From patchwork Tue Sep 10 11:55:15 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: KP Singh X-Patchwork-Id: 11139277 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E60921599 for ; Tue, 10 Sep 2019 11:56:28 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id BA70921019 for ; Tue, 10 Sep 2019 11:56:28 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="QS51rrwY" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731914AbfIJL41 (ORCPT ); Tue, 10 Sep 2019 07:56:27 -0400 Received: from mail-wr1-f49.google.com ([209.85.221.49]:43795 "EHLO mail-wr1-f49.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730857AbfIJL41 (ORCPT ); Tue, 10 Sep 2019 07:56:27 -0400 Received: by mail-wr1-f49.google.com with SMTP id q17so14902955wrx.10 for ; Tue, 10 Sep 2019 04:56:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=pLJjYP1MYZ5Grpv+ShfvxxQJ0LT2gSMMnI/wBw8xz3g=; b=QS51rrwYwcJoe4+24GwRHHVMqMeXsTE54fUIhjbc1X5Gq+NzXDwJcWkAXLRxS9ugwb 5G9duwPv6NvZLbkHCIcwMVnQu+QBrhWm4wDKo8Yoi/h56zMNzs2cJlaBCap8e+1kN7OP XDz4S4i2wY8VH/8IVCJXFYsFFcDETEnqXoZtM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=pLJjYP1MYZ5Grpv+ShfvxxQJ0LT2gSMMnI/wBw8xz3g=; b=lN0LOEKT2KYE2XeqvYroXCpzPdKoxujfeLjYXoLvm28ZFwdVjm7LEptecPXh7Lb2VP S/nScsgVGVgFEhdh2Bb6GpbjxhCSU2BUByoLf7xBEcHk/uLyVM6cxwgK4A5gAgqw+VDJ cYOsbJiGj2QDgsu2Q4f1mr7wreSnDKzftb7bYGn0jj0cyDlKrhqiTndDlRBkiW0yq1Zn 3zbZWic0KX/3Bva1nUZMfIirvr0PAdYWxTMwmgppsIDILJSdKOCf9ouUVRj7VnYEkgWC UV3AoSa93mJZhGuj/iTyGGuqWEijnenoHPZ+NybrtM7SDTYkM6o+TyhfFK4IPBxoEf3B Osew== X-Gm-Message-State: APjAAAX32BOfobKm0A1StTkZ3QTXVAD2wNNmt1PfllLq31nLxDtjW2dL hHKQTWGdi29Z6OGP9xLPCnEQsg== X-Google-Smtp-Source: APXvYqwOG047syseWRc2VMwNZUDgQPGtjwe5XxRakqNhR8trEgOBjooO3kdOK7zJI821xK6j9IV5bw== X-Received: by 2002:a5d:4745:: with SMTP id o5mr22298390wrs.125.1568116585087; Tue, 10 Sep 2019 04:56:25 -0700 (PDT) Received: from kpsingh-kernel.c.hoisthospitality.com (110.8.30.213.rev.vodafone.pt. [213.30.8.110]) by smtp.gmail.com with ESMTPSA id q19sm23732935wra.89.2019.09.10.04.56.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Sep 2019 04:56:24 -0700 (PDT) From: KP Singh To: linux-kernel@vger.kernel.org, bpf@vger.kernel.org, linux-security-module@vger.kernel.org Cc: Alexei Starovoitov , Daniel Borkmann , James Morris , Kees Cook , Thomas Garnier , Michael Halcrow , Paul Turner , Brendan Gregg , Jann Horn , Matthew Garrett , Christian Brauner , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , Florent Revest , Martin KaFai Lau , Song Liu , Yonghong Song , "Serge E. Hallyn" , Mauro Carvalho Chehab , "David S. Miller" , Greg Kroah-Hartman , Nicolas Ferre , Stanislav Fomichev , Quentin Monnet , Andrey Ignatov , Joe Stringer Subject: [RFC v1 02/14] krsi: Introduce types for KRSI eBPF Date: Tue, 10 Sep 2019 13:55:15 +0200 Message-Id: <20190910115527.5235-3-kpsingh@chromium.