git.monstr.eu Git - linux-2.6-microblaze.git/commit

author	KP Singh <kpsingh@kernel.org>
	Sun, 21 Sep 2025 16:01:16 +0000 (18:01 +0200)
committer	Alexei Starovoitov <ast@kernel.org>
	Tue, 23 Sep 2025 01:58:03 +0000 (18:58 -0700)
commit	349271568303695f0ac3563af153d2b4542f6986
tree	712288a246801056bf557b9c4992d0eb34513daf	tree
parent	5a427fddec5e76360725a0f03df3a2a003efbe2e	commit \| diff

bpf: Implement signature verification for BPF programs

This patch extends the BPF_PROG_LOAD command by adding three new fields
to `union bpf_attr` in the user-space API:

  - signature: A pointer to the signature blob.
  - signature_size: The size of the signature blob.
  - keyring_id: The serial number of a loaded kernel keyring (e.g.,
    the user or session keyring) containing the trusted public keys.

When a BPF program is loaded with a signature, the kernel:

1.  Retrieves the trusted keyring using the provided `keyring_id`.
2.  Verifies the supplied signature against the BPF program's
    instruction buffer.
3.  If the signature is valid and was generated by a key in the trusted
    keyring, the program load proceeds.
4.  If no signature is provided, the load proceeds as before, allowing
    for backward compatibility. LSMs can chose to restrict unsigned
    programs and implement a security policy.
5.  If signature verification fails for any reason,
    the program is not loaded.

Tested-by: syzbot@syzkaller.appspotmail.com
Signed-off-by: KP Singh <kpsingh@kernel.org>
Link: https://lore.kernel.org/r/20250921160120.9711-2-kpsingh@kernel.org
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

crypto/asymmetric_keys/pkcs7_verify.c		diff \| blob \| history
include/linux/verification.h		diff \| blob \| history
include/uapi/linux/bpf.h		diff \| blob \| history
kernel/bpf/helpers.c		diff \| blob \| history
kernel/bpf/syscall.c		diff \| blob \| history
tools/include/uapi/linux/bpf.h		diff \| blob \| history
tools/lib/bpf/bpf.c		diff \| blob \| history