Re: [PATCH bpf-next 5/5] selftests/bpf: Add test that use fsverity and xattr to sign a file

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


> On Oct 17, 2023, at 12:08 PM, Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx> wrote:
> 
> On Fri, Oct 13, 2023 at 11:29 AM Song Liu <song@xxxxxxxxxx> wrote:
>> 
>> +#define MAGIC_SIZE 8
>> +char digest[MAGIC_SIZE + sizeof(struct fsverity_digest) + SHA256_DIGEST_SIZE];
>> +
>> +__u32 monitored_pid;
>> +char xattr_name[] = "user.sig";
>> +char sig[MAX_SIG_SIZE];
>> +__u32 sig_size;
>> +__u32 user_keyring_serial;
>> +
>> +SEC("lsm.s/file_open")
>> +int BPF_PROG(test_file_open, struct file *f)
>> +{
>> +       struct bpf_dynptr digest_ptr, sig_ptr, name_ptr;
>> +       struct bpf_key *trusted_keyring;
>> +       __u32 pid;
>> +       int ret;
>> +
>> +       pid = bpf_get_current_pid_tgid() >> 32;
>> +       if (pid != monitored_pid)
>> +               return 0;
>> +
>> +       /* digest_ptr points to fsverity_digest */
>> +       bpf_dynptr_from_mem(digest + MAGIC_SIZE, sizeof(digest) - MAGIC_SIZE, 0, &digest_ptr);
>> +
>> +       ret = bpf_get_fsverity_digest(f, &digest_ptr);
>> +       /* No verity, allow access */
>> +       if (ret < 0)
>> +               return 0;
>> +
>> +       /* Move digest_ptr to fsverity_formatted_digest */
>> +       bpf_dynptr_from_mem(digest, sizeof(digest), 0, &digest_ptr);
>> +
>> +       /* Read signature from xattr */
>> +       bpf_dynptr_from_mem(sig, sizeof(sig), 0, &sig_ptr);
>> +       bpf_dynptr_from_mem(xattr_name, sizeof(xattr_name), 0, &name_ptr);
>> +       ret = bpf_get_file_xattr(f, &name_ptr, &sig_ptr);
>> +       /* No signature, reject access */
>> +       if (ret < 0)
>> +               return -EPERM;
>> +
>> +       trusted_keyring = bpf_lookup_user_key(user_keyring_serial, 0);
>> +       if (!trusted_keyring)
>> +               return -ENOENT;
>> +
>> +       /* Verify signature */
>> +       ret = bpf_verify_pkcs7_signature(&digest_ptr, &sig_ptr, trusted_keyring);
>> +
>> +       bpf_key_put(trusted_keyring);
>> +       return ret;
>> +}
> 
> I think the UX is cumbersome.
> Putting a NULL terminated string into dynptr not only a source
> code ugliness, but it adds run-time overhead too.
> We better add proper C style string support in the verifier,
> so that bpf_get_file_xattr() can look like normal C.

That will indeed look much better. Let me check what do we need 
make this happen.

Thanks,
Song
[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux