git.maquefel.me Git - linux.git/commit

author	Andrii Nakryiko <andrii@kernel.org>
	Thu, 30 Nov 2023 18:52:22 +0000 (10:52 -0800)
committer	Alexei Starovoitov <ast@kernel.org>
	Wed, 6 Dec 2023 18:02:59 +0000 (10:02 -0800)
commit	66d636d70a79c1d37e3eea67ab50969e6aaef983
tree	eb838d10ef24f65149fd1984d73d6b7a755156b8	tree \| snapshot
parent	c3dd6e94df7193f33f45d33303f5e85afb2a72dc	commit \| diff

bpf,lsm: refactor bpf_map_alloc/bpf_map_free LSM hooks

Similarly to bpf_prog_alloc LSM hook, rename and extend bpf_map_alloc
hook into bpf_map_create, taking not just struct bpf_map, but also
bpf_attr and bpf_token, to give a fuller context to LSMs.

Unlike bpf_prog_alloc, there is no need to move the hook around, as it
currently is firing right before allocating BPF map ID and FD, which
seems to be a sweet spot.

But like bpf_prog_alloc/bpf_prog_free combo, make sure that bpf_map_free
LSM hook is called even if bpf_map_create hook returned error, as if few
LSMs are combined together it could be that one LSM successfully
allocated security blob for its needs, while subsequent LSM rejected BPF
map creation. The former LSM would still need to free up LSM blob, so we
need to ensure security_bpf_map_free() is called regardless of the
outcome.

Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/r/20231130185229.2688956-11-andrii@kernel.org
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

include/linux/lsm_hook_defs.h		diff \| blob \| history
include/linux/security.h		diff \| blob \| history
kernel/bpf/bpf_lsm.c		diff \| blob \| history
kernel/bpf/syscall.c		diff \| blob \| history
security/security.c		diff \| blob \| history
security/selinux/hooks.c		diff \| blob \| history