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190910115527.5235-1-kpsingh@chromium.org> References: <20190910115527.5235-1-kpsingh@chromium.org> MIME-Version: 1.0 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: From: KP Singh KRSI intrdocues a new eBPF program type BPF_PROG_TYPE_KRSI with an expected attach type of BPF_KRSI. An -EINVAL error is returned if an attachment is requested. Signed-off-by: KP Singh --- include/linux/bpf_types.h | 3 +++ include/uapi/linux/bpf.h | 2 ++ kernel/bpf/syscall.c | 6 ++++++ security/krsi/Makefile | 2 +- security/krsi/ops.c | 10 ++++++++++ 5 files changed, 22 insertions(+), 1 deletion(-) create mode 100644 security/krsi/ops.c diff --git a/include/linux/bpf_types.h b/include/linux/bpf_types.h index eec5aeeeaf92..129594c09b5c 100644 --- a/include/linux/bpf_types.h +++ b/include/linux/bpf_types.h @@ -38,6 +38,9 @@ BPF_PROG_TYPE(BPF_PROG_TYPE_LIRC_MODE2, lirc_mode2) #ifdef CONFIG_INET BPF_PROG_TYPE(BPF_PROG_TYPE_SK_REUSEPORT, sk_reuseport) #endif +#ifdef CONFIG_SECURITY_KRSI +BPF_PROG_TYPE(BPF_PROG_TYPE_KRSI, krsi) +#endif BPF_MAP_TYPE(BPF_MAP_TYPE_ARRAY, array_map_ops) BPF_MAP_TYPE(BPF_MAP_TYPE_PERCPU_ARRAY, percpu_array_map_ops) diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h index a5aa7d3ac6a1..32ab38f1a2fe 100644 --- a/include/uapi/linux/bpf.h +++ b/include/uapi/linux/bpf.h @@ -171,6 +171,7 @@ enum bpf_prog_type { BPF_PROG_TYPE_CGROUP_SYSCTL, BPF_PROG_TYPE_RAW_TRACEPOINT_WRITABLE, BPF_PROG_TYPE_CGROUP_SOCKOPT, + BPF_PROG_TYPE_KRSI, }; enum bpf_attach_type { @@ -197,6 +198,7 @@ enum bpf_attach_type { BPF_CGROUP_UDP6_RECVMSG, BPF_CGROUP_GETSOCKOPT, BPF_CGROUP_SETSOCKOPT, + BPF_KRSI, __MAX_BPF_ATTACH_TYPE }; diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c index 5d141f16f6fa..f38a539f7e67 100644 --- a/kernel/bpf/syscall.c +++ b/kernel/bpf/syscall.c @@ -1915,6 +1915,9 @@ static int bpf_prog_attach(const union bpf_attr *attr) case BPF_LIRC_MODE2: ptype = BPF_PROG_TYPE_LIRC_MODE2; break; + case BPF_KRSI: + ptype = BPF_PROG_TYPE_KRSI; + break; case BPF_FLOW_DISSECTOR: ptype = BPF_PROG_TYPE_FLOW_DISSECTOR; break; @@ -1946,6 +1949,9 @@ static int bpf_prog_attach(const union bpf_attr *attr) case BPF_PROG_TYPE_LIRC_MODE2: ret = lirc_prog_attach(attr, prog); break; + case BPF_PROG_TYPE_KRSI: + ret = -EINVAL; + break; case BPF_PROG_TYPE_FLOW_DISSECTOR: ret = skb_flow_dissector_bpf_prog_attach(attr, prog); break; diff --git a/security/krsi/Makefile b/security/krsi/Makefile index 73320e8d16f8..660cc1f422fd 100644 --- a/security/krsi/Makefile +++ b/security/krsi/Makefile @@ -1 +1 @@ -obj-$(CONFIG_SECURITY_KRSI) := krsi.o +obj-$(CONFIG_SECURITY_KRSI) := krsi.o ops.o diff --git a/security/krsi/ops.c b/security/krsi/ops.c new file mode 100644 index 000000000000..f2de3bd9621e --- /dev/null +++ b/security/krsi/ops.c @@ -0,0 +1,10 @@ +// SPDX-License-Identifier: GPL-2.0 + +#include +#include + +const struct bpf_prog_ops krsi_prog_ops = { +}; + +const struct bpf_verifier_ops krsi_verifier_ops = { +};