diff mbox series

[bpf-next,v3,03/17] bpf/verifier: prevent non GPL programs to be loaded against HID

Message ID 20220318161528.1531164-4-benjamin.tissoires@redhat.com (mailing list archive)
State New
Headers show
Series Introduce eBPF support for HID devices | expand

Commit Message

Benjamin Tissoires March 18, 2022, 4:15 p.m. UTC
This is just to hammer the obvious because I suspect you can not already
load a bpf HID program which is not GPL because all of the useful
functions are GPL only.

Anyway, this ensures that users are not tempted to bypass this requirement
and will allow us to ship tested BPF programs in the kernel without having
to aorry about the license.

Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>

---

no changes in v3

new in v2:
 - Note: I placed this statement in check_attach_btf_id() to be local to
   other similar checks (regarding LSM), however, I have no idea if this
   is the correct place. Please shout at me if it isn't.
---
 include/linux/bpf-hid.h |  8 ++++++++
 kernel/bpf/hid.c        | 12 ++++++++++++
 kernel/bpf/verifier.c   |  7 +++++++
 3 files changed, 27 insertions(+)

Comments

Song Liu March 18, 2022, 8:51 p.m. UTC | #1
On Fri, Mar 18, 2022 at 9:16 AM Benjamin Tissoires
<benjamin.tissoires@redhat.com> wrote:
>
> This is just to hammer the obvious because I suspect you can not already
> load a bpf HID program which is not GPL because all of the useful
> functions are GPL only.
>
> Anyway, this ensures that users are not tempted to bypass this requirement
> and will allow us to ship tested BPF programs in the kernel without having
> to aorry about the license.
>
> Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>

Acked-by: Song Liu <songliubraving@fb.com>


>
> ---
>
> no changes in v3
>
> new in v2:
>  - Note: I placed this statement in check_attach_btf_id() to be local to
>    other similar checks (regarding LSM), however, I have no idea if this
>    is the correct place. Please shout at me if it isn't.
> ---
>  include/linux/bpf-hid.h |  8 ++++++++
>  kernel/bpf/hid.c        | 12 ++++++++++++
>  kernel/bpf/verifier.c   |  7 +++++++
>  3 files changed, 27 insertions(+)
>
> diff --git a/include/linux/bpf-hid.h b/include/linux/bpf-hid.h
> index 9c8dbd389995..7f596554fe8c 100644
> --- a/include/linux/bpf-hid.h
> +++ b/include/linux/bpf-hid.h
> @@ -2,6 +2,7 @@
>  #ifndef _BPF_HID_H
>  #define _BPF_HID_H
>
> +#include <linux/bpf_verifier.h>
>  #include <linux/mutex.h>
>  #include <uapi/linux/bpf.h>
>  #include <uapi/linux/bpf_hid.h>
> @@ -69,6 +70,8 @@ int bpf_hid_prog_query(const union bpf_attr *attr,
>                        union bpf_attr __user *uattr);
>  int bpf_hid_link_create(const union bpf_attr *attr,
>                         struct bpf_prog *prog);
> +int bpf_hid_verify_prog(struct bpf_verifier_log *vlog,
> +                       const struct bpf_prog *prog);
>  #else
>  static inline int bpf_hid_prog_query(const union bpf_attr *attr,
>                                      union bpf_attr __user *uattr)
> @@ -81,6 +84,11 @@ static inline int bpf_hid_link_create(const union bpf_attr *attr,
>  {
>         return -EOPNOTSUPP;
>  }
> +static inline int bpf_hid_verify_prog(struct bpf_verifier_log *vlog,
> +                                     const struct bpf_prog *prog)
> +{
> +       return -EOPNOTSUPP;
> +}
>  #endif
>
>  static inline bool bpf_hid_link_empty(struct bpf_hid *bpf,
> diff --git a/kernel/bpf/hid.c b/kernel/bpf/hid.c
> index c21dc05f6207..2dfeaaa8a83f 100644
> --- a/kernel/bpf/hid.c
> +++ b/kernel/bpf/hid.c
> @@ -34,6 +34,18 @@ void bpf_hid_set_hooks(struct bpf_hid_hooks *hooks)
>  }
>  EXPORT_SYMBOL_GPL(bpf_hid_set_hooks);
>
> +int bpf_hid_verify_prog(struct bpf_verifier_log *vlog,
> +                       const struct bpf_prog *prog)
> +{
> +       if (!prog->gpl_compatible) {
> +               bpf_log(vlog,
> +                       "HID programs must have a GPL compatible license\n");
> +               return -EINVAL;
> +       }
> +
> +       return 0;
> +}
> +
>  BPF_CALL_3(bpf_hid_get_data, struct hid_bpf_ctx_kern*, ctx, u64, offset, u64, size)
>  {
>         if (!size)
> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> index cf92f9c01556..da06d633fb8d 100644
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c
> @@ -21,6 +21,7 @@
>  #include <linux/perf_event.h>
>  #include <linux/ctype.h>
>  #include <linux/error-injection.h>
> +#include <linux/bpf-hid.h>
>  #include <linux/bpf_lsm.h>
>  #include <linux/btf_ids.h>
>
> @@ -14272,6 +14273,12 @@ static int check_attach_btf_id(struct bpf_verifier_env *env)
>         if (prog->type == BPF_PROG_TYPE_STRUCT_OPS)
>                 return check_struct_ops_btf_id(env);
>
> +       if (prog->type == BPF_PROG_TYPE_HID) {
> +               ret = bpf_hid_verify_prog(&env->log, prog);
> +               if (ret < 0)
> +                       return ret;
> +       }
> +
>         if (prog->type != BPF_PROG_TYPE_TRACING &&
>             prog->type != BPF_PROG_TYPE_LSM &&
>             prog->type != BPF_PROG_TYPE_EXT)
> --
> 2.35.1
>
diff mbox series

