On 3/23/20 9:44 AM, KP Singh wrote:
From: KP Singh <kpsingh@xxxxxxxxxx>
JITed BPF programs are dynamically attached to the LSM hooks
using BPF trampolines. The trampoline prologue generates code to handle
conversion of the signature of the hook to the appropriate BPF context.
The allocated trampoline programs are attached to the nop functions
initialized as LSM hooks.
BPF_PROG_TYPE_LSM programs must have a GPL compatible license and
and need CAP_SYS_ADMIN (required for loading eBPF programs).
Upon attachment:
* A BPF fexit trampoline is used for LSM hooks with a void return type.
* A BPF fmod_ret trampoline is used for LSM hooks which return an
int. The attached programs can override the return value of the
bpf LSM hook to indicate a MAC Policy decision.
Signed-off-by: KP Singh <kpsingh@xxxxxxxxxx>
Reviewed-by: Brendan Jackman <jackmanb@xxxxxxxxxx>
Reviewed-by: Florent Revest <revest@xxxxxxxxxx>
---
include/linux/bpf.h | 4 ++++
include/linux/bpf_lsm.h | 11 +++++++++++
kernel/bpf/bpf_lsm.c | 29 +++++++++++++++++++++++++++++
kernel/bpf/btf.c | 9 ++++++++-
kernel/bpf/syscall.c | 26 ++++++++++++++++++++++----
kernel/bpf/trampoline.c | 17 +++++++++++++----
kernel/bpf/verifier.c | 19 +++++++++++++++----
7 files changed, 102 insertions(+), 13 deletions(-)
diff --git a/include/linux/bpf.h b/include/linux/bpf.h
index af81ec7b783c..adf2e5a6de4b 100644
--- a/include/linux/bpf.h
+++ b/include/linux/bpf.h
@@ -433,6 +433,10 @@ struct btf_func_model {
* programs only. Should not be used with normal calls and indirect calls.
*/
#define BPF_TRAMP_F_SKIP_FRAME BIT(2)
+/* Override the return value of the original function. This flag only makes
+ * sense for fexit trampolines.
+ */
+#define BPF_TRAMP_F_OVERRIDE_RETURN BIT(3)
Whether the return value is overridable is determined by hook return
type as below. Do we still need this flag?
/* Each call __bpf_prog_enter + call bpf_func + call __bpf_prog_exit is ~50
* bytes on x86. Pick a number to fit into BPF_IMAGE_SIZE / 2
[...]
