]>
Commit | Line | Data |
---|---|---|
fc611f47 KS |
1 | // SPDX-License-Identifier: GPL-2.0 |
2 | ||
3 | /* | |
4 | * Copyright (C) 2020 Google LLC. | |
5 | */ | |
6 | ||
7 | #include <linux/filter.h> | |
8 | #include <linux/bpf.h> | |
9 | #include <linux/btf.h> | |
9d3fdea7 KS |
10 | #include <linux/lsm_hooks.h> |
11 | #include <linux/bpf_lsm.h> | |
9e4e01df KS |
12 | #include <linux/kallsyms.h> |
13 | #include <linux/bpf_verifier.h> | |
30897832 KS |
14 | #include <net/bpf_sk_storage.h> |
15 | #include <linux/bpf_local_storage.h> | |
9d3fdea7 KS |
16 | |
17 | /* For every LSM hook that allows attachment of BPF programs, declare a nop | |
18 | * function where a BPF program can be attached. | |
19 | */ | |
20 | #define LSM_HOOK(RET, DEFAULT, NAME, ...) \ | |
21 | noinline RET bpf_lsm_##NAME(__VA_ARGS__) \ | |
22 | { \ | |
23 | return DEFAULT; \ | |
24 | } | |
25 | ||
26 | #include <linux/lsm_hook_defs.h> | |
27 | #undef LSM_HOOK | |
fc611f47 | 28 | |
9e4e01df KS |
29 | #define BPF_LSM_SYM_PREFX "bpf_lsm_" |
30 | ||
31 | int bpf_lsm_verify_prog(struct bpf_verifier_log *vlog, | |
32 | const struct bpf_prog *prog) | |
33 | { | |
34 | if (!prog->gpl_compatible) { | |
35 | bpf_log(vlog, | |
36 | "LSM programs must have a GPL compatible license\n"); | |
37 | return -EINVAL; | |
38 | } | |
39 | ||
40 | if (strncmp(BPF_LSM_SYM_PREFX, prog->aux->attach_func_name, | |
41 | sizeof(BPF_LSM_SYM_PREFX) - 1)) { | |
42 | bpf_log(vlog, "attach_btf_id %u points to wrong type name %s\n", | |
43 | prog->aux->attach_btf_id, prog->aux->attach_func_name); | |
44 | return -EINVAL; | |
45 | } | |
46 | ||
47 | return 0; | |
48 | } | |
49 | ||
30897832 KS |
50 | static const struct bpf_func_proto * |
51 | bpf_lsm_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) | |
52 | { | |
53 | switch (func_id) { | |
54 | case BPF_FUNC_inode_storage_get: | |
55 | return &bpf_inode_storage_get_proto; | |
56 | case BPF_FUNC_inode_storage_delete: | |
57 | return &bpf_inode_storage_delete_proto; | |
58 | case BPF_FUNC_sk_storage_get: | |
59 | return &sk_storage_get_btf_proto; | |
60 | case BPF_FUNC_sk_storage_delete: | |
61 | return &sk_storage_delete_btf_proto; | |
62 | default: | |
63 | return tracing_prog_func_proto(func_id, prog); | |
64 | } | |
65 | } | |
66 | ||
fc611f47 KS |
67 | const struct bpf_prog_ops lsm_prog_ops = { |
68 | }; | |
69 | ||
70 | const struct bpf_verifier_ops lsm_verifier_ops = { | |
30897832 | 71 | .get_func_proto = bpf_lsm_func_proto, |
fc611f47 KS |
72 | .is_valid_access = btf_ctx_access, |
73 | }; |