bpf: Update the bpf_prog_calc_tag to use SHA256

Exclusive maps restrict map access to specific programs using a hash. The current hash used for this is SHA1, which is prone to collisions. This patch uses SHA256, which is more resilient against collisions. This new hash is stored in bpf_prog and used by the verifier to determine if a program can access a given exclusive map. The original 64-bit tags are kept, as they are used by users as a short, possibly colliding program identifier for non-security purposes. Signed-off-by: KP Singh <kpsingh@kernel.org> Link: https://lore.kernel.org/r/20250914215141.15144-2-kpsingh@kernel.org Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2025-09-14 23:51:30 +02:00 · 2025-09-14 23:51:30 +02:00 · 603b441623
parent 3547a61ee2
commit 603b441623
3 changed files with 8 additions and 5 deletions
--- a/include/linux/bpf.h
+++ b/include/linux/bpf.h
@ -31,6 +31,7 @@
 #include <linux/memcontrol.h>
 #include <linux/cfi.h>
 #include <asm/rqspinlock.h>
+#include <crypto/sha2.h>

 struct bpf_verifier_env;
 struct bpf_verifier_log;
@ -1717,7 +1718,10 @@ struct bpf_prog {
 	enum bpf_attach_type	expected_attach_type; /* For some prog types */
 	u32			len;		/* Number of filter blocks */
 	u32			jited_len;	/* Size of jited insns in bytes */
-	u8			tag[BPF_TAG_SIZE];
+	union {
+		u8 digest[SHA256_DIGEST_SIZE];
+		u8 tag[BPF_TAG_SIZE];
+	};
 	struct bpf_prog_stats __percpu *stats;
 	int __percpu		*active;
 	unsigned int		(*bpf_func)(const void *ctx,
--- a/kernel/bpf/Kconfig
+++ b/kernel/bpf/Kconfig
@ -3,7 +3,7 @@
 # BPF interpreter that, for example, classic socket filters depend on.
 config BPF
 	bool
-	select CRYPTO_LIB_SHA1
+	select CRYPTO_LIB_SHA256

 # Used by archs to tell that they support BPF JIT compiler plus which
 # flavour. Only one of the two can be selected for a specific arch since
--- a/kernel/bpf/core.c
+++ b/kernel/bpf/core.c
@ -39,6 +39,7 @@
 #include <linux/bpf_mem_alloc.h>
 #include <linux/memcontrol.h>
 #include <linux/execmem.h>
+#include <crypto/sha2.h>

 #include <asm/barrier.h>
 #include <linux/unaligned.h>
@ -296,7 +297,6 @@ void __bpf_prog_free(struct bpf_prog *fp)
 int bpf_prog_calc_tag(struct bpf_prog *fp)
 {
 	size_t size = bpf_prog_insn_size(fp);
-	u8 digest[SHA1_DIGEST_SIZE];
 	struct bpf_insn *dst;
 	bool was_ld_map;
 	u32 i;
@ -327,8 +327,7 @@ int bpf_prog_calc_tag(struct bpf_prog *fp)
 			was_ld_map = false;
 		}
 	}
-	sha1((const u8 *)dst, size, digest);
-	memcpy(fp->tag, digest, sizeof(fp->tag));
+	sha256((u8 *)dst, size, fp->digest);
 	vfree(dst);
 	return 0;
 }