[PATCH v2 08/13] bpf: Implement signature verification for BPF programs
KP Singh
kpsingh at kernel.org
Mon Aug 11 22:22:40 UTC 2025
[...]
> vim +/sig +2797 kernel/bpf/syscall.c
>
> c83b0ba795b625 KP Singh 2025-07-21 2782 static noinline int bpf_prog_verify_signature(struct bpf_prog *prog,
> c83b0ba795b625 KP Singh 2025-07-21 2783 union bpf_attr *attr,
> c83b0ba795b625 KP Singh 2025-07-21 2784 bool is_kernel)
> c83b0ba795b625 KP Singh 2025-07-21 2785 {
> c83b0ba795b625 KP Singh 2025-07-21 2786 bpfptr_t usig = make_bpfptr(attr->signature, is_kernel);
> c83b0ba795b625 KP Singh 2025-07-21 2787 struct bpf_dynptr_kern sig_ptr, insns_ptr;
> c83b0ba795b625 KP Singh 2025-07-21 2788 struct bpf_key *key = NULL;
> c83b0ba795b625 KP Singh 2025-07-21 2789 void *sig;
> c83b0ba795b625 KP Singh 2025-07-21 2790 int err = 0;
> c83b0ba795b625 KP Singh 2025-07-21 2791
> c83b0ba795b625 KP Singh 2025-07-21 2792 key = bpf_lookup_user_key(attr->keyring_id, 0);
> c83b0ba795b625 KP Singh 2025-07-21 2793 if (!key)
> c83b0ba795b625 KP Singh 2025-07-21 2794 return -ENOKEY;
> c83b0ba795b625 KP Singh 2025-07-21 2795
> c83b0ba795b625 KP Singh 2025-07-21 2796 sig = kvmemdup_bpfptr(usig, attr->signature_size);
> c83b0ba795b625 KP Singh 2025-07-21 @2797 if (!sig) {
>
> This should be an if (!IS_ERR(sig)) { check.
Thanks, fixed.
- KP
More information about the Linux-security-module-archive
mailing list