From: "Michael Weiß" <michael.weiss@aisec.fraunhofer.de>
To: Christian Brauner <brauner@kernel.org>,
Alexander Mikhalitsyn <alexander@mihalicyn.com>,
Alexei Starovoitov <ast@kernel.org>,
Paul Moore <paul@paul-moore.com>
Cc: "Daniel Borkmann" <daniel@iogearbox.net>,
"Andrii Nakryiko" <andrii@kernel.org>,
"Martin KaFai Lau" <martin.lau@linux.dev>,
"Song Liu" <song@kernel.org>, "Yonghong Song" <yhs@fb.com>,
"John Fastabend" <john.fastabend@gmail.com>,
"KP Singh" <kpsingh@kernel.org>,
"Stanislav Fomichev" <sdf@google.com>,
"Hao Luo" <haoluo@google.com>, "Jiri Olsa" <jolsa@kernel.org>,
"Quentin Monnet" <quentin@isovalent.com>,
"Alexander Viro" <viro@zeniv.linux.org.uk>,
"Miklos Szeredi" <miklos@szeredi.hu>,
"Amir Goldstein" <amir73il@gmail.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
bpf@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-fsdevel@vger.kernel.org,
linux-security-module@vger.kernel.org,
gyroidos@aisec.fraunhofer.de,
"Michael Weiß" <michael.weiss@aisec.fraunhofer.de>,
"Alexander Mikhalitsyn" <aleksandr.mikhalitsyn@canonical.com>
Subject: [RFC PATCH v3 1/3] bpf: cgroup: Introduce helper cgroup_bpf_current_enabled()
Date: Wed, 13 Dec 2023 15:38:11 +0100 [thread overview]
Message-ID: <20231213143813.6818-2-michael.weiss@aisec.fraunhofer.de> (raw)
In-Reply-To: <20231213143813.6818-1-michael.weiss@aisec.fraunhofer.de>
This helper can be used to check if a cgroup-bpf specific program is
active for the current task.
Signed-off-by: Michael Weiß <michael.weiss@aisec.fraunhofer.de>
Reviewed-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
---
include/linux/bpf-cgroup.h | 2 ++
kernel/bpf/cgroup.c | 14 ++++++++++++++
2 files changed, 16 insertions(+)
diff --git a/include/linux/bpf-cgroup.h b/include/linux/bpf-cgroup.h
index a789266feac3..7cb49bde09ff 100644
--- a/include/linux/bpf-cgroup.h
+++ b/include/linux/bpf-cgroup.h
@@ -191,6 +191,8 @@ static inline bool cgroup_bpf_sock_enabled(struct sock *sk,
return array != &bpf_empty_prog_array.hdr;
}
+bool cgroup_bpf_current_enabled(enum cgroup_bpf_attach_type type);
+
/* Wrappers for __cgroup_bpf_run_filter_skb() guarded by cgroup_bpf_enabled. */
#define BPF_CGROUP_RUN_PROG_INET_INGRESS(sk, skb) \
({ \
diff --git a/kernel/bpf/cgroup.c b/kernel/bpf/cgroup.c
index 491d20038cbe..9007165abe8c 100644
--- a/kernel/bpf/cgroup.c
+++ b/kernel/bpf/cgroup.c
@@ -24,6 +24,20 @@
DEFINE_STATIC_KEY_ARRAY_FALSE(cgroup_bpf_enabled_key, MAX_CGROUP_BPF_ATTACH_TYPE);
EXPORT_SYMBOL(cgroup_bpf_enabled_key);
+bool cgroup_bpf_current_enabled(enum cgroup_bpf_attach_type type)
+{
+ struct cgroup *cgrp;
+ struct bpf_prog_array *array;
+
+ rcu_read_lock();
+ cgrp = task_dfl_cgroup(current);
+ rcu_read_unlock();
+
+ array = rcu_access_pointer(cgrp->bpf.effective[type]);
+ return array != &bpf_empty_prog_array.hdr;
+}
+EXPORT_SYMBOL(cgroup_bpf_current_enabled);
+
/* __always_inline is necessary to prevent indirect call through run_prog
* function pointer.
*/
--
2.30.2
next prev parent reply other threads:[~2023-12-13 14:38 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-13 14:38 [RFC PATCH v3 0/3] devguard: guard mknod for non-initial user namespace Michael Weiß
2023-12-13 14:38 ` Michael Weiß [this message]
2023-12-13 16:59 ` [RFC PATCH v3 1/3] bpf: cgroup: Introduce helper cgroup_bpf_current_enabled() Yonghong Song
2023-12-14 8:17 ` Michael Weiß
2023-12-15 14:31 ` Yonghong Song
2023-12-13 14:38 ` [RFC PATCH v3 2/3] fs: Make vfs_mknod() to check CAP_MKNOD in user namespace of sb Michael Weiß
2023-12-13 14:38 ` [RFC PATCH v3 3/3] devguard: added device guard for mknod in non-initial userns Michael Weiß
2023-12-13 18:35 ` Casey Schaufler
2023-12-15 12:31 ` Christian Brauner
2023-12-15 13:26 ` Michael Weiß
2023-12-15 14:15 ` Christian Brauner
2023-12-15 16:36 ` Christian Brauner
2023-12-18 16:09 ` Alexander Mikhalitsyn
2023-12-19 13:43 ` Christian Brauner
2023-12-15 18:08 ` Alexei Starovoitov
2023-12-16 10:38 ` Christian Brauner
2023-12-16 17:41 ` Alexei Starovoitov
2023-12-18 12:30 ` Christian Brauner
2023-12-22 23:39 ` Paul Moore
2023-12-27 14:31 ` Michael Weiß
2023-12-29 22:31 ` Paul Moore
2024-01-08 13:44 ` Michael Weiß
2024-01-08 16:34 ` Paul Moore
2023-12-18 16:18 ` Alexander Mikhalitsyn
2023-12-20 19:44 ` Michael Weiß
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231213143813.6818-2-michael.weiss@aisec.fraunhofer.de \
--to=michael.weiss@aisec.fraunhofer.de \
--cc=aleksandr.mikhalitsyn@canonical.com \
--cc=alexander@mihalicyn.com \
--cc=amir73il@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=brauner@kernel.org \
--cc=daniel@iogearbox.net \
--cc=gyroidos@aisec.fraunhofer.de \
--cc=haoluo@google.com \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kpsingh@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=martin.lau@linux.dev \
--cc=miklos@szeredi.hu \
--cc=paul@paul-moore.com \
--cc=quentin@isovalent.com \
--cc=sdf@google.com \
--cc=serge@hallyn.com \
--cc=song@kernel.org \
--cc=viro@zeniv.linux.org.uk \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.