Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp3498968pxb; Mon, 4 Apr 2022 18:56:42 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwZdOFeSuLlPZPcJBV4rExWJgS9av0xfxnaf6qDGNFmx3Wi023G6GzpwIxTSc8TImE+Lx/o X-Received: by 2002:a17:902:ce8b:b0:154:42e2:924e with SMTP id f11-20020a170902ce8b00b0015442e2924emr1048621plg.138.1649123802394; Mon, 04 Apr 2022 18:56:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649123802; cv=none; d=google.com; s=arc-20160816; b=B8lGBGh3YKOAZO+6IzMbC3iFmktKQUhGYYQemLeYqFwwLCdO+GlG0WPrrjLWUgnWSl baui75eg4tAv6v+l512UnqYyl3Vi+F/JPAL8f0wM9xBUYXw8xPBErRK7pnlRHOyiDlJU BiYUzvqkkERqIvOOHEXPdFQyuBkbT4NEqC+dvgvyzVWuoaEdzTkPiFjh5SGaffPCCqPu HohV0710JmePaCHGuFHUDmCmL9cWsrsGMbdSYkAKG45Us3qgWztKIENbP+96d539Ka6X SAlKhO9PYMZAr3Utw/t6ywckB/Dny6R0tScErWidQ8GjOfzeP0rXGAg1tt4id6eChl6q Lu5w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=Tlai9C8cCZiFfKZnTMXZTtbcv2bOhWWExoRE23jJ3PQ=; b=vJA1hIENMys/UxaDYfruQjqD1thxFbMMW+xeW7hu4qmbT2yuLPgJ2htgeKmNtN+1i9 ZYYD+8gWo51+cxDKCj26KhLL6KdY7OCrneMeDchfNtBtriGLBn0il3tugxAegsg8HmhX Rkwb/LP8P3dfkny3Q8dEztKNGZLL+rYXOkekl7V4fJEUuOhJvsn99FRB0T2Kip5zn5X+ RIzoS+IoZEtaXW8JpgC3Qx3IHnRPGm8kUho1TlGFb5v3jTCI6x/jy7N1xrTCu95xH+H+ 48rAgZpPAFxp5CGajhBNouaQPVeOzfcnLV72DCeaOhHFypcnij0YlN+U5yBgMgBtS6j3 HitA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=hnpZqkQv; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id j1-20020a170902690100b00153b2d16426si10100176plk.46.2022.04.04.18.56.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Apr 2022 18:56:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=hnpZqkQv; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from out1.vger.email (out1.vger.email [IPv6:2620:137:e000::1:20]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 5E41D327127; Mon, 4 Apr 2022 18:00:59 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1377786AbiDDHrZ (ORCPT + 99 others); Mon, 4 Apr 2022 03:47:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37316 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1353876AbiDDHrX (ORCPT ); Mon, 4 Apr 2022 03:47:23 -0400 Received: from mail-ed1-x52b.google.com (mail-ed1-x52b.google.com [IPv6:2a00:1450:4864:20::52b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6F2223B014; Mon, 4 Apr 2022 00:45:27 -0700 (PDT) Received: by mail-ed1-x52b.google.com with SMTP id f18so4902612edc.5; Mon, 04 Apr 2022 00:45:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Tlai9C8cCZiFfKZnTMXZTtbcv2bOhWWExoRE23jJ3PQ=; b=hnpZqkQvRmhcgBpVq1K7rI1j3GvBGkZU/uMd3O9XQIvlRWmpAJ2xY9AdPT9g4u3G+A P7lEhSmfAdelj8ntCpmVIrCXpgVb/lguNVtMkyfAVq8btERTg+bgi7ZDBwKqJydzyvHE Y2qfyNt09y62V9e5Ouh5e5pKEC/gUUZc5b8W9ti8xscMHRMXyl/olrhO5ZlNyKfQrEZq Y/A0VvvlA0cR1O5pCB1k3dJUbPWEIHrUwNA/TqaAeN03DUwjmKKg+cRDsxls+RSL0bEy 