bpf: Add __bpf_dynptr_data* for in kernel use

Different types of bpf dynptr have different internal data storage.
Specifically, SKB and XDP type of dynptr may have non-continuous data.
Therefore, it is not always safe to directly access dynptr->data.

Add __bpf_dynptr_data and __bpf_dynptr_data_rw to replace direct access to
dynptr->data.

Update bpf_verify_pkcs7_signature to use __bpf_dynptr_data instead of
dynptr->data.

Signed-off-by: Song Liu <song@kernel.org>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Acked-by: Vadim Fedorenko <vadim.fedorenko@linux.dev>
Link: https://lore.kernel.org/bpf/20231107045725.2278852-2-song@kernel.org
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

diff --git a/include/linux/bpf.h b/include/linux/bpf.h
index b4825d3cdb292304bb256b40c54ac254dddb1e2d..eb84caf133df9e22daf0c55ff4fd1a987e376405 100644 (file)
--- a/include/linux/bpf.h
+++ b/include/linux/bpf.h
@@ -1222,6 +1222,8 @@ enum bpf_dynptr_type {
 
 int bpf_dynptr_check_size(u32 size);
 u32 __bpf_dynptr_size(const struct bpf_dynptr_kern *ptr);
+const void *__bpf_dynptr_data(const struct bpf_dynptr_kern *ptr, u32 len);
+void *__bpf_dynptr_data_rw(const struct bpf_dynptr_kern *ptr, u32 len);
 
 #ifdef CONFIG_BPF_JIT
 int bpf_trampoline_link_prog(struct bpf_tramp_link *link, struct bpf_trampoline *tr);

diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c
index 56b0c1f678ee754101233daec601f4f62623e0ef..174f02a9e7034e936a647c7bdfc58ff3ff29e8cb 100644 (file)
--- a/kernel/bpf/helpers.c
+++ b/kernel/bpf/helpers.c
@@ -2618,3 +2618,22 @@ static int __init kfunc_init(void)
 }
 
 late_initcall(kfunc_init);
+
+/* Get a pointer to dynptr data up to len bytes for read only access. If
+ * the dynptr doesn't have continuous data up to len bytes, return NULL.
+ */
+const void *__bpf_dynptr_data(const struct bpf_dynptr_kern *ptr, u32 len)
+{
+       return bpf_dynptr_slice(ptr, 0, NULL, len);
+}
+
+/* Get a pointer to dynptr data up to len bytes for read write access. If
+ * the dynptr doesn't have continuous data up to len bytes, or the dynptr
+ * is read only, return NULL.
+ */
+void *__bpf_dynptr_data_rw(const struct bpf_dynptr_kern *ptr, u32 len)
+{
+       if (__bpf_dynptr_is_rdonly(ptr))
+               return NULL;
+       return (void *)__bpf_dynptr_data(ptr, len);
+}

diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
index 84e8a0f6e4e0b0283eb6d7d6b72e5c0e2761c8c6..f0b8b7c291262f24626a960d1cca0c05bc976689 100644 (file)
--- a/kernel/trace/bpf_trace.c
+++ b/kernel/trace/bpf_trace.c
@@ -1376,6 +1376,8 @@ __bpf_kfunc int bpf_verify_pkcs7_signature(struct bpf_dynptr_kern *data_ptr,
                               struct bpf_dynptr_kern *sig_ptr,
                               struct bpf_key *trusted_keyring)
 {
+       const void *data, *sig;
+       u32 data_len, sig_len;
        int ret;
 
        if (trusted_keyring->has_ref) {
@@ -1392,10 +1394,12 @@ __bpf_kfunc int bpf_verify_pkcs7_signature(struct bpf_dynptr_kern *data_ptr,
                        return ret;
        }
 
-       return verify_pkcs7_signature(data_ptr->data,
-                                     __bpf_dynptr_size(data_ptr),
-                                     sig_ptr->data,
-                                     __bpf_dynptr_size(sig_ptr),
+       data_len = __bpf_dynptr_size(data_ptr);
+       data = __bpf_dynptr_data(data_ptr, data_len);
+       sig_len = __bpf_dynptr_size(sig_ptr);
+       sig = __bpf_dynptr_data(sig_ptr, sig_len);
+
+       return verify_pkcs7_signature(data, data_len, sig, sig_len,
                                      trusted_keyring->key,
                                      VERIFYING_UNSPECIFIED_SIGNATURE, NULL,
                                      NULL);