Re: [PATCH] bpf: Add signature checking for BPF programs

From: Alexei Starovoitov
Date: Tue Jan 05 2021 - 15:17:33 EST

Next message: Mimi Zohar: "Re: [PATCH v9 3/8] IMA: define a hook to measure kernel integrity critical data"
Previous message: Nathan Chancellor: "[PATCH] MIPS: lantiq: Explicitly compare LTQ_EBU_PCC_ISTAT against 0"
In reply to: Xichen Lin: "[PATCH] bpf: Add signature checking for BPF programs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jan 5, 2021 at 12:00 AM Xichen Lin <linxichen.01@xxxxxxxxxxxxx> wrote:
>
> From: Xichen Lin <linxichen.01@xxxxxxxxxxxxx>
>
> Check the signature of a BPF program against the same set of keys for
> module signature checking.
>
> Currently the format of a signed BPF program is similar to that of
> a signed kernel module, composed of BPF bytecode, signature,
> module_signature structure and a magic string, in order, aligned to
> struct sock_filter.

Commit log talks about 'what' and gives no insight into 'why' the
patch was sent.
Please take time to clearly explain the motivation for the changes.
Also please see earlier discussions on the subject and Arnaldo's preso
from plumbers.

Next message: Mimi Zohar: "Re: [PATCH v9 3/8] IMA: define a hook to measure kernel integrity critical data"
Previous message: Nathan Chancellor: "[PATCH] MIPS: lantiq: Explicitly compare LTQ_EBU_PCC_ISTAT against 0"
In reply to: Xichen Lin: "[PATCH] bpf: Add signature checking for BPF programs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]