[PATCH v2 bpf-next 5/5] bpf: Make bpf_cgroup_read_xattr available to cgroup and struct_ops progs
Alexei Starovoitov
alexei.starovoitov at gmail.com
Fri Jun 20 18:18:23 UTC 2025
On Thu, Jun 19, 2025 at 3:02 PM Song Liu <song at kernel.org> wrote:
>
> cgroup BPF programs and struct_ops BPF programs (such as sched_ext), need
> bpf_cgroup_read_xattr. Make bpf_cgroup_read_xattr available to these prog
> types.
...
> + ret = register_btf_kfunc_id_set(BPF_PROG_TYPE_LSM, &bpf_lsm_fs_kfunc_set);
> + ret = ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_STRUCT_OPS, &bpf_fs_kfunc_set);
> + ret = ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_CGROUP_SKB, &bpf_fs_kfunc_set);
> + ret = ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_CGROUP_SOCK, &bpf_fs_kfunc_set);
> + ret = ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_CGROUP_DEVICE, &bpf_fs_kfunc_set);
> + ret = ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_CGROUP_SOCK_ADDR, &bpf_fs_kfunc_set);
> + ret = ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_CGROUP_SYSCTL, &bpf_fs_kfunc_set);
> + return ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_CGROUP_SOCKOPT, &bpf_fs_kfunc_set);
No need to artificially restrict it like this.
bpf_cgroup_read_xattr() is generic enough and the verifier will enforce
the safety due to KF_RCU.
Just add it to common_btf_ids.
More information about the Linux-security-module-archive
mailing list