[RFC 08/11] security: Hornet LSM

Thu Dec 18 21:26:23 UTC 2025

Alexei Starovoitov <alexei.starovoitov at gmail.com> writes:

> On Wed, Dec 10, 2025 at 6:14 PM Blaise Boscaccy
> <bboscaccy at linux.microsoft.com> wrote:
>> +++ b/security/hornet/Kconfig
>> @@ -0,0 +1,11 @@
>> +# SPDX-License-Identifier: GPL-2.0-only
>> +config SECURITY_HORNET
>> +       bool "Hornet support"
>> +       depends on SECURITY
>> +       default n
>
> So you're disallowing this new LSM to be a module?
> That doesn't smell good.
>
>> +static int hornet_verify_hashes(struct hornet_maps *maps,
>> +                               struct hornet_parse_context *ctx)
>> +{
>> +       int map_fd;
>> +       u32 i;
>> +       struct bpf_map *map;
>> +       int err = 0;
>> +       unsigned char hash[SHA256_DIGEST_SIZE];
>> +
>> +       for (i = 0; i < ctx->hash_count; i++) {
>> +               if (ctx->skips[i])
>> +                       continue;
>> +
>> +               err = copy_from_bpfptr_offset(&map_fd, maps->fd_array,
>> +                                             ctx->indexes[i] * sizeof(map_fd),
>> +                                             sizeof(map_fd));
>
> As was pointed out several times earlier this is an obvious TOCTOU bug.
> An attacker can change this map_fd between LSM checks and later verifier use.
> All the "security" checks further are useless.

Thank you, Alexei, for pointing that out. I’ll ensure it’s addressed in
the next iteration.

>
>> +               if (err < 0)
>> +                       return LSM_INT_VERDICT_BADSIG;
>> +
>> +               CLASS(fd, f)(map_fd);
>> +               if (fd_empty(f))
>> +                       return LSM_INT_VERDICT_BADSIG;
>> +               if (unlikely(fd_file(f)->f_op != &bpf_map_fops))
>
> Ohh. So this is why this LSM has to be built-in.
> bpf_map_fops is bpf internal detail. It's not going to be exported.
> You cannot open code __bpf_map_get() and get away with it.
>
>> +                       return LSM_INT_VERDICT_BADSIG;
>> +
>> +               if (!map->frozen)
>> +                       return LSM_INT_VERDICT_BADSIG;
>> +
>> +               map = fd_file(f)->private_data;
>> +               map->ops->map_get_hash(map, SHA256_DIGEST_SIZE, hash);
>
> This too. It's absolutely not ok for LSM to mess with bpf internal state.
>
> The whole LSM is one awful hack.
> The diff stat doesn't touch anything in the kernel/bpf/
> yet you're messing with bpf internals.
>
> Clearly, you guys want to merge this garbage through LSM tree.
> Make sure to keep my Nack when you send it during the merge window.

Sure thing. I'll include your Nacked-by: in future versions.

-blaise