Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

security: Propagate universal pointer data in bpf hooks #8560

Open
wants to merge 1 commit into
base: bpf-next_base
Choose a base branch
from
Open

security: Propagate universal pointer data in bpf hooks #8560

wants to merge 1 commit into from

Conversation

kernel-patches-daemon-bpf[bot]
Copy link

Pull request for series with
subject: security: Propagate universal pointer data in bpf hooks
version: 1
url: https://patchwork.kernel.org/project/netdevbpf/list/?series=937779

@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: 1ffe30e
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=937779
version: 1

@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: 4e4136c
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=937779
version: 1

@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: 9138048
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=937779
version: 1

@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: b123480
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=937779
version: 1

@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: 4580f4e
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=937779
version: 1

@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: 0ba0ef0
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=937779
version: 1

@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: fc3ab17
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=937779
version: 1

security: Propagate universal pointer data in bpf hooks
c7e6d13 
Certain bpf syscall subcommands are available for usage from both
userspace and the kernel. LSM modules or eBPF gatekeeper programs may
need to take a different course of action depending on whether or not
a BPF syscall originated from the kernel or userspace.

Additionally, some of the bpf_attr struct fields contain pointers to
arbitrary memory. Currently the functionality to determine whether or
not a pointer refers to kernel memory or userspace memory is exposed
to the bpf verifier, but that information is missing from various LSM
hooks.

Here we augment the LSM hooks to provide this data, by simply passing
the corresponding universal pointer in any hook that contains already
contains a bpf_attr struct that corresponds to a subcommand that may
be called from the kernel.

Signed-off-by: Blaise Boscaccy <bboscaccy@linux.microsoft.com>
@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: 43d9d43
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=937779
version: 1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bpf-next new V1-ci-pass V1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants