Commit 74523c06 authored by Song Liu's avatar Song Liu Committed by Alexei Starovoitov
Browse files

bpf: Add __bpf_dynptr_data* for in kernel use 



Different types of bpf dynptr have different internal data storage.
Specifically, SKB and XDP type of dynptr may have non-continuous data.
Therefore, it is not always safe to directly access dynptr->data.

Add __bpf_dynptr_data and __bpf_dynptr_data_rw to replace direct access to
dynptr->data.

Update bpf_verify_pkcs7_signature to use __bpf_dynptr_data instead of
dynptr->data.

Signed-off-by: default avatarSong Liu <song@kernel.org>
Signed-off-by: default avatarAndrii Nakryiko <andrii@kernel.org>
Acked-by: default avatarVadim Fedorenko <vadim.fedorenko@linux.dev>
Link: https://lore.kernel.org/bpf/20231107045725.2278852-2-song@kernel.org


Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
parent 9b75dbeb

include/linux/bpf.h

+2 −0
Original line number Diff line number Diff line
@@ -1222,6 +1222,8 @@ enum bpf_dynptr_type { 


int bpf_dynptr_check_size(u32 size);

u32 __bpf_dynptr_size(const struct bpf_dynptr_kern *ptr);

const void *__bpf_dynptr_data(const struct bpf_dynptr_kern *ptr, u32 len);

void *__bpf_dynptr_data_rw(const struct bpf_dynptr_kern *ptr, u32 len);



#ifdef CONFIG_BPF_JIT

int bpf_trampoline_link_prog(struct bpf_tramp_link *link, struct bpf_trampoline *tr);

kernel/bpf/helpers.c

+19 −0
Original line number Diff line number Diff line
@@ -2618,3 +2618,22 @@ static int __init kfunc_init(void) 
}



late_initcall(kfunc_init);



/* Get a pointer to dynptr data up to len bytes for read only access. If

 * the dynptr doesn't have continuous data up to len bytes, return NULL.

 */

const void *__bpf_dynptr_data(const struct bpf_dynptr_kern *ptr, u32 len)

{

	return bpf_dynptr_slice(ptr, 0, NULL, len);

}



/* Get a pointer to dynptr data up to len bytes for read write access. If

 * the dynptr doesn't have continuous data up to len bytes, or the dynptr

 * is read only, return NULL.

 */

void *__bpf_dynptr_data_rw(const struct bpf_dynptr_kern *ptr, u32 len)

{

	if (__bpf_dynptr_is_rdonly(ptr))

		return NULL;

	return (void *)__bpf_dynptr_data(ptr, len);

}

kernel/trace/bpf_trace.c

+8 −4
Original line number Diff line number Diff line
@@ -1376,6 +1376,8 @@ __bpf_kfunc int bpf_verify_pkcs7_signature(struct bpf_dynptr_kern *data_ptr, 
			       struct bpf_dynptr_kern *sig_ptr,

			       struct bpf_key *trusted_keyring)

{

	const void *data, *sig;

	u32 data_len, sig_len;

	int ret;



	if (trusted_keyring->has_ref) {
@@ -1392,10 +1394,12 @@ __bpf_kfunc int bpf_verify_pkcs7_signature(struct bpf_dynptr_kern *data_ptr, 
			return ret;

	}



	return verify_pkcs7_signature(data_ptr->data,

				      __bpf_dynptr_size(data_ptr),

				      sig_ptr->data,

				      __bpf_dynptr_size(sig_ptr),

	data_len = __bpf_dynptr_size(data_ptr);

	data = __bpf_dynptr_data(data_ptr, data_len);

	sig_len = __bpf_dynptr_size(sig_ptr);

	sig = __bpf_dynptr_data(sig_ptr, sig_len);



	return verify_pkcs7_signature(data, data_len, sig, sig_len,

				      trusted_keyring->key,

				      VERIFYING_UNSPECIFIED_SIGNATURE, NULL,

				      NULL);