Patch

diff --git a/include/linux/bpf-hid.h b/include/linux/bpf-hid.h
index 9c8dbd389995..7f596554fe8c 100644
--- a/include/linux/bpf-hid.h
+++ b/include/linux/bpf-hid.h
@@ -2,6 +2,7 @@ 
 #ifndef _BPF_HID_H
 #define _BPF_HID_H
 
+#include <linux/bpf_verifier.h>
 #include <linux/mutex.h>
 #include <uapi/linux/bpf.h>
 #include <uapi/linux/bpf_hid.h>
@@ -69,6 +70,8 @@  int bpf_hid_prog_query(const union bpf_attr *attr,
 		       union bpf_attr __user *uattr);
 int bpf_hid_link_create(const union bpf_attr *attr,
 			struct bpf_prog *prog);
+int bpf_hid_verify_prog(struct bpf_verifier_log *vlog,
+			const struct bpf_prog *prog);
 #else
 static inline int bpf_hid_prog_query(const union bpf_attr *attr,
 				     union bpf_attr __user *uattr)
@@ -81,6 +84,11 @@  static inline int bpf_hid_link_create(const union bpf_attr *attr,
 {
 	return -EOPNOTSUPP;
 }
+static inline int bpf_hid_verify_prog(struct bpf_verifier_log *vlog,
+				      const struct bpf_prog *prog)
+{
+	return -EOPNOTSUPP;
+}
 #endif
 
 static inline bool bpf_hid_link_empty(struct bpf_hid *bpf,
diff --git a/kernel/bpf/hid.c b/kernel/bpf/hid.c
index c21dc05f6207..2dfeaaa8a83f 100644
--- a/kernel/bpf/hid.c
+++ b/kernel/bpf/hid.c
@@ -34,6 +34,18 @@  void bpf_hid_set_hooks(struct bpf_hid_hooks *hooks)
 }
 EXPORT_SYMBOL_GPL(bpf_hid_set_hooks);
 
+int bpf_hid_verify_prog(struct bpf_verifier_log *vlog,
+			const struct bpf_prog *prog)
+{
+	if (!prog->gpl_compatible) {
+		bpf_log(vlog,
+			"HID programs must have a GPL compatible license\n");
+		return -EINVAL;
+	}
+
+	return 0;
+}
+
 BPF_CALL_3(bpf_hid_get_data, struct hid_bpf_ctx_kern*, ctx, u64, offset, u64, size)
 {
 	if (!size)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index cf92f9c01556..da06d633fb8d 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -21,6 +21,7 @@ 
 #include <linux/perf_event.h>
 #include <linux/ctype.h>
 #include <linux/error-injection.h>
+#include <linux/bpf-hid.h>
 #include <linux/bpf_lsm.h>
 #include <linux/btf_ids.h>
 
@@ -14272,6 +14273,12 @@  static int check_attach_btf_id(struct bpf_verifier_env *env)
 	if (prog->type == BPF_PROG_TYPE_STRUCT_OPS)
 		return check_struct_ops_btf_id(env);
 
+	if (prog->type == BPF_PROG_TYPE_HID) {
+		ret = bpf_hid_verify_prog(&env->log, prog);
+		if (ret < 0)
+			return ret;
+	}
+
 	if (prog->type != BPF_PROG_TYPE_TRACING &&
 	    prog->type != BPF_PROG_TYPE_LSM &&
 	    prog->type != BPF_PROG_TYPE_EXT)