Il giorno sab 12 apr 2025 alle ore 02:19 Alexei Starovoitov <alexei.starovoi...@gmail.com> ha scritto:
Similar to what I proposed here? https://lore.kernel.org/bpf/20211203191844.69709-2-mcr...@linux.microsoft.com/ > The verification of module signatures is a job of the module loading process. > The same thing should be done by the bpf system. > The signature needs to be passed into sys_bpf syscall > as a part of BPF_PROG_LOAD command. static int bpf_prog_load(union bpf_attr *attr, bpfptr_t uattr) { @@ -2302,6 +2306,43 @@ static int bpf_prog_load(union bpf_attr *attr, bpfptr_t uattr) > It probably should be two new fields in union bpf_attr > (signature and length), @@ -1346,6 +1346,8 @@ union bpf_attr { __aligned_u64 fd_array; /* array of FDs */ __aligned_u64 core_relos; __u32 core_relo_rec_size; /* sizeof(struct bpf_core_relo) */ + __aligned_u64 signature; /* instruction's signature */ + __u32 sig_len; /* signature size */ > and the whole thing should be processed as part of the loading > with human readable error reported back through the verifier log > in case of signature mismatch, etc. + if (err) { + pr_warn("Invalid BPF signature for '%s': %pe\n", + prog->aux->name, ERR_PTR(err)); + goto free_prog_sec; + } It's been four years since my submission and the discussion was lengthy, what was the problem with the proposed signature in bpf_attr? Regards, -- Matteo Croce perl -e 'for($t=0;;$t++){print chr($t*($t>>8|$t>>13)&255)}' |aplay
