git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Song Liu <song@kernel.org>
	Wed, 29 Nov 2023 23:44:12 +0000 (15:44 -0800)
committer	Alexei Starovoitov <ast@kernel.org>
	Sat, 2 Dec 2023 00:21:03 +0000 (16:21 -0800)
commit	ac9c05e0e453cfcab2866f6d28f257590e4f66e5
tree	aebe277c80b949f0a40681bdb8244ae7ba2b0a8f	tree \| snapshot
parent	b6a3451e0847d5d70fb5fa2b2a80ab9f80bf2c7b	commit \| diff

bpf: Add kfunc bpf_get_file_xattr

It is common practice for security solutions to store tags/labels in
xattrs. To implement similar functionalities in BPF LSM, add new kfunc
bpf_get_file_xattr().

The first use case of bpf_get_file_xattr() is to implement file
verifications with asymmetric keys. Specificially, security applications
could use fsverity for file hashes and use xattr to store file signatures.
(kfunc for fsverity hash will be added in a separate commit.)

Currently, only xattrs with "user." prefix can be read with kfunc
bpf_get_file_xattr(). As use cases evolve, we may add a dedicated prefix
for bpf_get_file_xattr().

To avoid recursion, bpf_get_file_xattr can be only called from LSM hooks.

Signed-off-by: Song Liu <song@kernel.org>
Acked-by: Christian Brauner <brauner@kernel.org>
Acked-by: KP Singh <kpsingh@kernel.org>
Link: https://lore.kernel.org/r/20231129234417.856536-2-song@kernel.org
Signed-off-by: Alexei Starovoitov <ast@kernel.org>