* [PATCH bpf-next] bpf: Only add BTF IDs for socket security hooks when CONFIG_SECURITY_NETWORK is on
@ 2022-09-01 6:51 Hou Tao
2022-09-01 23:30 ` patchwork-bot+netdevbpf
0 siblings, 1 reply; 2+ messages in thread
From: Hou Tao @ 2022-09-01 6:51 UTC (permalink / raw)
To: bpf
Cc: Song Liu, Hao Luo, Andrii Nakryiko, Yonghong Song,
Alexei Starovoitov, Daniel Borkmann, Martin KaFai Lau, KP Singh,
David S . Miller, Jakub Kicinski, Stanislav Fomichev, Jiri Olsa,
John Fastabend, Lorenz Bauer, houtao1
From: Hou Tao <houtao1@huawei.com>
When CONFIG_SECURITY_NETWORK is disabled, there will be build warnings
from resolve_btfids:
WARN: resolve_btfids: unresolved symbol bpf_lsm_socket_socketpair
......
WARN: resolve_btfids: unresolved symbol bpf_lsm_inet_conn_established
Fixing it by wrapping these BTF ID definitions by CONFIG_SECURITY_NETWORK.
Signed-off-by: Hou Tao <houtao1@huawei.com>
---
kernel/bpf/bpf_lsm.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/kernel/bpf/bpf_lsm.c b/kernel/bpf/bpf_lsm.c
index fa71d58b7ded..832a0e48a2a1 100644
--- a/kernel/bpf/bpf_lsm.c
+++ b/kernel/bpf/bpf_lsm.c
@@ -41,17 +41,21 @@ BTF_SET_END(bpf_lsm_hooks)
*/
BTF_SET_START(bpf_lsm_current_hooks)
/* operate on freshly allocated sk without any cgroup association */
+#ifdef CONFIG_SECURITY_NETWORK
BTF_ID(func, bpf_lsm_sk_alloc_security)
BTF_ID(func, bpf_lsm_sk_free_security)
+#endif
BTF_SET_END(bpf_lsm_current_hooks)
/* List of LSM hooks that trigger while the socket is properly locked.
*/
BTF_SET_START(bpf_lsm_locked_sockopt_hooks)
+#ifdef CONFIG_SECURITY_NETWORK
BTF_ID(func, bpf_lsm_socket_sock_rcv_skb)
BTF_ID(func, bpf_lsm_sock_graft)
BTF_ID(func, bpf_lsm_inet_csk_clone)
BTF_ID(func, bpf_lsm_inet_conn_established)
+#endif
BTF_SET_END(bpf_lsm_locked_sockopt_hooks)
/* List of LSM hooks that trigger while the socket is _not_ locked,
@@ -59,8 +63,10 @@ BTF_SET_END(bpf_lsm_locked_sockopt_hooks)
* in the early init phase.
*/
BTF_SET_START(bpf_lsm_unlocked_sockopt_hooks)
+#ifdef CONFIG_SECURITY_NETWORK
BTF_ID(func, bpf_lsm_socket_post_create)
BTF_ID(func, bpf_lsm_socket_socketpair)
+#endif
BTF_SET_END(bpf_lsm_unlocked_sockopt_hooks)
#ifdef CONFIG_CGROUP_BPF
--
2.29.2
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH bpf-next] bpf: Only add BTF IDs for socket security hooks when CONFIG_SECURITY_NETWORK is on
2022-09-01 6:51 [PATCH bpf-next] bpf: Only add BTF IDs for socket security hooks when CONFIG_SECURITY_NETWORK is on Hou Tao
@ 2022-09-01 23:30 ` patchwork-bot+netdevbpf
0 siblings, 0 replies; 2+ messages in thread
From: patchwork-bot+netdevbpf @ 2022-09-01 23:30 UTC (permalink / raw)
To: Hou Tao
Cc: bpf, songliubraving, haoluo, andrii, yhs, ast, daniel, kafai,
kpsingh, davem, kuba, sdf, jolsa, john.fastabend, oss, houtao1
Hello:
This patch was applied to bpf/bpf-next.git (master)
by Martin KaFai Lau <martin.lau@kernel.org>:
On Thu, 1 Sep 2022 14:51:26 +0800 you wrote:
> From: Hou Tao <houtao1@huawei.com>
>
> When CONFIG_SECURITY_NETWORK is disabled, there will be build warnings
> from resolve_btfids:
>
> WARN: resolve_btfids: unresolved symbol bpf_lsm_socket_socketpair
> ......
> WARN: resolve_btfids: unresolved symbol bpf_lsm_inet_conn_established
>
> [...]
Here is the summary with links:
- [bpf-next] bpf: Only add BTF IDs for socket security hooks when CONFIG_SECURITY_NETWORK is on
https://git.kernel.org/bpf/bpf-next/c/ef331a8d4c00
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-09-01 23:30 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-09-01 6:51 [PATCH bpf-next] bpf: Only add BTF IDs for socket security hooks when CONFIG_SECURITY_NETWORK is on Hou Tao
2022-09-01 23:30 ` patchwork-bot+netdevbpf
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.