[PATCH 1/1] security: Propagate universal pointer data in bpf hooks
Song Liu
song at kernel.org
Wed Feb 26 07:06:29 UTC 2025
On Tue, Feb 25, 2025 at 4:31 PM Blaise Boscaccy
<bboscaccy at linux.microsoft.com> wrote:
>
> Certain bpf syscall subcommands are available for usage from both
> userspace and the kernel. LSM modules or eBPF gatekeeper programs may
> need to take a different course of action depending on whether or not
> a BPF syscall originated from the kernel or userspace.
>
> Additionally, some of the bpf_attr struct fields contain pointers to
> arbitrary memory. Currently the functionality to determine whether or
> not a pointer refers to kernel memory or userspace memory is exposed
> to the bpf verifier, but that information is missing from various LSM
> hooks.
>
> Here we augment the LSM hooks to provide this data, by simply passing
> the corresponding universal pointer in any hook that contains already
> contains a bpf_attr struct that corresponds to a subcommand that may
> be called from the kernel.
I think this information is useful for LSM hooks.
Question: Do we need a full bpfptr_t for these hooks, or just a boolean
"is_kernel or not"?
Thanks,
Song
> Signed-off-by: Blaise Boscaccy <bboscaccy at linux.microsoft.com>
More information about the Linux-security-module-archive
mailing list