Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp2179087pxp; Mon, 21 Mar 2022 13:10:04 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwPCiE2EIubDEAGn/7M4JC5klankNWVbFeS1HxNiiYINVVtLTQNqidvxsjrxpO/1CO5CQND X-Received: by 2002:a17:907:7f94:b0:6da:64ec:fabc with SMTP id qk20-20020a1709077f9400b006da64ecfabcmr23031767ejc.717.1647893403918; Mon, 21 Mar 2022 13:10:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1647893403; cv=none; d=google.com; s=arc-20160816; b=0bKdB4UDJZ54dgvpXMho63GlhwlCFOBZ7DZwl14lI5BTKw3tQwGPlWXlNwJjlbmktk i1V3eXov8EINEsVCBW9dLDV34BadKv4fXLrbQ7vQk1rUdaAo/3b+iHnYN7ck8310D4j6 5r7UMWCf+v8C6GSUrIDTIpoBQT8UqD4UtugUDlzCOzwKr8SDBiDmutlP0z3LHYw4QGSk h7HeY2jNIsVDIcKpQ/WuB8oJI1AeWLmMIcIjU/WLe9GsRRcyeH2DfnrB/wdhV/ORW2KH GXlVd+E6MufXOwv9ktqkQzgIBVM+kgI9VpQs8MvYxliFUYbcpRNijbsuDTD6/m3cNbw+ VdnA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=Y5Ujk9jqSc7FjSQ5JkFtzKrLVOuj6hEPB9FGrSaoeoM=; b=fW68axitb1eR/6YLnktx3dAIjCrfZsEyRwTpJVjcrDquL6ggMO07+HRUdyxVSaWp3y 9CkCRvPZVTnsVlRndAJh732YNcpOR6wDCPYaXMU1TtBTQRGlYIdsOYfQ2dHSVwz6W4wJ H4pLhgRJsno5Sa860ay/kS+huiayH/XQdc+oD7avoIoD/LliQ/bbeb8tmDpd6+T2TSSw vIhlv9Ebdyt6H+wHmjwON0smsfR7TSy3Y4So79WcuYZVhODqS63kiJZG8s0iErstjrGo 24to0/FckWiZgwsJJsCcqLWnDzbfZ/J1JTW2+qLYMcpt5PL5nYUdHLaRZSYo8lgbZ8pS Rx9g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="tonB/N6V"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 2-20020a170906014200b006df889bdb15si8000346ejh.310.2022.03.21.13.09.37; Mon, 21 Mar 2022 13:10:03 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="tonB/N6V"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239869AbiCRUwq (ORCPT + 99 others); Fri, 18 Mar 2022 16:52:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40160 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240855AbiCRUwo (ORCPT ); Fri, 18 Mar 2022 16:52:44 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5F18A1162A7; Fri, 18 Mar 2022 13:51:23 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id EE6D160C0D; Fri, 18 Mar 2022 20:51:22 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 54A3AC36AED; Fri, 18 Mar 2022 20:51:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1647636682; bh=+NTtQb4p/kuYp+V4YKsTlmDKNgCo9xfxoasrL2qS+WY=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=tonB/N6VpNML0FUXFIKgIKd93Z5sx16IMrid6XS6lXScCx2xUCYRh0S1UuBQqlV2Y oY41QgJ7IFIrwtacaKQc4nJhNSNdWrMLQxo7QvLF1eQTQnb+uz4vWb5h6sc5t8m7Sp af1CcPyBDGjTHzRBm4lwxyp8oVzUXZpzLHMyYy1lugCwssW+kvcwrMBIYZ/2tLFBel JzqqR7QPYVHNjoIMUKNPpTvZdVHHdGyQHO7bWM90aOmV/GMxihSn2mtqnjBG2ONCLb LIr8k00tW1RAXdaBkGtpAyKFeYI/EGo6ZDJtg9BqdWiMTO8gvZ0K5sdhp00M48m2vw 5omyPQKseaRyg== Received: by mail-yw1-f179.google.com with SMTP id 00721157ae682-2e592e700acso103521077b3.5; Fri, 18 Mar 2022 13:51:22 -0700 (PDT) X-Gm-Message-State: AOAM531+bGI9tQW83Lb+tIN1Aru13n7QzqbDquVgX9eaMAiiAgQOgfWF akXZuqfZlZ6qp51mpRETNeij3UDanLkLCU6cg2o= X-Received: by 2002:a81:79d5:0:b0:2e5:9d33:82ab with SMTP id u204-20020a8179d5000000b002e59d3382abmr13272599ywc.460.1647636681268; Fri, 18 Mar 2022 13:51:21 -0700 (PDT) MIME-Version: 1.0 References: <20220318161528.1531164-1-benjamin.tissoires@redhat.com> <20220318161528.1531164-4-benjamin.tissoires@redhat.com> In-Reply-To: <20220318161528.1531164-4-benjamin.tissoires@redhat.com> From: Song Liu Date: Fri, 18 Mar 2022 13:51:10 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH bpf-next v3 03/17] bpf/verifier: prevent non GPL programs to be loaded against HID To: Benjamin Tissoires Cc: Greg KH , Jiri Kosina , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Shuah Khan , Dave Marchevsky , Joe Stringer , Jonathan Corbet , Tero Kristo , open list , "open list:HID CORE LAYER" , Networking , bpf , linux-kselftest@vger.kernel.org, Linux Doc Mailing List Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-8.