mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-01-16 01:54:00 +00:00
Documentation/bpf: Add documentation for filesystem kfuncs
Add a brief introduction for file system kfuncs: bpf_get_file_xattr() bpf_get_fsverity_digest() The documentation highlights the strategy to avoid recursions of these kfuncs. Signed-off-by: Song Liu <song@kernel.org> Link: https://lore.kernel.org/r/20231129234417.856536-4-song@kernel.org Signed-off-by: Alexei Starovoitov <ast@kernel.org>
This commit is contained in:
parent
67814c00de
commit
0de267d9ec
21
Documentation/bpf/fs_kfuncs.rst
Normal file
21
Documentation/bpf/fs_kfuncs.rst
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
.. SPDX-License-Identifier: GPL-2.0
|
||||||
|
|
||||||
|
.. _fs_kfuncs-header-label:
|
||||||
|
|
||||||
|
=====================
|
||||||
|
BPF filesystem kfuncs
|
||||||
|
=====================
|
||||||
|
|
||||||
|
BPF LSM programs need to access filesystem data from LSM hooks. The following
|
||||||
|
BPF kfuncs can be used to get these data.
|
||||||
|
|
||||||
|
* ``bpf_get_file_xattr()``
|
||||||
|
|
||||||
|
* ``bpf_get_fsverity_digest()``
|
||||||
|
|
||||||
|
To avoid recursions, these kfuncs follow the following rules:
|
||||||
|
|
||||||
|
1. These kfuncs are only permitted from BPF LSM function.
|
||||||
|
2. These kfuncs should not call into other LSM hooks, i.e. security_*(). For
|
||||||
|
example, ``bpf_get_file_xattr()`` does not use ``vfs_getxattr()``, because
|
||||||
|
the latter calls LSM hook ``security_inode_getxattr``.
|
@ -21,6 +21,7 @@ that goes into great technical depth about the BPF Architecture.
|
|||||||
helpers
|
helpers
|
||||||
kfuncs
|
kfuncs
|
||||||
cpumasks
|
cpumasks
|
||||||
|
fs_kfuncs
|
||||||
programs
|
programs
|
||||||
maps
|
maps
|
||||||
bpf_prog_run
|
bpf_prog_run
|
||||||
|
Loading…
x
Reference in New Issue
Block a user