[PATCH bpf-next v2 2/4] bpf: Implement bpf_local_storage for inodes

KP Singh kpsingh at chromium.org
Tue Jun 30 11:49:56 UTC 2020


On 18-Jun 23:52, Martin KaFai Lau wrote:
> On Wed, Jun 17, 2020 at 10:29:39PM +0200, KP Singh wrote:
> [ ... ]
> 
> > diff --git a/include/linux/bpf_lsm.h b/include/linux/bpf_lsm.h
> > index af74712af585..8efd7562e3de 100644
> > --- a/include/linux/bpf_lsm.h
> > +++ b/include/linux/bpf_lsm.h
> > @@ -17,9 +17,24 @@
> >  #include <linux/lsm_hook_defs.h>
> >  #undef LSM_HOOK
> >  
> > +struct bpf_storage_blob {
> > +	struct bpf_local_storage __rcu *storage;
> > +};
> > +
> > +extern struct lsm_blob_sizes bpf_lsm_blob_sizes;
> > +
> >  int bpf_lsm_verify_prog(struct bpf_verifier_log *vlog,
> >  			const struct bpf_prog *prog);
> >  
> > +static inline struct bpf_storage_blob *bpf_inode(
> > +	const struct inode *inode)
> > +{
> > +	if (unlikely(!inode->i_security))
> > +		return NULL;
> > +
> > +	return inode->i_security + bpf_lsm_blob_sizes.lbs_inode;
> > +}
> > +
> >  #else /* !CONFIG_BPF_LSM */
> >  
> >  static inline int bpf_lsm_verify_prog(struct bpf_verifier_log *vlog,
> > @@ -28,6 +43,12 @@ static inline int bpf_lsm_verify_prog(struct bpf_verifier_log *vlog,
> >  	return -EOPNOTSUPP;
> >  }
> >  
> > +static inline struct bpf_storage_blob *bpf_inode_storage(
> This does not seem to match the newly added "bpf_inode()"
> above for the "CONFIG_BPF_LSM" case.
> 
> A typo?  May be a good idea to test compiling with !CONFIG_BPF_LSM.

Sorry about that, yeah it was a last minute lazy rename. Will
compile test the series with !CONFIG_BPF_LSM and !CONFIG_NET. Thanks.

> 
> > +	const struct inode *inode)
> > +{
> > +	return NULL;
> > +}
> > +
> >  #endif /* CONFIG_BPF_LSM */
> >  
> >  #endif /* _LINUX_BPF_LSM_H */
> > diff --git a/include/linux/bpf_types.h b/include/linux/bpf_types.h
> > index a18ae82a298a..881e7954c956 100644
> > --- a/include/linux/bpf_types.h
> > +++ b/include/linux/bpf_types.h
> > @@ -101,6 +101,7 @@ BPF_MAP_TYPE(BPF_MAP_TYPE_HASH_OF_MAPS, htab_of_maps_map_ops)
> >  BPF_MAP_TYPE(BPF_MAP_TYPE_DEVMAP, dev_map_ops)
> >  BPF_MAP_TYPE(BPF_MAP_TYPE_DEVMAP_HASH, dev_map_hash_ops)
> >  BPF_MAP_TYPE(BPF_MAP_TYPE_SK_STORAGE, sk_storage_map_ops)
> > +BPF_MAP_TYPE(BPF_MAP_TYPE_INODE_STORAGE, inode_storage_map_ops)
> sk_storage is under CONFIG_NET.
> 
> inode_storage should be CONFIG_BPF_LSM?

Thanks, updated.

- KP

> 
> >  #if defined(CONFIG_BPF_STREAM_PARSER)
> >  BPF_MAP_TYPE(BPF_MAP_TYPE_SOCKMAP, sock_map_ops)
> >  BPF_MAP_TYPE(BPF_MAP_TYPE_SOCKHASH, sock_hash_ops)



More information about the Linux-security-module-archive mailing list