LXR linux/kernel/bpf/bpf

   1// SPDX-License-Identifier: GPL-2.0
   2
   3/*
   4 * Copyright (C) 2020 Google LLC.
   5 */
   6
   7#include <linux/filter.h>
   8#include <linux/bpf.h>
   9#include <linux/btf.h>
  10#include <linux/lsm_hooks.h>
  11#include <linux/bpf_lsm.h>
  12#include <linux/kallsyms.h>
  13#include <linux/bpf_verifier.h>
  14
  15/* For every LSM hook that allows attachment of BPF programs, declare a nop
  16 * function where a BPF program can be attached.
  17 */
  18#define LSM_HOOK(RET, DEFAULT, NAME, ...)       \
  19noinline RET bpf_lsm_##NAME(__VA_ARGS__)        \
  20{                                               \
  21        return DEFAULT;                         \
  22}
  23
  24#include <linux/lsm_hook_defs.h>
  25#undef LSM_HOOK
  26
  27#define BPF_LSM_SYM_PREFX  "bpf_lsm_"
  28
  29int bpf_lsm_verify_prog(struct bpf_verifier_log *vlog,
  30                        const struct bpf_prog *prog)
  31{
  32        if (!prog->gpl_compatible) {
  33                bpf_log(vlog,
  34                        "LSM programs must have a GPL compatible license\n");
  35                return -EINVAL;
  36        }
  37
  38        if (strncmp(BPF_LSM_SYM_PREFX, prog->aux->attach_func_name,
  39                    sizeof(BPF_LSM_SYM_PREFX) - 1)) {
  40                bpf_log(vlog, "attach_btf_id %u points to wrong type name %s\n",
  41                        prog->aux->attach_btf_id, prog->aux->attach_func_name);
  42                return -EINVAL;
  43        }
  44
  45        return 0;
  46}
  47
  48const struct bpf_prog_ops lsm_prog_ops = {
  49};
  50
  51const struct bpf_verifier_ops lsm_verifier_ops = {
  52        .get_func_proto = tracing_prog_func_proto,
  53        .is_valid_access = btf_ctx_access,
  54};
  55