summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorKP Singh <kpsingh@google.com>2020-11-06 11:37:40 +0100
committerAlexei Starovoitov <ast@kernel.org>2020-11-06 17:08:37 +0100
commit4cf1bc1f10452065a29d576fc5693fc4fab5b919 (patch)
tree142a7cf6f1baf696dc72b54d510a59823ca139eb /security
parentbpf: Allow LSM programs to use bpf spin locks (diff)
downloadlinux-4cf1bc1f10452065a29d576fc5693fc4fab5b919.tar.xz
linux-4cf1bc1f10452065a29d576fc5693fc4fab5b919.zip
bpf: Implement task local storage
Similar to bpf_local_storage for sockets and inodes add local storage for task_struct. The life-cycle of storage is managed with the life-cycle of the task_struct. i.e. the storage is destroyed along with the owning task with a callback to the bpf_task_storage_free from the task_free LSM hook. The BPF LSM allocates an __rcu pointer to the bpf_local_storage in the security blob which are now stackable and can co-exist with other LSMs. The userspace map operations can be done by using a pid fd as a key passed to the lookup, update and delete operations. Signed-off-by: KP Singh <kpsingh@google.com> Signed-off-by: Alexei Starovoitov <ast@kernel.org> Acked-by: Song Liu <songliubraving@fb.com> Acked-by: Martin KaFai Lau <kafai@fb.com> Link: https://lore.kernel.org/bpf/20201106103747.2780972-3-kpsingh@chromium.org
Diffstat (limited to 'security')
-rw-r--r--security/bpf/hooks.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/security/bpf/hooks.c b/security/bpf/hooks.c
index 788667d582ae..e5971fa74fd7 100644
--- a/security/bpf/hooks.c
+++ b/security/bpf/hooks.c
@@ -12,6 +12,7 @@ static struct security_hook_list bpf_lsm_hooks[] __lsm_ro_after_init = {
#include <linux/lsm_hook_defs.h>
#undef LSM_HOOK
LSM_HOOK_INIT(inode_free_security, bpf_inode_storage_free),
+ LSM_HOOK_INIT(task_free, bpf_task_storage_free),
};
static int __init bpf_lsm_init(void)
@@ -23,6 +24,7 @@ static int __init bpf_lsm_init(void)
struct lsm_blob_sizes bpf_lsm_blob_sizes __lsm_ro_after_init = {
.lbs_inode = sizeof(struct bpf_storage_blob),
+ .lbs_task = sizeof(struct bpf_storage_blob),
};
DEFINE_LSM(bpf) = {