Documentation/bpf: Add documentation for filesystem kfuncs

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Add a brief introduction for file system kfuncs:

bpf_get_file_xattr()
bpf_get_fsverity_digest()

The documentation highlights the strategy to avoid recursions of these
kfuncs.

Signed-off-by: Song Liu <song@kernel.org>
Link: https://lore.kernel.org/r/20231129234417.856536-4-song@kernel.org
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

authored by

Song Liu and committed by

Alexei Starovoitov 2 years ago 0de267d9 67814c00

+22

2 changed files

expand all

Documentation

bpf

fs_kfuncs.rst

index.rst

+21

Documentation/bpf/fs_kfuncs.rst

··· 1 + .. SPDX-License-Identifier: GPL-2.0 2 + 3 + .. _fs_kfuncs-header-label: 4 + 5 + ===================== 6 + BPF filesystem kfuncs 7 + ===================== 8 + 9 + BPF LSM programs need to access filesystem data from LSM hooks. The following 10 + BPF kfuncs can be used to get these data. 11 + 12 + * ``bpf_get_file_xattr()`` 13 + 14 + * ``bpf_get_fsverity_digest()`` 15 + 16 + To avoid recursions, these kfuncs follow the following rules: 17 + 18 + 1. These kfuncs are only permitted from BPF LSM function. 19 + 2. These kfuncs should not call into other LSM hooks, i.e. security_*(). For 20 + example, ``bpf_get_file_xattr()`` does not use ``vfs_getxattr()``, because 21 + the latter calls LSM hook ``security_inode_getxattr``.

Documentation/bpf/index.rst

··· 21 21 helpers 22 22 kfuncs 23 23 cpumasks 24 + fs_kfuncs 24 25 programs 25 26 maps 26 27 bpf_prog_run