On Sun, Oct 15, 2023 at 12:07 AM Eric Biggers <ebiggers@xxxxxxxxxx> wrote:
>
[...]
> > + */
> > +__bpf_kfunc int bpf_get_fsverity_digest(struct file *file, struct bpf_dynptr_kern *digest_ptr)
> > +{
> > + const struct inode *inode = file_inode(file);
> > + struct fsverity_digest *arg = digest_ptr->data;
>
> What alignment is guaranteed here?
drnptr doesn't not provide alignment guarantee for digest_ptr->data.
If we need alignment guarantee, we need to add it here.
>
> > + const struct fsverity_info *vi;
> > + const struct fsverity_hash_alg *hash_alg;
> > + int out_digest_sz;
> > +
> > + if (__bpf_dynptr_size(digest_ptr) < sizeof(struct fsverity_digest))
> > + return -EINVAL;
> > +
> > + vi = fsverity_get_info(inode);
> > + if (!vi)
> > + return -ENODATA; /* not a verity file */
> > +
> > + hash_alg = vi->tree_params.hash_alg;
> > +
> > + arg->digest_algorithm = hash_alg - fsverity_hash_algs;
> > + arg->digest_size = hash_alg->digest_size;
> > +
> > + out_digest_sz = __bpf_dynptr_size(digest_ptr) - sizeof(struct fsverity_digest);
> > +
> > + /* copy digest */
> > + memcpy(arg->digest, vi->file_digest, min_t(int, hash_alg->digest_size, out_digest_sz));
> > +
> > + /* fill the extra buffer with zeros */
> > + memset(arg->digest + arg->digest_size, 0, out_digest_sz - hash_alg->digest_size);
>
> Can't 'out_digest_sz - hash_alg->digest_size' underflow?
Will fix this in the next version.
>
> > +
> > + return 0;
> > +}
> > +
> > +__diag_pop();
> > +
> > +BTF_SET8_START(fsverity_set)
> > +BTF_ID_FLAGS(func, bpf_get_fsverity_digest, KF_SLEEPABLE)
>
> Should it be sleepable? Nothing in it sleeps, as far as I can tell.
Indeed, we can remove sleepable requirement here.
>
> > +BTF_SET8_END(fsverity_set)
> > +
> > +const struct btf_kfunc_id_set bpf_fsverity_set = {
> > + .owner = THIS_MODULE,
> > + .set = &fsverity_set,
> > +};
>
> static const?
Will fix in v2.
>
> > +
> > +static int __init bpf_fsverity_init(void)
> > +{
> > + return register_btf_kfunc_id_set(BPF_PROG_TYPE_TRACING,
> > + &bpf_fsverity_set);
> > +}
> > +
> > +late_initcall(bpf_fsverity_init);
>
> Maybe this should be called by the existing fsverity_init() initcall instead of
> having a brand new initcall just for this.
Yeah, that would also work.
>
> Also, doesn't this all need to be guarded by a kconfig such as CONFIG_BPF?
Will add this in v2.
>
> Also, it looks like I'm being signed up to maintain this. This isn't a stable
> UAPI, right? No need to document this in Documentation/?
BPF kfuncs are not UAPI. They are as stable as exported symbols.
We do have some documents for BPF kfuncs, for example in
Documentation/bpf/cpumasks.rst.
Do you have a recommendation or preference on where we should
document this? AFAICT, we can either add it to fsverity.rst or somewhere
in Documentation/bpf/.
Thanks,
Song
