From 7ad8474990ffcb1bed869929fc89086f39dcf056 Mon Sep 17 00:00:00 2001
From: KP Singh <kpsingh@kernel.org>
Date: Sun, 2 Nov 2025 12:37:42 +0100
Subject: [PATCH] bpf: Check size of the signature buffer

Accept only a SHA256 sized buffer.

Fixes: 349271568303 ("bpf: Implement signature verification for BPF programs")
Reported-by: Chris Mason <clm@meta.com>
Signed-off-by: KP Singh <kpsingh@kernel.org>
---
 kernel/bpf/syscall.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index 8a129746bd6cc..cc5bce20ec86c 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -2826,6 +2826,9 @@ static int bpf_prog_verify_signature(struct bpf_prog *prog, union bpf_attr *attr
 	void *sig;
 	int err = 0;
 
+	if (attr->signature_size != SHA256_DIGEST_SIZE)
+		return -EINVAL;
+
 	if (system_keyring_id_check(attr->keyring_id) == 0)
 		key = bpf_lookup_system_key(attr->keyring_id);
 	else