mbox series

[RFC,bpf-next,0/2] bpf: sign bpf programs

Message ID 20211012190028.54828-1-mcroce@linux.microsoft.com (mailing list archive)
Headers show
Series bpf: sign bpf programs | expand

Message

Matteo Croce Oct. 12, 2021, 7 p.m. UTC 
From: Matteo Croce <mcroce@microsoft.com>

Add a field in bpf_attr which contains a signature for the eBPF instructions.
The signature is validated bpf_prog_load() in a similar way as kernel modules
are checked in load_module().

This only works with CO-RE programs.
The signature is generated by bpftool and embedded into the light skeleton
along with the instructions.
The bpftool crypto code is based on sign-file, supports the same interface,
and is compiled only if libcrypto is available, to avoid potential breaks.

Possible improvements:
- Add a knob which makes the signature check mandatory,
  similarly to CONFIG_MODULE_SIG_FORCE
- Add a dedicate key_being_used_for type instead of using
  VERIFYING_MODULE_SIGNATURE, e.g. VERIFYING_BPF_SIGNATURE

This depends on the kernel side co-re relocation[1].

[1] https://lore.kernel.org/bpf/20210917215721.43491-1-alexei.starovoitov@gmail.com/

Matteo Croce (2):
  bpf: add signature to eBPF instructions
  bpftool: add signature in skeleton

 include/uapi/linux/bpf.h       |   2 +
 kernel/bpf/syscall.c           |  33 ++++-
 tools/bpf/bpftool/Makefile     |  14 ++-
 tools/bpf/bpftool/gen.c        |  33 +++++
 tools/bpf/bpftool/main.c       |  28 +++++
 tools/bpf/bpftool/main.h       |   7 ++
 tools/bpf/bpftool/sign.c       | 217 +++++++++++++++++++++++++++++++++
 tools/include/uapi/linux/bpf.h |   2 +
 tools/lib/bpf/skel_internal.h  |   4 +
 9 files changed, 336 insertions(+), 4 deletions(-)
 create mode 100644 tools/bpf/bpftool/sign.c