Currently there is a Linux Security Module (LSM) hook for all bpf syscalls directly after the bpf_attr union is copied into the kernel.
After changes to support compat64 for PCuABI, attr is now a void* since it can represent either a bpf_attr or a compat_bpf_attr.
Change the bpf LSM hook to align with this. eBPF LSM's will therefore have to check in_compat_syscall() to chose the correct union + memory layout of the attr passed to the module.
Signed-off-by: Zachary Leaf zachary.leaf@arm.com --- Note: This is potential solution 1 of 2. I'm not sure this is ideal as existing LSMs should be broken by this.
The alternative would be to change the location of this hook to be inside each multiplexed option, after we have converted a compat_bpf_attr into native bpf_attr type. The security_bpf() call can then be made with the converted union without changing the signature of security_bpf() as this patch does. That should keep compatibility with existing LSMs.
The next commit in this series shows this alternative option.
include/linux/security.h | 4 ++-- security/security.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/include/linux/security.h b/include/linux/security.h index 25b3ef71f495..f0ad6571d067 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1965,7 +1965,7 @@ struct bpf_map; struct bpf_prog; struct bpf_prog_aux; #ifdef CONFIG_SECURITY -extern int security_bpf(int cmd, union bpf_attr *attr, unsigned int size); +extern int security_bpf(int cmd, void *attr, unsigned int size); extern int security_bpf_map(struct bpf_map *map, fmode_t fmode); extern int security_bpf_prog(struct bpf_prog *prog); extern int security_bpf_map_alloc(struct bpf_map *map); @@ -1973,7 +1973,7 @@ extern void security_bpf_map_free(struct bpf_map *map); extern int security_bpf_prog_alloc(struct bpf_prog_aux *aux); extern void security_bpf_prog_free(struct bpf_prog_aux *aux); #else -static inline int security_bpf(int cmd, union bpf_attr *attr, +static inline int security_bpf(int cmd, void *attr, unsigned int size) { return 0; diff --git a/security/security.c b/security/security.c index b7cf5cbfdc67..2c5e8cf47248 100644 --- a/security/security.c +++ b/security/security.c @@ -2587,7 +2587,7 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule) #endif /* CONFIG_AUDIT */
#ifdef CONFIG_BPF_SYSCALL -int security_bpf(int cmd, union bpf_attr *attr, unsigned int size) +int security_bpf(int cmd, void *attr, unsigned int size) { return call_int_hook(bpf, 0, cmd, attr, size); } -- 2.34.1