[PATCH bpf-next 0/3] bpf: add signature

From: Matteo Croce
Date: Fri Dec 03 2021 - 14:18:52 EST

Next message: Matteo Croce: "[PATCH bpf-next 1/3] bpf: add signature to eBPF instructions"
Previous message: Catalin Marinas: "Re: [RFC PATCH 4/5] arm64: mm: use IS_ENABLED(CONFIG_KEXEC_CORE) instead of #ifdef"
Next in thread: Matteo Croce: "[PATCH bpf-next 1/3] bpf: add signature to eBPF instructions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Matteo Croce <mcroce@xxxxxxxxxxxxx>

This series add signature verification for BPF files.
The first patch implements the signature validation in the kernel,
the second patch optionally makes the signature mandatory,
the third adds signature generation to bpftool.

This only works with CO-RE programs.

Matteo Croce (3):
bpf: add signature to eBPF instructions
bpf: add option to require BPF signature
bpftool: add signature in skeleton

crypto/asymmetric_keys/asymmetric_type.c | 1 +
crypto/asymmetric_keys/pkcs7_verify.c | 7 +-
include/linux/verification.h | 1 +
include/uapi/linux/bpf.h | 2 +
kernel/bpf/Kconfig | 14 ++
kernel/bpf/syscall.c | 51 +++++-
tools/bpf/bpftool/Makefile | 14 +-
tools/bpf/bpftool/gen.c | 33 ++++
tools/bpf/bpftool/main.c | 28 +++
tools/bpf/bpftool/main.h | 7 +
tools/bpf/bpftool/sign.c | 218 +++++++++++++++++++++++
tools/include/uapi/linux/bpf.h | 2 +
tools/lib/bpf/skel_internal.h | 4 +
13 files changed, 372 insertions(+), 10 deletions(-)
create mode 100644 tools/bpf/bpftool/sign.c

--
2.33.1

Next message: Matteo Croce: "[PATCH bpf-next 1/3] bpf: add signature to eBPF instructions"
Previous message: Catalin Marinas: "Re: [RFC PATCH 4/5] arm64: mm: use IS_ENABLED(CONFIG_KEXEC_CORE) instead of #ifdef"
Next in thread: Matteo Croce: "[PATCH bpf-next 1/3] bpf: add signature to eBPF instructions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]