mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
synced 2025-01-04 04:02:26 +00:00
d08e2045eb
Add a new variant of bpf_d_path() named bpf_path_d_path() which takes the form of a BPF kfunc and enforces KF_TRUSTED_ARGS semantics onto its arguments. This new d_path() based BPF kfunc variant is intended to address the legacy bpf_d_path() BPF helper's susceptability to memory corruption issues [0, 1, 2] by ensuring to only operate on supplied arguments which are deemed trusted by the BPF verifier. Typically, this means that only pointers to a struct path which have been referenced counted may be supplied. In addition to the new bpf_path_d_path() BPF kfunc, we also add a KF_ACQUIRE based BPF kfunc bpf_get_task_exe_file() and KF_RELEASE counterpart BPF kfunc bpf_put_file(). This is so that the new bpf_path_d_path() BPF kfunc can be used more flexibily from within the context of a BPF LSM program. It's rather common to ascertain the backing executable file for the calling process by performing the following walk current->mm->exe_file while instrumenting a given operation from the context of the BPF LSM program. However, walking current->mm->exe_file directly is never deemed to be OK, and doing so from both inside and outside of BPF LSM program context should be considered as a bug. Using bpf_get_task_exe_file() and in turn bpf_put_file() will allow BPF LSM programs to reliably get and put references to current->mm->exe_file. As of now, all the newly introduced BPF kfuncs within this patch are limited to BPF LSM program types. These can be either sleepable or non-sleepable variants of BPF LSM program types. [0] https://lore.kernel.org/bpf/CAG48ez0ppjcT=QxU-jtCUfb5xQb3mLr=5FcwddF_VKfEBPs_Dg@mail.gmail.com/ [1] https://lore.kernel.org/bpf/20230606181714.532998-1-jolsa@kernel.org/ [2] https://lore.kernel.org/bpf/20220219113744.1852259-1-memxor@gmail.com/ Acked-by: Christian Brauner <brauner@kernel.org> Signed-off-by: Matt Bobrowski <mattbobrowski@google.com> Acked-by: Song Liu <song@kernel.org> Link: https://lore.kernel.org/r/20240731110833.1834742-2-mattbobrowski@google.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
