@@ -1222,6 +1222,10 @@ enum bpf_dynptr_type {
int bpf_dynptr_check_size(u32 size);
u32 __bpf_dynptr_size(const struct bpf_dynptr_kern *ptr);
+void *bpf_dynptr_slice(const struct bpf_dynptr_kern *ptr, u32 offset,
+ void *buffer__opt, u32 buffer__szk);
+void *bpf_dynptr_slice_rdwr(const struct bpf_dynptr_kern *ptr, u32 offset,
+ void *buffer__opt, u32 buffer__szk);
#ifdef CONFIG_BPF_JIT
int bpf_trampoline_link_prog(struct bpf_tramp_link *link, struct bpf_trampoline *tr);
@@ -1378,6 +1378,7 @@ __bpf_kfunc int bpf_verify_pkcs7_signature(struct bpf_dynptr_kern *data_ptr,
struct bpf_dynptr_kern *sig_ptr,
struct bpf_key *trusted_keyring)
{
+ void *data, *sig;
int ret;
if (trusted_keyring->has_ref) {
@@ -1394,10 +1395,16 @@ __bpf_kfunc int bpf_verify_pkcs7_signature(struct bpf_dynptr_kern *data_ptr,
return ret;
}
- return verify_pkcs7_signature(data_ptr->data,
- __bpf_dynptr_size(data_ptr),
- sig_ptr->data,
- __bpf_dynptr_size(sig_ptr),
+ data = bpf_dynptr_slice(data_ptr, 0, NULL, 0);
+ if (IS_ERR_OR_NULL(data))
+ return PTR_ERR(data);
+
+ sig = bpf_dynptr_slice(sig_ptr, 0, NULL, 0);
+ if (IS_ERR_OR_NULL(sig))
+ return PTR_ERR(sig);
+
+ return verify_pkcs7_signature(data, __bpf_dynptr_size(data_ptr),
+ sig, __bpf_dynptr_size(sig_ptr),
trusted_keyring->key,
VERIFYING_UNSPECIFIED_SIGNATURE, NULL,
NULL);
These kfuncs can be used to access the dynptr data. Expose them in bpf.h and use bpf_dynptr_slice in bpf_verify_pkcs7_signature. Signed-off-by: Song Liu <song@kernel.org> --- include/linux/bpf.h | 4 ++++ kernel/trace/bpf_trace.c | 15 +++++++++++---- 2 files changed, 15 insertions(+), 4 deletions(-)