[RFC PATCH] hornet: adjustments for the updated bpf_map_ops::map_get_hash() API

Tue Jun 2 19:50:47 UTC 2026

Paul Moore <paul at paul-moore.com> writes:

> Commit c48c3a7e7d5b ("bpf: Drop redundant hash_buf from map_get_hash
> operation") changed the map_get_hash() API to only take a single
> parameter, the bpf_map instance; this commit updates the Hornet code
> accordingly.
>
> Beyond the basic map_get_hash() usage change, this commit also removes
> the remaining SHA-256 specific code from Hornet, instead relying on the
> size of the bpf_map::sha field to determine the appropriate digest size.
> While Hornet remains tied to SHA-256 because it is hardcoded into the
> BPF subsystem, the Hornet code itself should now be fairly agile with
> respect to hash algorithms.  The only area where Hornet does appear to
> hardcode a hash algorithm is in the MAP_DIGEST_SIZE macro where the
> bpf_map::sha field is referenced, but that is purely a field name and
> if the BPF subsystem changes the name to something more generic it will
> be easily caught and corrected at build time.
>
> Signed-off-by: Paul Moore <paul at paul-moore.com>
> ---
>  security/hornet/hornet_lsm.c | 22 +++++++++++-----------
>  1 file changed, 11 insertions(+), 11 deletions(-)
>
> diff --git a/security/hornet/hornet_lsm.c b/security/hornet/hornet_lsm.c
> index eeb422db1092..a1cb2e130323 100644
> --- a/security/hornet/hornet_lsm.c
> +++ b/security/hornet/hornet_lsm.c
> @@ -17,16 +17,17 @@
>  #include <linux/sort.h>
>  #include <linux/asn1_decoder.h>
>  #include <linux/oid_registry.h>
> +#include <linux/stddef.h>
>  #include "hornet.asn1.h"
>  
>  #define MAX_USED_MAPS 64
>  
> -/* The only hashing algorithm available is SHA256 due to it be hardcoded
> - * in the bpf subsystem.
> - */
> +/* Use the hash alg hardcoded into the bpf subsystem, currently sha256 */
> +#define MAP_DIGEST_SIZE (sizeof_field(struct bpf_map, sha))
> +
>  struct hornet_prog_security_struct {
>  	int signed_hash_count;
> -	unsigned char signed_hashes[SHA256_DIGEST_SIZE * MAX_USED_MAPS];
> +	unsigned char signed_hashes[MAP_DIGEST_SIZE * MAX_USED_MAPS];
>  };
>  
>  struct hornet_parse_context {
> @@ -60,12 +61,12 @@ int hornet_map_hash(void *context, size_t hdrlen,
>  {
>  	struct hornet_parse_context *ctx = (struct hornet_parse_context *)context;
>  
> -	if (vlen != SHA256_DIGEST_SIZE && vlen != 0)
> +	if (vlen != MAP_DIGEST_SIZE && vlen != 0)
>  		return -EINVAL;
>  	if (ctx->security->signed_hash_count >= MAX_USED_MAPS)
>  		return -EINVAL;
>  
> -	memcpy(&ctx->security->signed_hashes[ctx->security->signed_hash_count * SHA256_DIGEST_SIZE],
> +	memcpy(&ctx->security->signed_hashes[ctx->security->signed_hash_count * MAP_DIGEST_SIZE],
>  	       value, vlen);
>  
>  	return 0;
> @@ -188,7 +189,6 @@ static int hornet_bpf_prog_load_integrity(struct bpf_prog *prog, union bpf_attr
>  static int hornet_check_prog_maps(struct bpf_prog *prog)
>  {
>  	struct hornet_prog_security_struct *security;
> -	unsigned char hash[SHA256_DIGEST_SIZE];
>  	struct bpf_map *map;
>  	int i, j;
>  	bool found;
> @@ -209,12 +209,12 @@ static int hornet_check_prog_maps(struct bpf_prog *prog)
>  			if (!READ_ONCE(map->frozen) || !map->ops->map_get_hash)
>  				continue;
>  
> -			if (map->ops->map_get_hash(map, SHA256_DIGEST_SIZE, hash))
> +			if (map->ops->map_get_hash(map))
>  				continue;
>  
> -			if (memcmp(hash,
> -				   &security->signed_hashes[i * SHA256_DIGEST_SIZE],
> -				   SHA256_DIGEST_SIZE) == 0) {
> +			if (memcmp(map->sha,
> +				   &security->signed_hashes[i * MAP_DIGEST_SIZE],
> +				   MAP_DIGEST_SIZE) == 0) {
>  				found = true;
>  				break;
>  			}
> -- 
> 2.54.0

Acked-by: Blaise Boscaccy <bboscaccy at linux.microsoft.com>