From: Matt Bobrowski Date: Tue, 18 Jun 2024 19:29:22 +0000 (+0000) Subject: bpf: Add security_file_post_open() LSM hook to sleepable_lsm_hooks X-Git-Tag: v6.11-rc1~163^2~68^2~49 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6ddf3a9abd9fdfdd63d8c906fc1393f7950c23f4;p=thirdparty%2Fkernel%2Flinux.git bpf: Add security_file_post_open() LSM hook to sleepable_lsm_hooks The new generic LSM hook security_file_post_open() was recently added to the LSM framework in commit 8f46ff5767b0b ("security: Introduce file_post_open hook"). Let's proactively add this generic LSM hook to the sleepable_lsm_hooks BTF ID set, because I can't see there being any strong reasons not to, and it's only a matter of time before someone else comes around and asks for it to be there. security_file_post_open() is inherently sleepable as it's purposely situated in the kernel that allows LSMs to directly read out the contents of the backing file if need be. Additionally, it's called directly after security_file_open(), and that LSM hook in itself already exists in the sleepable_lsm_hooks BTF ID set. Signed-off-by: Matt Bobrowski Signed-off-by: Daniel Borkmann Link: https://lore.kernel.org/bpf/20240618192923.379852-1-mattbobrowski@google.com --- diff --git a/kernel/bpf/bpf_lsm.c b/kernel/bpf/bpf_lsm.c index 68240c3c6e7de..08a338e1f2311 100644 --- a/kernel/bpf/bpf_lsm.c +++ b/kernel/bpf/bpf_lsm.c @@ -280,6 +280,7 @@ BTF_ID(func, bpf_lsm_cred_prepare) BTF_ID(func, bpf_lsm_file_ioctl) BTF_ID(func, bpf_lsm_file_lock) BTF_ID(func, bpf_lsm_file_open) +BTF_ID(func, bpf_lsm_file_post_open) BTF_ID(func, bpf_lsm_file_receive) BTF_ID(func, bpf_lsm_inode_create)