From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DBA53C10DCE for ; Mon, 23 Mar 2020 20:00:05 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id AC684206F9 for ; Mon, 23 Mar 2020 20:00:05 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="XN6N/+/X" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725912AbgCWUAF (ORCPT ); Mon, 23 Mar 2020 16:00:05 -0400 Received: from mail-qt1-f193.google.com ([209.85.160.193]:36870 "EHLO mail-qt1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725877AbgCWUAF (ORCPT ); Mon, 23 Mar 2020 16:00:05 -0400 Received: by mail-qt1-f193.google.com with SMTP id d12so10459475qtj.4; Mon, 23 Mar 2020 13:00:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=+qqP3p6NUFM3pblvdRB2elYDHfWUXO+b1eOHuuUBxWo=; b=XN6N/+/XUOYasY96gW1pjrCuXxY8GQUlnV5GJXilFIfrrnts8K7V/RdjEIFOFdTVHo HkyXrkBkUIHWwEVIpaIlhoLtZdPgXWHciZQHPpjN8nZm17zewSzyr25ptGZtnsDJtfos b5hYAFmzOKKE4cGf0/OYqMl1A412YyF9/XtxMzfbTiYd2nPbMGfTOGXkUBGt1NkGU1a2 NFK4I/1L1FPdpv07v9Q8Gk2q0s6BO8C7UV0AtWW1QF20Ty28GjsTddd7Qd6bXy8FQkN/ n5AUVjtCeu6ON59Kay8w1oqAW6ZkhSv2FFqNXlUIgxenc32X/DKdsSUE7IBJRDnXY7qY wMTw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=+qqP3p6NUFM3pblvdRB2elYDHfWUXO+b1eOHuuUBxWo=; b=CxhMLGMkCEAxzXByB7DDj8pc6uH97Zyr7QSGb4Yz12+iSy7KduYSN6qiZoPvwVlKO1 6rQuJTJgXQTP0XueNpiSM+4kdo5estzTsvHOD5oxqi5F90qdNwOX8s7/rF3wvpER33kT sXFpV4cDGQx0m/rrJ4OjcL1DDprKH2Rx5jzHvQbkzEocyB+3pT7miQSYVKCAYXofGmjC mkOQPx121Mhzwt0nWhjEyWFhSPiSWspKCItN888fswOZxJrObw1A0KzAliUkTmS8xLyB 9ZWK4grWtrRRiTmJNONGsLyTe7MLKT49WtGi11lOeQAY6tLXJ9WHgBNyebC40NGv2fj6 PHMw== X-Gm-Message-State: ANhLgQ0BFDFnMUkc77QhWeZBMNK0Ws3UmberFtlI3e4X1HGV1XDV7IpH DJjvgt/V6SEu4YWL4jP2/HCoL//Ywbm8I2VP4CM= X-Google-Smtp-Source: ADFU+vvNQQv8DEH2ydvf51OvRh0rhtw/VacrRt6UqgAOnjfxKJcYGr3rb/Xy/PoTxUkzYGEIVuj3IWmg/Pyvi8BMEo8= X-Received: by 2002:ac8:7448:: with SMTP id h8mr22843425qtr.117.1584993603585; Mon, 23 Mar 2020 13:00:03 -0700 (PDT) MIME-Version: 1.0 References: <20200323164415.12943-1-kpsingh@chromium.org> <20200323164415.12943-4-kpsingh@chromium.org> In-Reply-To: <20200323164415.12943-4-kpsingh@chromium.org> From: Andrii Nakryiko Date: Mon, 23 Mar 2020 12:59:52 -0700 Message-ID: Subject: Re: [PATCH bpf-next v5 3/7] bpf: lsm: provide attachment points for BPF LSM programs To: KP Singh Cc: open list , bpf , linux-security-module@vger.kernel.org, Brendan Jackman , Florent Revest , Alexei Starovoitov , Daniel Borkmann , James Morris , Kees Cook , Paul Turner , Jann Horn , Florent Revest , Brendan Jackman , Greg Kroah-Hartman Content-Type: text/plain; charset="UTF-8" Sender: bpf-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org On Mon, Mar 23, 2020 at 9:45 AM KP Singh wrote: > > From: KP Singh > > When CONFIG_BPF_LSM is enabled, nops functions, bpf_lsm_, are > generated for each LSM hook. These nops are initialized as LSM hooks in > a subsequent patch. > > Signed-off-by: KP Singh > Reviewed-by: Brendan Jackman > Reviewed-by: Florent Revest > --- > include/linux/bpf_lsm.h | 21 +++++++++++++++++++++ > kernel/bpf/bpf_lsm.c | 19 +++++++++++++++++++ > 2 files changed, 40 insertions(+) > create mode 100644 include/linux/bpf_lsm.h > > diff --git a/include/linux/bpf_lsm.h b/include/linux/bpf_lsm.h > new file mode 100644 > index 000000000000..c6423a140220 > --- /dev/null > +++ b/include/linux/bpf_lsm.h > @@ -0,0 +1,21 @@ > +/* SPDX-License-Identifier: GPL-2.0 */ > + > +/* > + * Copyright (C) 2020 Google LLC. > + */ > + > +#ifndef _LINUX_BPF_LSM_H > +#define _LINUX_BPF_LSM_H > + > +#include > +#include > + > +#ifdef CONFIG_BPF_LSM > + > +#define LSM_HOOK(RET, NAME, ...) RET bpf_lsm_##NAME(__VA_ARGS__); > +#include > +#undef LSM_HOOK > + > +#endif /* CONFIG_BPF_LSM */ > + > +#endif /* _LINUX_BPF_LSM_H */ > diff --git a/kernel/bpf/bpf_lsm.c b/kernel/bpf/bpf_lsm.c > index 82875039ca90..530d137f7a84 100644 > --- a/kernel/bpf/bpf_lsm.c > +++ b/kernel/bpf/bpf_lsm.c > @@ -7,6 +7,25 @@ > #include > #include > #include > +#include > +#include > + > +/* For every LSM hook that allows attachment of BPF programs, declare a NOP > + * function where a BPF program can be attached as an fexit trampoline. > + */ > +#define LSM_HOOK(RET, NAME, ...) LSM_HOOK_##RET(NAME, __VA_ARGS__) > + > +#define LSM_HOOK_int(NAME, ...) \ > +noinline __weak int bpf_lsm_##NAME(__VA_ARGS__) \ > +{ \ > + return 0; \ > +} > + > +#define LSM_HOOK_void(NAME, ...) \ > +noinline __weak void bpf_lsm_##NAME(__VA_ARGS__) {} > + Could unify with: #define LSM_HOOK(RET, NAME, ...) noinline __weak RET bpf_lsm_##NAME(__VA_ARGS__) { return (RET)0; } then you don't need LSM_HOOK_int and LSM_HOOK_void. > +#include > +#undef LSM_HOOK > > const struct bpf_prog_ops lsm_prog_ops = { > }; > -- > 2.20.1 >