Orange Pi5 kernel

Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards

3 Commits   0 Branches   0 Tags
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
orangepi/linux-orangepi-5.10.y.git/trunk/kernel/bpf/bpf_lsm.c 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  1) // SPDX-License-Identifier: GPL-2.0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  2) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  3) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  4)  * Copyright (C) 2020 Google LLC.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  5)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  6) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  7) #include <linux/filter.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  8) #include <linux/bpf.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  9) #include <linux/btf.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) #include <linux/lsm_hooks.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) #include <linux/bpf_lsm.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) #include <linux/kallsyms.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) #include <linux/bpf_verifier.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) #include <net/bpf_sk_storage.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) #include <linux/bpf_local_storage.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) #include <linux/btf_ids.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) /* For every LSM hook that allows attachment of BPF programs, declare a nop
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19)  * function where a BPF program can be attached.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) #define LSM_HOOK(RET, DEFAULT, NAME, ...)	\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) noinline RET bpf_lsm_##NAME(__VA_ARGS__)	\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) {						\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) 	return DEFAULT;				\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) #include <linux/lsm_hook_defs.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) #undef LSM_HOOK
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) #define LSM_HOOK(RET, DEFAULT, NAME, ...) BTF_ID(func, bpf_lsm_##NAME)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) BTF_SET_START(bpf_lsm_hooks)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) #include <linux/lsm_hook_defs.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) #undef LSM_HOOK
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) BTF_SET_END(bpf_lsm_hooks)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) int bpf_lsm_verify_prog(struct bpf_verifier_log *vlog,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) 			const struct bpf_prog *prog)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) 	if (!prog->gpl_compatible) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) 		bpf_log(vlog,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) 			"LSM programs must have a GPL compatible license\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) 		return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) 	if (!btf_id_set_contains(&bpf_lsm_hooks, prog->aux->attach_btf_id)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) 		bpf_log(vlog, "attach_btf_id %u points to wrong type name %s\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) 			prog->aux->attach_btf_id, prog->aux->attach_func_name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) 		return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) static const struct bpf_func_proto *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) bpf_lsm_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) 	switch (func_id) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) 	case BPF_FUNC_inode_storage_get:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) 		return &bpf_inode_storage_get_proto;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) 	case BPF_FUNC_inode_storage_delete:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) 		return &bpf_inode_storage_delete_proto;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) 	case BPF_FUNC_sk_storage_get:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) 		return &bpf_sk_storage_get_proto;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) 	case BPF_FUNC_sk_storage_delete:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) 		return &bpf_sk_storage_delete_proto;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) 	default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) 		return tracing_prog_func_proto(func_id, prog);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) const struct bpf_prog_ops lsm_prog_ops = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) const struct bpf_verifier_ops lsm_verifier_ops = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) 	.get_func_proto = bpf_lsm_func_proto,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) 	.is_valid_access = btf_ctx_access,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) };
cGit-ui 0.1.7
Git 2.40.0
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.