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Mar 18, 2022 at 9:16 AM Benjamin Tissoires wrote: > > This is just to hammer the obvious because I suspect you can not already > load a bpf HID program which is not GPL because all of the useful > functions are GPL only. > > Anyway, this ensures that users are not tempted to bypass this requirement > and will allow us to ship tested BPF programs in the kernel without having > to aorry about the license. > > Signed-off-by: Benjamin Tissoires Acked-by: Song Liu > > --- > > no changes in v3 > > new in v2: > - Note: I placed this statement in check_attach_btf_id() to be local to > other similar checks (regarding LSM), however, I have no idea if this > is the correct place. Please shout at me if it isn't. > --- > include/linux/bpf-hid.h | 8 ++++++++ > kernel/bpf/hid.c | 12 ++++++++++++ > kernel/bpf/verifier.c | 7 +++++++ > 3 files changed, 27 insertions(+) > > diff --git a/include/linux/bpf-hid.h b/include/linux/bpf-hid.h > index 9c8dbd389995..7f596554fe8c 100644 > --- a/include/linux/bpf-hid.h > +++ b/include/linux/bpf-hid.h > @@ -2,6 +2,7 @@ > #ifndef _BPF_HID_H > #define _BPF_HID_H > > +#include > #include > #include > #include > @@ -69,6 +70,8 @@ int bpf_hid_prog_query(const union bpf_attr *attr, > union bpf_attr __user *uattr); > int bpf_hid_link_create(const union bpf_attr *attr, > struct bpf_prog *prog); > +int bpf_hid_verify_prog(struct bpf_verifier_log *vlog, > + const struct bpf_prog *prog); > #else > static inline int bpf_hid_prog_query(const union bpf_attr *attr, > union bpf_attr __user *uattr) > @@ -81,6 +84,11 @@ static inline int bpf_hid_link_create(const union bpf_attr *attr, > { > return -EOPNOTSUPP; > } > +static inline int bpf_hid_verify_prog(struct bpf_verifier_log *vlog, > + const struct bpf_prog *prog) > +{ > + return -EOPNOTSUPP; > +} > #endif > > static inline bool bpf_hid_link_empty(struct bpf_hid *bpf, > diff --git a/kernel/bpf/hid.c b/kernel/bpf/hid.c > index c21dc05f6207..2dfeaaa8a83f 100644 > --- a/kernel/bpf/hid.c > +++ b/kernel/bpf/hid.c > @@ -34,6 +34,18 @@ void bpf_hid_set_hooks(struct bpf_hid_hooks *hooks) > } > EXPORT_SYMBOL_GPL(bpf_hid_set_hooks); > > +int bpf_hid_verify_prog(struct bpf_verifier_log *vlog, > + const struct bpf_prog *prog) > +{ > + if (!prog->gpl_compatible) { > + bpf_log(vlog, > + "HID programs must have a GPL compatible license\n"); > + return -EINVAL; > + } > + > + return 0; > +} > + > BPF_CALL_3(bpf_hid_get_data, struct hid_bpf_ctx_kern*, ctx, u64, offset, u64, size) > { > if (!size) > diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c > index cf92f9c01556..da06d633fb8d 100644 > --- a/kernel/bpf/verifier.c > +++ b/kernel/bpf/verifier.c > @@ -21,6 +21,7 @@ > #include > #include > #include > +#include > #include > #include > > @@ -14272,6 +14273,12 @@ static int check_attach_btf_id(struct bpf_verifier_env *env) > if (prog->type == BPF_PROG_TYPE_STRUCT_OPS) > return check_struct_ops_btf_id(env); > > + if (prog->type == BPF_PROG_TYPE_HID) { > + ret = bpf_hid_verify_prog(&env->log, prog); > + if (ret < 0) > + return ret; > + } > + > if (prog->type != BPF_PROG_TYPE_TRACING && > prog->type != BPF_PROG_TYPE_LSM && > prog->type != BPF_PROG_TYPE_EXT) > -- > 2.35.1 >