tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

bpf: lsm: Provide attachment points for BPF LSM programs

When CONFIG_BPF_LSM is enabled, nop functions, bpf_lsm_<hook_name>, are
generated for each LSM hook. These functions are initialized as LSM
hooks in a subsequent patch.

Signed-off-by: KP Singh <kpsingh@google.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Reviewed-by: Brendan Jackman <jackmanb@google.com>
Reviewed-by: Florent Revest <revest@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Acked-by: Yonghong Song <yhs@fb.com>
Acked-by: James Morris <jamorris@linux.microsoft.com>
Link: https://lore.kernel.org/bpf/20200329004356.27286-4-kpsingh@chromium.org

authored by

KP Singh and committed by
Daniel Borkmann 9d3fdea7 98e828a0

+36
+22
include/linux/bpf_lsm.h
··· 1 + /* SPDX-License-Identifier: GPL-2.0 */ 2 + 3 + /* 4 + * Copyright (C) 2020 Google LLC. 5 + */ 6 + 7 + #ifndef _LINUX_BPF_LSM_H 8 + #define _LINUX_BPF_LSM_H 9 + 10 + #include <linux/bpf.h> 11 + #include <linux/lsm_hooks.h> 12 + 13 + #ifdef CONFIG_BPF_LSM 14 + 15 + #define LSM_HOOK(RET, DEFAULT, NAME, ...) \ 16 + RET bpf_lsm_##NAME(__VA_ARGS__); 17 + #include <linux/lsm_hook_defs.h> 18 + #undef LSM_HOOK 19 + 20 + #endif /* CONFIG_BPF_LSM */ 21 + 22 + #endif /* _LINUX_BPF_LSM_H */
+14
kernel/bpf/bpf_lsm.c
··· 7 7 #include <linux/filter.h> 8 8 #include <linux/bpf.h> 9 9 #include <linux/btf.h> 10 + #include <linux/lsm_hooks.h> 11 + #include <linux/bpf_lsm.h> 12 + 13 + /* For every LSM hook that allows attachment of BPF programs, declare a nop 14 + * function where a BPF program can be attached. 15 + */ 16 + #define LSM_HOOK(RET, DEFAULT, NAME, ...) \ 17 + noinline RET bpf_lsm_##NAME(__VA_ARGS__) \ 18 + { \ 19 + return DEFAULT; \ 20 + } 21 + 22 + #include <linux/lsm_hook_defs.h> 23 + #undef LSM_HOOK 10 24 11 25 const struct bpf_prog_ops lsm_prog_ops = { 12 26 };