1 // SPDX-License-Identifier: GPL-2.0 2 3 /* 4 * Copyright (C) 2020 Google LLC. 5 */ 6 7 #include <linux/filter.h> 8 #include <linux/bpf.h> 9 #include <linux/btf.h> 10 #include <linux/lsm_hooks.h> 11 #include <linux/bpf_lsm.h> 12 #include <linux/kallsyms.h> 13 #include <linux/bpf_verifier.h> 14 15 /* For every LSM hook that allows attachment of BPF programs, declare a nop 16 * function where a BPF program can be attached. 17 */ 18 #define LSM_HOOK(RET, DEFAULT, NAME, ...) \ 19 noinline RET bpf_lsm_##NAME(__VA_ARGS__) \ 20 { \ 21 return DEFAULT; \ 22 } 23 24 #include <linux/lsm_hook_defs.h> 25 #undef LSM_HOOK 26 27 #define BPF_LSM_SYM_PREFX "bpf_lsm_" 28 29 int bpf_lsm_verify_prog(struct bpf_verifier_log *vlog, 30 const struct bpf_prog *prog) 31 { 32 if (!prog->gpl_compatible) { 33 bpf_log(vlog, 34 "LSM programs must have a GPL compatible license\n"); 35 return -EINVAL; 36 } 37 38 if (strncmp(BPF_LSM_SYM_PREFX, prog->aux->attach_func_name, 39 sizeof(BPF_LSM_SYM_PREFX) - 1)) { 40 bpf_log(vlog, "attach_btf_id %u points to wrong type name %s\n", 41 prog->aux->attach_btf_id, prog->aux->attach_func_name); 42 return -EINVAL; 43 } 44 45 return 0; 46 } 47 48 const struct bpf_prog_ops lsm_prog_ops = { 49 }; 50 51 const struct bpf_verifier_ops lsm_verifier_ops = { 52 .get_func_proto = tracing_prog_func_proto, 53 .is_valid_access = btf_ctx_access, 54 }; 55