These kfuncs can be used to access the dynptr data. Expose them in bpf.h
and use bpf_dynptr_slice in bpf_verify_pkcs7_signature.
Signed-off-by: Song Liu <song@xxxxxxxxxx>
---
include/linux/bpf.h | 4 ++++
kernel/trace/bpf_trace.c | 15 +++++++++++----
2 files changed, 15 insertions(+), 4 deletions(-)
diff --git a/include/linux/bpf.h b/include/linux/bpf.h
index b4b40b45962b..0d4e795a8a73 100644
--- a/include/linux/bpf.h
+++ b/include/linux/bpf.h
@@ -1222,6 +1222,10 @@ enum bpf_dynptr_type {
int bpf_dynptr_check_size(u32 size);
u32 __bpf_dynptr_size(const struct bpf_dynptr_kern *ptr);
+void *bpf_dynptr_slice(const struct bpf_dynptr_kern *ptr, u32 offset,
+ void *buffer__opt, u32 buffer__szk);
+void *bpf_dynptr_slice_rdwr(const struct bpf_dynptr_kern *ptr, u32 offset,
+ void *buffer__opt, u32 buffer__szk);
#ifdef CONFIG_BPF_JIT
int bpf_trampoline_link_prog(struct bpf_tramp_link *link, struct bpf_trampoline *tr);
diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
index df697c74d519..43ed45a83ee2 100644
--- a/kernel/trace/bpf_trace.c
+++ b/kernel/trace/bpf_trace.c
@@ -1378,6 +1378,7 @@ __bpf_kfunc int bpf_verify_pkcs7_signature(struct bpf_dynptr_kern *data_ptr,
struct bpf_dynptr_kern *sig_ptr,
struct bpf_key *trusted_keyring)
{
+ void *data, *sig;
int ret;
if (trusted_keyring->has_ref) {
@@ -1394,10 +1395,16 @@ __bpf_kfunc int bpf_verify_pkcs7_signature(struct bpf_dynptr_kern *data_ptr,
return ret;
}
- return verify_pkcs7_signature(data_ptr->data,
- __bpf_dynptr_size(data_ptr),
- sig_ptr->data,
- __bpf_dynptr_size(sig_ptr),
+ data = bpf_dynptr_slice(data_ptr, 0, NULL, 0);
+ if (IS_ERR_OR_NULL(data))
+ return PTR_ERR(data);
+
+ sig = bpf_dynptr_slice(sig_ptr, 0, NULL, 0);
+ if (IS_ERR_OR_NULL(sig))
+ return PTR_ERR(sig);
+
+ return verify_pkcs7_signature(data, __bpf_dynptr_size(data_ptr),
+ sig, __bpf_dynptr_size(sig_ptr),
trusted_keyring->key,
VERIFYING_UNSPECIFIED_SIGNATURE, NULL,
NULL);
--
2.34.1
