[PATCH bpf-next 0/3] Introduce bpf_kern_path and bpf_path_put
Song Liu
song at kernel.org
Thu Nov 27 00:50:08 UTC 2025
Security solutions use LSM hook security_sb_mount to monitor mount
operations. security_sb_mount takes dev_name as a string. To get a struct
path from dev_name, in-tree LSMs use kern_path. Introduce kfuncs
bpf_kern_path so that bpf LSM can do similar operations. bpf_kern_path
takes a reference on the return value path. Also add kfunc bpf_path_put to
release path returned by bpf_kern_path. Note that, bpf_kern_path only holds
reference on the path during the duration of this bpf program. The verifier
enforces the bpf program release this reference.
Patch 1/3 prepares bpf verifier to handle const char * passed in as hook
argument. Before this change, bpf helpers and kfuncs only consider value
from read only map as const string.
Patch 2/3 adds the two kfuncs.
Patch 3/3 add tests for the new kfuncs.
Song Liu (3):
bpf: Allow const char * from LSM hooks as kfunc const string arguments
bpf: Add bpf_kern_path and bpf_path_put kfuncs
selftests/bpf: Add tests for bpf_kern_path kfunc
fs/bpf_fs_kfuncs.c | 58 +++++++++++
include/linux/btf.h | 1 +
kernel/bpf/btf.c | 33 +++++++
kernel/bpf/verifier.c | 51 +++++++---
.../testing/selftests/bpf/bpf_experimental.h | 4 +
.../selftests/bpf/prog_tests/kern_path.c | 82 ++++++++++++++++
.../selftests/bpf/progs/test_kern_path.c | 56 +++++++++++
.../selftests/bpf/progs/verifier_kern_path.c | 52 ++++++++++
.../bpf/progs/verifier_kern_path_fail.c | 97 +++++++++++++++++++
9 files changed, 422 insertions(+), 12 deletions(-)
create mode 100644 tools/testing/selftests/bpf/prog_tests/kern_path.c
create mode 100644 tools/testing/selftests/bpf/progs/test_kern_path.c
create mode 100644 tools/testing/selftests/bpf/progs/verifier_kern_path.c
create mode 100644 tools/testing/selftests/bpf/progs/verifier_kern_path_fail.c
--
2.47.3
More information about the Linux-security-module-archive
mailing list