| 1 | // SPDX-License-Identifier: GPL-2.0 |
|---|
| 2 | |
|---|
| 3 | /* |
|---|
| 4 | * Copyright (C) 2022 Huawei Technologies Duesseldorf GmbH |
|---|
| 5 | * |
|---|
| 6 | * Author: Roberto Sassu <roberto.sassu@huawei.com> |
|---|
| 7 | */ |
|---|
| 8 | |
|---|
| 9 | #include "vmlinux.h" |
|---|
| 10 | #include <errno.h> |
|---|
| 11 | #include <bpf/bpf_helpers.h> |
|---|
| 12 | #include <bpf/bpf_tracing.h> |
|---|
| 13 | #include "bpf_misc.h" |
|---|
| 14 | |
|---|
| 15 | extern struct bpf_key *bpf_lookup_system_key(__u64 id) __ksym; |
|---|
| 16 | extern void bpf_key_put(struct bpf_key *key) __ksym; |
|---|
| 17 | extern int bpf_verify_pkcs7_signature(struct bpf_dynptr *data_ptr, |
|---|
| 18 | struct bpf_dynptr *sig_ptr, |
|---|
| 19 | struct bpf_key *trusted_keyring) __ksym; |
|---|
| 20 | |
|---|
| 21 | struct { |
|---|
| 22 | __uint(type, BPF_MAP_TYPE_RINGBUF); |
|---|
| 23 | __uint(max_entries, 4096); |
|---|
| 24 | } ringbuf SEC(".maps" ); |
|---|
| 25 | |
|---|
| 26 | struct { |
|---|
| 27 | __uint(type, BPF_MAP_TYPE_ARRAY); |
|---|
| 28 | __uint(max_entries, 1); |
|---|
| 29 | __type(key, __u32); |
|---|
| 30 | __type(value, __u32); |
|---|
| 31 | } array_map SEC(".maps" ); |
|---|
| 32 | |
|---|
| 33 | int err, pid; |
|---|
| 34 | |
|---|
| 35 | char _license[] SEC("license" ) = "GPL" ; |
|---|
| 36 | |
|---|
| 37 | SEC("?lsm.s/bpf" ) |
|---|
| 38 | __failure __msg("cannot pass in dynptr at an offset=-8" ) |
|---|
| 39 | int BPF_PROG(not_valid_dynptr, int cmd, union bpf_attr *attr, unsigned int size) |
|---|
| 40 | { |
|---|
| 41 | unsigned long val; |
|---|
| 42 | |
|---|
| 43 | return bpf_verify_pkcs7_signature((struct bpf_dynptr *)&val, |
|---|
| 44 | (struct bpf_dynptr *)&val, NULL); |
|---|
| 45 | } |
|---|
| 46 | |
|---|
| 47 | SEC("?lsm.s/bpf" ) |
|---|
| 48 | __failure __msg("arg#0 expected pointer to stack or dynptr_ptr" ) |
|---|
| 49 | int BPF_PROG(not_ptr_to_stack, int cmd, union bpf_attr *attr, unsigned int size) |
|---|
| 50 | { |
|---|
| 51 | unsigned long val = 0; |
|---|
| 52 | |
|---|
| 53 | return bpf_verify_pkcs7_signature((struct bpf_dynptr *)val, |
|---|
| 54 | (struct bpf_dynptr *)val, NULL); |
|---|
| 55 | } |
|---|
| 56 | |
|---|
| 57 | SEC("lsm.s/bpf" ) |
|---|
| 58 | int BPF_PROG(dynptr_data_null, int cmd, union bpf_attr *attr, unsigned int size) |
|---|
| 59 | { |
|---|
| 60 | struct bpf_key *trusted_keyring; |
|---|
| 61 | struct bpf_dynptr ptr; |
|---|
| 62 | __u32 *value; |
|---|
| 63 | int ret, zero = 0; |
|---|
| 64 | |
|---|
| 65 | if (bpf_get_current_pid_tgid() >> 32 != pid) |
|---|
| 66 | return 0; |
|---|
| 67 | |
|---|
| 68 | value = bpf_map_lookup_elem(&array_map, &zero); |
|---|
| 69 | if (!value) |
|---|
| 70 | return 0; |
|---|
| 71 | |
|---|
| 72 | /* Pass invalid flags. */ |
|---|
| 73 | ret = bpf_dynptr_from_mem(value, sizeof(*value), ((__u64)~0ULL), &ptr); |
|---|
| 74 | if (ret != -EINVAL) |
|---|
| 75 | return 0; |
|---|
| 76 | |
|---|
| 77 | trusted_keyring = bpf_lookup_system_key(0); |
|---|
| 78 | if (!trusted_keyring) |
|---|
| 79 | return 0; |
|---|
| 80 | |
|---|
| 81 | err = bpf_verify_pkcs7_signature(&ptr, &ptr, trusted_keyring); |
|---|
| 82 | |
|---|
| 83 | bpf_key_put(trusted_keyring); |
|---|
| 84 | |
|---|
| 85 | return 0; |
|---|
| 86 | } |
|---|
| 87 | |
|---|
