On Tue, Feb 11, 2020 at 1:38 PM Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx> wrote: > > On Tue, Feb 11, 2020 at 09:33:49PM +0100, Jann Horn wrote: > > > > > > Got it. Then let's whitelist them ? > > > All error injection points are marked with ALLOW_ERROR_INJECTION(). > > > We can do something similar here, but let's do it via BTF and avoid > > > abusing yet another elf section for this mark. > > > I think BTF_TYPE_EMIT() should work. Just need to pick explicit enough > > > name and extensive comment about what is going on. > > > > Sounds reasonable to me. :) > > awesome :) Looks like the kernel already provides this whitelisting. $ bpftool btf dump file /sys/kernel/btf/vmlinux |grep FUNC|grep '\<security_' gives the list of all LSM hooks that lsm-bpf will be able to attach to. There are two exceptions there security_add_hooks() and security_init(). Both are '__init'. Too late for lsm-bpf to touch. So filtering BTF funcs by 'security_' prefix will be enough. It should be documented though. The number of attachable funcs depends on kconfig which is a nice property and further strengthen the point that lsm-bpf is very much kernel specific. We probably should blacklist security_bpf*() hooks though. Otherwise inception fans will have a field day. Disallowing bpf with bpf :)