7aYIkTUGW7LgBiFNcNAPPU38W7jJq4lJZlBg/O7ztgO0XNlbCYMFvZtEeV74dvMrlXJt ynMA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Tlai9C8cCZiFfKZnTMXZTtbcv2bOhWWExoRE23jJ3PQ=; b=DsW58/rgbf/tzW7ik879+qiq6eowzupckGfP2t03DVJMQuB8yHWeRMM++I5IG3a2C1 Xl98NLGEbGoB1CkM/c72rQkn5jEfGet4F/HeK43T/neOkR3b8kZiMIMeFVja3FZzyAkq L04WSDVMj0CMFGVvuP7ST1OLW0kSFqzMioQ1KD2mGwP5sRai6K0pkV6kanrg6eM+dTez YN4fOCRgXK/Y9Mg8NBvF4u90U1LJmaJwzuJlraPDq4COdmprNuXeWONK5GREeNWT6OSd DdVePLh24k5Rtzu5U5c48NtIu1fsNs48HlrfKc6ybI2dhV4lJRtWjtJkOVMbpbwslYFG VYNQ== X-Gm-Message-State: AOAM531Ng2kBrvzReepCWMVC1Y2FjsJUs22z3FhknmueVZ31Xu06jXjA 4g7BPurIQfXse1H5iDfrknEAS1n/p1AqDgzLoPc= X-Received: by 2002:aa7:c98c:0:b0:41c:bfbd:380 with SMTP id c12-20020aa7c98c000000b0041cbfbd0380mr6001495edt.313.1649058325913; Mon, 04 Apr 2022 00:45:25 -0700 (PDT) MIME-Version: 1.0 References: <20220328175033.2437312-1-roberto.sassu@huawei.com> <20220331022727.ybj4rui4raxmsdpu@MBP-98dd607d3435.dhcp.thefacebook.com> <20220401235537.mwziwuo4n53m5cxp@MBP-98dd607d3435.dhcp.thefacebook.com> In-Reply-To: From: Djalal Harouni Date: Mon, 4 Apr 2022 09:44:59 +0200 Message-ID: Subject: Re: [PATCH 00/18] bpf: Secure and authenticated preloading of eBPF programs To: KP Singh Cc: Alexei Starovoitov , Roberto Sassu , "corbet@lwn.net" , "viro@zeniv.linux.org.uk" , "ast@kernel.org" , "daniel@iogearbox.net" , "andrii@kernel.org" , "shuah@kernel.org" , "mcoquelin.stm32@gmail.com" , "alexandre.torgue@foss.st.com" , "zohar@linux.ibm.com" , "linux-doc@vger.kernel.org" , "linux-fsdevel@vger.kernel.org" , "netdev@vger.kernel.org" , "bpf@vger.kernel.org" , "linux-kselftest@vger.kernel.org" , "linux-stm32@st-md-mailman.stormreply.com" , "linux-arm-kernel@lists.infradead.org" , "linux-integrity@vger.kernel.org" , "linux-security-module@vger.kernel.org" , "linux-kernel@vger.kernel.org" Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RDNS_NONE, SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Apr 3, 2022 at 5:42 PM KP Singh wrote: > > On Sat, Apr 2, 2022 at 1:55 AM Alexei Starovoitov > wrote: ... > > > > > Pinning > > > them to unreachable inodes intuitively looked the > > > way to go for achieving the stated goal. > > > > We can consider inodes in bpffs that are not unlinkable by root > > in the future, but certainly not for this use case. > > Can this not be already done by adding a BPF_LSM program to the > inode_unlink LSM hook? > Also, beside of the inode_unlink... and out of curiosity: making sysfs/bpffs/ readonly after pinning, then using bpf LSM hooks sb_mount|remount|unmount... family combining bpf() LSM hook... isn't this enough to: 1. Restrict who can pin to bpffs without using a full MAC 2. Restrict who can delete or unmount bpf filesystem ? -- https://djalal.opendz.org/