[PATCH v3 06/12] bpf: Return hashes of maps in BPF_OBJ_GET_INFO_BY_FD

[Andrii Nakryiko]

On Wed, Aug 13, 2025 at 1:55 PM KP Singh <kpsingh at kernel.org> wrote:
>
> Currently only array maps are supported, but the implementation can be
> extended for other maps and objects. The hash is memoized only for
> exclusive and frozen maps as their content is stable until the exclusive
> program modifies the map.
>
> This is required  for BPF signing, enabling a trusted loader program to
> verify a map's integrity. The loader retrieves
> the map's runtime hash from the kernel and compares it against an
> expected hash computed at build time.
>
> Signed-off-by: KP Singh <kpsingh at kernel.org>
> ---
>  include/linux/bpf.h                           |  3 +++
>  include/uapi/linux/bpf.h                      |  2 ++
>  kernel/bpf/arraymap.c                         | 13 +++++++++++
>  kernel/bpf/syscall.c                          | 23 +++++++++++++++++++
>  tools/include/uapi/linux/bpf.h                |  2 ++
>  .../selftests/bpf/progs/verifier_map_ptr.c    |  7 ++++--
>  6 files changed, 48 insertions(+), 2 deletions(-)
>

[...]

>  struct bpf_btf_info {
> diff --git a/tools/testing/selftests/bpf/progs/verifier_map_ptr.c b/tools/testing/selftests/bpf/progs/verifier_map_ptr.c
> index 11a079145966..e2767d27d8aa 100644
> --- a/tools/testing/selftests/bpf/progs/verifier_map_ptr.c
> +++ b/tools/testing/selftests/bpf/progs/verifier_map_ptr.c
> @@ -70,10 +70,13 @@ __naked void bpf_map_ptr_write_rejected(void)
>         : __clobber_all);
>  }
>
> +/* The first element of struct bpf_map is a SHA256 hash of 32 bytes, accessing
> + * into this array is valid. The opts field is now at offset 33.
> + */

Does hash have to be at the beginning of struct bpf_map? why not just
put it at the end and not have to adjust any tests?.. (which now will
fail on older kernel for no good reason, unless I miss something)


>  SEC("socket")
>  __description("bpf_map_ptr: read non-existent field rejected")
>  __failure
> -__msg("cannot access ptr member ops with moff 0 in struct bpf_map with off 1 size 4")
> +__msg("cannot access ptr member ops with moff 32 in struct bpf_map with off 33 size 4")
>  __failure_unpriv
>  __msg_unpriv("access is allowed only to CAP_PERFMON and CAP_SYS_ADMIN")
>  __flag(BPF_F_ANY_ALIGNMENT)
> @@ -82,7 +85,7 @@ __naked void read_non_existent_field_rejected(void)
>         asm volatile ("                                 \
>         r6 = 0;                                         \
>         r1 = %[map_array_48b] ll;                       \
> -       r6 = *(u32*)(r1 + 1);                           \
> +       r6 = *(u32*)(r1 + 33);                          \
>         r0 = 1;                                         \
>         exit;                                           \
>  "      :
> --
> 2.43.0
>