[PATCH] Add LoadPin support for eBPF program loading
David Windsor
dwindsor at gmail.com
Fri Jun 12 00:08:25 UTC 2026
On Thu, Jun 11, 2026 at 01:59:10PM -0500, Alex Roberts wrote:
> +static int loadpin_bpf_prog_load(struct bpf_prog *prog, union bpf_attr *attr,
> + struct bpf_token *token, bool is_kernel)
> +{
> + int res = 0;
> + struct file *exe_file = NULL;
> + struct mm_struct *mm = current->mm;
> +
> + if (is_kernel || !mm)
> + return 0;
> +
> + exe_file = get_mm_exe_file(mm);
> + if (!exe_file)
> + return 0;
> +
> + res = loadpin_check(exe_file, READING_EBPF);
Why are we checking current here? IIUC this will be whoever calls
bpf(2), which would be the loader, which would then be able to load bpf
programs from an untrusted source.
In the kmod case loadpin_check() sees the .ko itself.
More information about the Linux-security-module-archive
mailing list