133 lines
4.4 KiB
Makefile
133 lines
4.4 KiB
Makefile
# SPDX-License-Identifier: GPL-2.0
|
|
#
|
|
# Makefile for the Linux filesystems.
|
|
#
|
|
# 14 Sep 2000, Christoph Hellwig <hch@infradead.org>
|
|
# Rewritten to use lists instead of if-statements.
|
|
#
|
|
|
|
|
|
obj-y := open.o read_write.o file_table.o super.o \
|
|
char_dev.o stat.o exec.o pipe.o namei.o fcntl.o \
|
|
ioctl.o readdir.o select.o dcache.o inode.o \
|
|
attr.o bad_inode.o file.o filesystems.o namespace.o \
|
|
seq_file.o xattr.o libfs.o fs-writeback.o \
|
|
pnode.o splice.o sync.o utimes.o d_path.o \
|
|
stack.o fs_struct.o statfs.o fs_pin.o nsfs.o \
|
|
fs_types.o fs_context.o fs_parser.o fsopen.o init.o \
|
|
kernel_read_file.o mnt_idmapping.o remap_range.o pidfs.o
|
|
|
|
obj-$(CONFIG_BUFFER_HEAD) += buffer.o mpage.o
|
|
obj-$(CONFIG_PROC_FS) += proc_namespace.o
|
|
obj-$(CONFIG_LEGACY_DIRECT_IO) += direct-io.o
|
|
obj-y += notify/
|
|
obj-$(CONFIG_EPOLL) += eventpoll.o
|
|
obj-y += anon_inodes.o
|
|
obj-$(CONFIG_SIGNALFD) += signalfd.o
|
|
obj-$(CONFIG_TIMERFD) += timerfd.o
|
|
obj-$(CONFIG_EVENTFD) += eventfd.o
|
|
obj-$(CONFIG_USERFAULTFD) += userfaultfd.o
|
|
obj-$(CONFIG_AIO) += aio.o
|
|
obj-$(CONFIG_FS_DAX) += dax.o
|
|
obj-$(CONFIG_FS_ENCRYPTION) += crypto/
|
|
obj-$(CONFIG_FS_VERITY) += verity/
|
|
obj-$(CONFIG_FILE_LOCKING) += locks.o
|
|
obj-$(CONFIG_BINFMT_MISC) += binfmt_misc.o
|
|
obj-$(CONFIG_BINFMT_SCRIPT) += binfmt_script.o
|
|
obj-$(CONFIG_BINFMT_ELF) += binfmt_elf.o
|
|
obj-$(CONFIG_COMPAT_BINFMT_ELF) += compat_binfmt_elf.o
|
|
obj-$(CONFIG_BINFMT_ELF_FDPIC) += binfmt_elf_fdpic.o
|
|
obj-$(CONFIG_BINFMT_FLAT) += binfmt_flat.o
|
|
|
|
obj-$(CONFIG_FS_STACK) += backing-file.o
|
|
obj-$(CONFIG_FS_MBCACHE) += mbcache.o
|
|
obj-$(CONFIG_FS_POSIX_ACL) += posix_acl.o
|
|
obj-$(CONFIG_NFS_COMMON) += nfs_common/
|
|
obj-$(CONFIG_COREDUMP) += coredump.o
|
|
obj-$(CONFIG_SYSCTL) += drop_caches.o sysctls.o
|
|
|
|
obj-$(CONFIG_FHANDLE) += fhandle.o
|
|
obj-y += iomap/
|
|
|
|
obj-y += quota/
|
|
|
|
obj-$(CONFIG_PROC_FS) += proc/
|
|
obj-$(CONFIG_KERNFS) += kernfs/
|
|
obj-$(CONFIG_SYSFS) += sysfs/
|
|
obj-$(CONFIG_CONFIGFS_FS) += configfs/
|
|
obj-y += devpts/
|
|
|
|
obj-$(CONFIG_DLM) += dlm/
|
|
|
|
# Do not add any filesystems before this line
|
|
obj-$(CONFIG_NETFS_SUPPORT) += netfs/
|
|
obj-$(CONFIG_REISERFS_FS) += reiserfs/
|
|
obj-$(CONFIG_EXT4_FS) += ext4/
|
|
# We place ext4 before ext2 so that clean ext3 root fs's do NOT mount using the
|
|
# ext2 driver, which doesn't know about journalling! Explicitly request ext2
|
|
# by giving the rootfstype= parameter.
|
|
obj-$(CONFIG_EXT2_FS) += ext2/
|
|
obj-$(CONFIG_JBD2) += jbd2/
|
|
obj-$(CONFIG_CRAMFS) += cramfs/
|
|
obj-$(CONFIG_SQUASHFS) += squashfs/
|
|
obj-y += ramfs/
|
|
obj-$(CONFIG_HUGETLBFS) += hugetlbfs/
|
|
obj-$(CONFIG_CODA_FS) += coda/
|
|
obj-$(CONFIG_MINIX_FS) += minix/
|
|
obj-$(CONFIG_FAT_FS) += fat/
|
|
obj-$(CONFIG_EXFAT_FS) += exfat/
|
|
obj-$(CONFIG_BFS_FS) += bfs/
|
|
obj-$(CONFIG_ISO9660_FS) += isofs/
|
|
obj-$(CONFIG_HFSPLUS_FS) += hfsplus/ # Before hfs to find wrapped HFS+
|
|
obj-$(CONFIG_HFS_FS) += hfs/
|
|
obj-$(CONFIG_ECRYPT_FS) += ecryptfs/
|
|
obj-$(CONFIG_VXFS_FS) += freevxfs/
|
|
obj-$(CONFIG_NFS_FS) += nfs/
|
|
obj-$(CONFIG_EXPORTFS) += exportfs/
|
|
obj-$(CONFIG_NFSD) += nfsd/
|
|
obj-$(CONFIG_LOCKD) += lockd/
|
|
obj-$(CONFIG_NLS) += nls/
|
|
obj-y += unicode/
|
|
obj-$(CONFIG_SYSV_FS) += sysv/
|
|
obj-$(CONFIG_SMBFS) += smb/
|
|
obj-$(CONFIG_HPFS_FS) += hpfs/
|
|
obj-$(CONFIG_NTFS3_FS) += ntfs3/
|
|
obj-$(CONFIG_UFS_FS) += ufs/
|
|
obj-$(CONFIG_EFS_FS) += efs/
|
|
obj-$(CONFIG_JFFS2_FS) += jffs2/
|
|
obj-$(CONFIG_UBIFS_FS) += ubifs/
|
|
obj-$(CONFIG_AFFS_FS) += affs/
|
|
obj-$(CONFIG_ROMFS_FS) += romfs/
|
|
obj-$(CONFIG_QNX4FS_FS) += qnx4/
|
|
obj-$(CONFIG_QNX6FS_FS) += qnx6/
|
|
obj-$(CONFIG_AUTOFS_FS) += autofs/
|
|
obj-$(CONFIG_ADFS_FS) += adfs/
|
|
obj-$(CONFIG_FUSE_FS) += fuse/
|
|
obj-$(CONFIG_OVERLAY_FS) += overlayfs/
|
|
obj-$(CONFIG_ORANGEFS_FS) += orangefs/
|
|
obj-$(CONFIG_UDF_FS) += udf/
|
|
obj-$(CONFIG_SUN_OPENPROMFS) += openpromfs/
|
|
obj-$(CONFIG_OMFS_FS) += omfs/
|
|
obj-$(CONFIG_JFS_FS) += jfs/
|
|
obj-$(CONFIG_XFS_FS) += xfs/
|
|
obj-$(CONFIG_9P_FS) += 9p/
|
|
obj-$(CONFIG_AFS_FS) += afs/
|
|
obj-$(CONFIG_NILFS2_FS) += nilfs2/
|
|
obj-$(CONFIG_BEFS_FS) += befs/
|
|
obj-y += hostfs/
|
|
obj-$(CONFIG_CACHEFILES) += cachefiles/
|
|
obj-$(CONFIG_DEBUG_FS) += debugfs/
|
|
obj-$(CONFIG_TRACING) += tracefs/
|
|
obj-$(CONFIG_OCFS2_FS) += ocfs2/
|
|
obj-$(CONFIG_BTRFS_FS) += btrfs/
|
|
obj-$(CONFIG_GFS2_FS) += gfs2/
|
|
obj-$(CONFIG_F2FS_FS) += f2fs/
|
|
obj-$(CONFIG_BCACHEFS_FS) += bcachefs/
|
|
obj-$(CONFIG_CEPH_FS) += ceph/
|
|
obj-$(CONFIG_PSTORE) += pstore/
|
|
obj-$(CONFIG_EFIVAR_FS) += efivarfs/
|
|
obj-$(CONFIG_EROFS_FS) += erofs/
|
|
obj-$(CONFIG_VBOXSF_FS) += vboxsf/
|
|
obj-$(CONFIG_ZONEFS_FS) += zonefs/
|
|
obj-$(CONFIG_BPF_LSM) += bpf_fs_kfuncs.o
|