRyA7w-1
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 004E11006AAA;
        Fri,  4 Mar 2022 17:34:26 +0000 (UTC)
Received: from plouf.redhat.com (unknown [10.39.192.55])
        by smtp.corp.redhat.com (Postfix) with ESMTP id 9BCB286596;
        Fri,  4 Mar 2022 17:34:11 +0000 (UTC)
From:   Benjamin Tissoires <benjamin.tissoires@redhat.com>
To:     Greg KH <gregkh@linuxfoundation.org>,
        Jiri Kosina <jikos@kernel.org>,
        Alexei Starovoitov <ast@kernel.org>,
        Daniel Borkmann <daniel@iogearbox.net>,
        Andrii Nakryiko <andrii@kernel.org>,
        Martin KaFai Lau <kafai@fb.com>,
        Song Liu <songliubraving@fb.com>, Yonghong Song <yhs@fb.com>,
        John Fastabend <john.fastabend@gmail.com>,
        KP Singh <kpsingh@kernel.org>, Shuah Khan <shuah@kernel.org>,
        Dave Marchevsky <davemarchevsky@fb.com>,
        Joe Stringer <joe@cilium.io>
Cc:     Tero Kristo <tero.kristo@linux.intel.com>,
        linux-kernel@vger.kernel.org, linux-input@vger.kernel.org,
        netdev@vger.kernel.org, bpf@vger.kernel.org,
        linux-kselftest@vger.kernel.org,
        Benjamin Tissoires <benjamin.tissoires@redhat.com>
Subject: [PATCH bpf-next v2 22/28] bpf/verifier: prevent non GPL programs to be loaded against HID
Date:   Fri,  4 Mar 2022 18:28:46 +0100
Message-Id: <20220304172852.274126-23-benjamin.tissoires@redhat.com>
In-Reply-To: <20220304172852.274126-1-benjamin.tissoires@redhat.com>
References: <20220304172852.274126-1-benjamin.tissoires@redhat.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-Spam-Status: No, score=-2.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE
	autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
	lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

This is just to hammer the obvious because I suspect you can not already
load a bpf HID program which is not GPL because all of the useful
functions are GPL only.

Anyway, this ensures that users are not tempted to bypass this requirement
and will allow us to ship tested BPF programs in the kernel without having
to aorry about the license.

Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>

---

new in v2:
 - Note: I placed this statement in check_attach_btf_id() to be local to
   other similar checks (regarding LSM), however, I have no idea if this
   is the correct place. Please shout at me if it isn't.
---
 include/linux/bpf-hid.h |  8 ++++++++
 kernel/bpf/hid.c        | 12 ++++++++++++
 kernel/bpf/verifier.c   |  7 +++++++
 3 files changed, 27 insertions(+)

diff --git a/include/linux/bpf-hid.h b/include/linux/bpf-hid.h
index bd548f6a4a26..3da1d0ecb9be 100644
--- a/include/linux/bpf-hid.h
+++ b/include/linux/bpf-hid.h
@@ -2,6 +2,7 @@
 #ifndef _BPF_HID_H
 #define _BPF_HID_H
 
+#include <linux/bpf_verifier.h>
 #include <linux/mutex.h>
 #include <uapi/linux/bpf.h>
 #include <uapi/linux/bpf_hid.h>
@@ -71,6 +72,8 @@ int bpf_hid_prog_query(const union bpf_attr *attr,
 		       union bpf_attr __user *uattr);
 int bpf_hid_link_create(const union bpf_attr *attr,
 			struct bpf_prog *prog);
+int bpf_hid_verify_prog(struct bpf_verifier_log *vlog,
+			const struct bpf_prog *prog);
 #else
 static inline int bpf_hid_prog_query(const union bpf_attr *attr,
 				     union bpf_attr __user *uattr)
@@ -83,6 +86,11 @@ static inline int bpf_hid_link_create(const union bpf_attr *attr,
 {
 	return -EOPNOTSUPP;
 }
+static inline int bpf_hid_verify_prog(struct bpf_verifier_log *vlog,
+				      const struct bpf_prog *prog)
+{
+	return -EOPNOTSUPP;
+}
 #endif
 
 static inline bool bpf_hid_link_empty(struct bpf_hid *bpf,
diff --git a/kernel/bpf/hid.c b/kernel/bpf/hid.c
index 653d10c0f4e6..b3dc1cd37a3e 100644
--- a/kernel/bpf/hid.c
+++ b/kernel/bpf/hid.c
@@ -37,6 +37,18 @@ void bpf_hid_set_hooks(struct bpf_hid_hooks *hooks)
 }
 EXPORT_SYMBOL_GPL(bpf_hid_set_hooks);
 
+int bpf_hid_verify_prog(struct bpf_verifier_log *vlog,
+			const struct bpf_prog *prog)
+{
+	if (!prog->gpl_compatible) {
+		bpf_log(vlog,
+			"HID programs must have a GPL compatible license\n");
+		return -EINVAL;
+	}
+
+	return 0;
+}
+
 BPF_CALL_5(bpf_hid_get_data, void*, ctx, u64, offset, u32, n, void*, data, u64, size)
 {
 	struct hid_bpf_ctx *bpf_ctx = ctx;
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index a57db4b2803c..afec8fa1d674 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -21,6 +21,7 @@
 #include <linux/perf_event.h>
 #include <linux/ctype.h>
 #include <linux/error-injection.h>
+#include <linux/bpf-hid.h>
 #include <linux/bpf_lsm.h>
 #include <linux/btf_ids.h>
 
@@ -14235,6 +14236,12 @@ static int check_attach_btf_id(struct bpf_verifier_env *env)
 	if (prog->type == BPF_PROG_TYPE_STRUCT_OPS)
 		return check_struct_ops_btf_id(env);
 
+	if (prog->type == BPF_PROG_TYPE_HID) {
+		ret = bpf_hid_verify_prog(&env->log, prog);
+		if (ret < 0)
+			return ret;
+	}
+
 	if (prog->type != BPF_PROG_TYPE_TRACING &&
 	    prog->type != BPF_PROG_TYPE_LSM &&
 	    prog->type != BPF_PROG_TYPE_EXT)
-- 
2.35.1