From patchwork Tue Oct 12 19:00:26 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matteo Croce X-Patchwork-Id: 12553555 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4E5AEC433EF for ; Tue, 12 Oct 2021 19:00:34 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2DDA36054F for ; Tue, 12 Oct 2021 19:00:34 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231886AbhJLTCf (ORCPT ); Tue, 12 Oct 2021 15:02:35 -0400 Received: from mail-ed1-f51.google.com ([209.85.208.51]:45805 "EHLO mail-ed1-f51.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231756AbhJLTCe (ORCPT ); Tue, 12 Oct 2021 15:02:34 -0400 Received: by mail-ed1-f51.google.com with SMTP id r18so87782edv.12; Tue, 12 Oct 2021 12:00:32 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=yc+DKOJfjStu6hJSmxsub9ya8Onyiq1AsqGptnT8sVs=; b=3Tme2rm12m4VU7m0zREjc4vl7s32Hp6iQ5kgA9uouw82RQUHnHwDV/QUzzDsxCIDRN 0aHDKm8ugJAl42vbYNNto0gcpNY4t16WS8njtFEe8QcG5E7vWoE2f2UcrQjVjtWKPrxH lBw7sJdaRsceafi+rey3Ao7SF/Rsm6/ydoBSk0B0H9kb5RWk/H4s9dduZWc9JU9FfHVs M0tQIrjDT1nRMYjv1A6UbUCvqKfZTKli9ZqOPGbF87V2VjHrsck+UlsjjVhNZmThA+GU Fm7wHQwKavnO49bVc1WyLY2zU+9g1U0l4oR3rwVfSBjy5EaVJSpse5+5/chkJOKwRKTP WG1w== X-Gm-Message-State: AOAM533vDQ/7XG6+uyn0QJN438fInKANhd5hz+uRcHJIGIy/jME/F2mX DDv1s4QuigOViXAVWC6yidD/VDtUkP4= X-Google-Smtp-Source: ABdhPJxcL+iCKQcq8aA01Sv5oKhwFPxNNHUyMksG4dJcd1GiSzVcVQe9KNNMyqJYk96ETVrcMxmn6Q== X-Received: by 2002:a17:906:2cd5:: with SMTP id r21mr35456986ejr.435.1634065231608; Tue, 12 Oct 2021 12:00:31 -0700 (PDT) Received: from msft-t490s.teknoraver.net (net-2-34-36-22.cust.vodafonedsl.it. [2.34.36.22]) by smtp.gmail.com with ESMTPSA id g7sm4802965edu.48.2021.10.12.12.00.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 12 Oct 2021 12:00:31 -0700 (PDT) From: Matteo Croce To: bpf@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Arnaldo Carvalho de Melo , Luca Boccassi , "David S. Miller" Subject: [RFC bpf-next 0/2] bpf: sign bpf programs Date: Tue, 12 Oct 2021 21:00:26 +0200 Message-Id: <20211012190028.54828-1-mcroce@linux.microsoft.com> X-Mailer: git-send-email 2.33.0 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org X-Patchwork-Delegate: bpf@iogearbox.net X-Patchwork-State: RFC From: Matteo Croce Add a field in bpf_attr which contains a signature for the eBPF instructions. The signature is validated bpf_prog_load() in a similar way as kernel modules are checked in load_module(). This only works with CO-RE programs. The signature is generated by bpftool and embedded into the light skeleton along with the instructions. The bpftool crypto code is based on sign-file, supports the same interface, and is compiled only if libcrypto is available, to avoid potential breaks. Possible improvements: - Add a knob which makes the signature check mandatory, similarly to CONFIG_MODULE_SIG_FORCE - Add a dedicate key_being_used_for type instead of using VERIFYING_MODULE_SIGNATURE, e.g. VERIFYING_BPF_SIGNATURE This depends on the kernel side co-re relocation[1]. [1] https://lore.kernel.org/bpf/20210917215721.43491-1-alexei.starovoitov@gmail.com/ Matteo Croce (2): bpf: add signature to eBPF instructions bpftool: add signature in skeleton include/uapi/linux/bpf.h | 2 + kernel/bpf/syscall.c | 33 ++++- tools/bpf/bpftool/Makefile | 14 ++- tools/bpf/bpftool/gen.c | 33 +++++ tools/bpf/bpftool/main.c | 28 +++++ tools/bpf/bpftool/main.h | 7 ++ tools/bpf/bpftool/sign.c | 217 +++++++++++++++++++++++++++++++++ tools/include/uapi/linux/bpf.h | 2 + tools/lib/bpf/skel_internal.h | 4 + 9 files changed, 336 insertions(+), 4 deletions(-) create mode 100644 tools/bpf/bpftool/sign.c