[PATCH bpf-next v2 2/4] bpf: Implement bpf_local_storage for inodes
KP Singh
kpsingh at chromium.org
Tue Jun 30 11:49:56 UTC 2020
On 18-Jun 23:52, Martin KaFai Lau wrote:
> On Wed, Jun 17, 2020 at 10:29:39PM +0200, KP Singh wrote:
> [ ... ]
>
> > diff --git a/include/linux/bpf_lsm.h b/include/linux/bpf_lsm.h
> > index af74712af585..8efd7562e3de 100644
> > --- a/include/linux/bpf_lsm.h
> > +++ b/include/linux/bpf_lsm.h
> > @@ -17,9 +17,24 @@
> > #include <linux/lsm_hook_defs.h>
> > #undef LSM_HOOK
> >
> > +struct bpf_storage_blob {
> > + struct bpf_local_storage __rcu *storage;
> > +};
> > +
> > +extern struct lsm_blob_sizes bpf_lsm_blob_sizes;
> > +
> > int bpf_lsm_verify_prog(struct bpf_verifier_log *vlog,
> > const struct bpf_prog *prog);
> >
> > +static inline struct bpf_storage_blob *bpf_inode(
> > + const struct inode *inode)
> > +{
> > + if (unlikely(!inode->i_security))
> > + return NULL;
> > +
> > + return inode->i_security + bpf_lsm_blob_sizes.lbs_inode;
> > +}
> > +
> > #else /* !CONFIG_BPF_LSM */
> >
> > static inline int bpf_lsm_verify_prog(struct bpf_verifier_log *vlog,
> > @@ -28,6 +43,12 @@ static inline int bpf_lsm_verify_prog(struct bpf_verifier_log *vlog,
> > return -EOPNOTSUPP;
> > }
> >
> > +static inline struct bpf_storage_blob *bpf_inode_storage(
> This does not seem to match the newly added "bpf_inode()"
> above for the "CONFIG_BPF_LSM" case.
>
> A typo? May be a good idea to test compiling with !CONFIG_BPF_LSM.
Sorry about that, yeah it was a last minute lazy rename. Will
compile test the series with !CONFIG_BPF_LSM and !CONFIG_NET. Thanks.
>
> > + const struct inode *inode)
> > +{
> > + return NULL;
> > +}
> > +
> > #endif /* CONFIG_BPF_LSM */
> >
> > #endif /* _LINUX_BPF_LSM_H */
> > diff --git a/include/linux/bpf_types.h b/include/linux/bpf_types.h
> > index a18ae82a298a..881e7954c956 100644
> > --- a/include/linux/bpf_types.h
> > +++ b/include/linux/bpf_types.h
> > @@ -101,6 +101,7 @@ BPF_MAP_TYPE(BPF_MAP_TYPE_HASH_OF_MAPS, htab_of_maps_map_ops)
> > BPF_MAP_TYPE(BPF_MAP_TYPE_DEVMAP, dev_map_ops)
> > BPF_MAP_TYPE(BPF_MAP_TYPE_DEVMAP_HASH, dev_map_hash_ops)
> > BPF_MAP_TYPE(BPF_MAP_TYPE_SK_STORAGE, sk_storage_map_ops)
> > +BPF_MAP_TYPE(BPF_MAP_TYPE_INODE_STORAGE, inode_storage_map_ops)
> sk_storage is under CONFIG_NET.
>
> inode_storage should be CONFIG_BPF_LSM?
Thanks, updated.
- KP
>
> > #if defined(CONFIG_BPF_STREAM_PARSER)
> > BPF_MAP_TYPE(BPF_MAP_TYPE_SOCKMAP, sock_map_ops)
> > BPF_MAP_TYPE(BPF_MAP_TYPE_SOCKHASH, sock_hash_ops)
More information about the Linux-security-module-archive
mailing list