Merging upstream version 6.8.9.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-05-18 18:50:12 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-05-18 18:50:12 +0000
commit: 8665bd53f2f2e27e5511d90428cb3f60e6d0ce15 (patch)
tree: 8d58900dc0ebd4a3011f92c128d2fe45bc7c4bf2 /Documentation/bpf/fs_kfuncs.rst
parent: Adding debian version 6.7.12-1. (diff)
download: linux-8665bd53f2f2e27e5511d90428cb3f60e6d0ce15.tar.xz
linux-8665bd53f2f2e27e5511d90428cb3f60e6d0ce15.zip
1 files changed, 21 insertions, 0 deletions
diff --git a/Documentation/bpf/fs_kfuncs.rst b/Documentation/bpf/fs_kfuncs.rst
new file mode 100644
index 0000000000..8762c3233a
--- /dev/null
+++ b/Documentation/bpf/fs_kfuncs.rst
@@ -0,0 +1,21 @@
+.. SPDX-License-Identifier: GPL-2.0
+
+.. _fs_kfuncs-header-label:
+
+=====================
+BPF filesystem kfuncs
+=====================
+
+BPF LSM programs need to access filesystem data from LSM hooks. The following
+BPF kfuncs can be used to get these data.
+
+ * ``bpf_get_file_xattr()``
+
+ * ``bpf_get_fsverity_digest()``
+
+To avoid recursions, these kfuncs follow the following rules:
+
+1. These kfuncs are only permitted from BPF LSM function.
+2. These kfuncs should not call into other LSM hooks, i.e. security_*(). For
+   example, ``bpf_get_file_xattr()`` does not use ``vfs_getxattr()``, because
+   the latter calls LSM hook ``security_inode_getxattr``.
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-05-18 18:50:12 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-05-18 18:50:12 +0000
commit	8665bd53f2f2e27e5511d90428cb3f60e6d0ce15 (patch)
tree	8d58900dc0ebd4a3011f92c128d2fe45bc7c4bf2 /Documentation/bpf/fs_kfuncs.rst
parent	Adding debian version 6.7.12-1. (diff)
download	linux-8665bd53f2f2e27e5511d90428cb3f60e6d0ce15.tar.xz linux-8665bd53f2f2e27e5511d90428cb3f60e6d0ce15.zip