bpf: Implement task local storage (4cf1bc1f) · Commits · 戴 / test

include/linux/bpf_lsm.h

+23 −0

Original line number	Diff line number	Diff line
		@@ -7,6 +7,7 @@
		#ifndef _LINUX_BPF_LSM_H
		#define _LINUX_BPF_LSM_H

		#include <linux/sched.h>
		#include <linux/bpf.h>
		#include <linux/lsm_hooks.h>

		@@ -35,9 +36,21 @@ static inline struct bpf_storage_blob *bpf_inode(
		return inode->i_security + bpf_lsm_blob_sizes.lbs_inode;
		}

		static inline struct bpf_storage_blob *bpf_task(
		const struct task_struct *task)
		{
		if (unlikely(!task->security))
		return NULL;

		return task->security + bpf_lsm_blob_sizes.lbs_task;
		}

		extern const struct bpf_func_proto bpf_inode_storage_get_proto;
		extern const struct bpf_func_proto bpf_inode_storage_delete_proto;
		extern const struct bpf_func_proto bpf_task_storage_get_proto;
		extern const struct bpf_func_proto bpf_task_storage_delete_proto;
		void bpf_inode_storage_free(struct inode *inode);
		void bpf_task_storage_free(struct task_struct *task);

		#else /* !CONFIG_BPF_LSM */

		@@ -53,10 +66,20 @@ static inline struct bpf_storage_blob *bpf_inode(
		return NULL;
		}

		static inline struct bpf_storage_blob *bpf_task(
		const struct task_struct *task)
		{
		return NULL;
		}

		static inline void bpf_inode_storage_free(struct inode *inode)
		{
		}

		static inline void bpf_task_storage_free(struct task_struct *task)
		{
		}

		#endif /* CONFIG_BPF_LSM */

		#endif /* _LINUX_BPF_LSM_H */

include/linux/bpf_types.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -109,6 +109,7 @@ BPF_MAP_TYPE(BPF_MAP_TYPE_SOCKHASH, sock_hash_ops)
		#endif
		#ifdef CONFIG_BPF_LSM
		BPF_MAP_TYPE(BPF_MAP_TYPE_INODE_STORAGE, inode_storage_map_ops)
		BPF_MAP_TYPE(BPF_MAP_TYPE_TASK_STORAGE, task_storage_map_ops)
		#endif
		BPF_MAP_TYPE(BPF_MAP_TYPE_CPUMAP, cpu_map_ops)
		#if defined(CONFIG_XDP_SOCKETS)

include/uapi/linux/bpf.h

+39 −0

Original line number	Diff line number	Diff line
		@@ -157,6 +157,7 @@ enum bpf_map_type {
		BPF_MAP_TYPE_STRUCT_OPS,
		BPF_MAP_TYPE_RINGBUF,
		BPF_MAP_TYPE_INODE_STORAGE,
		BPF_MAP_TYPE_TASK_STORAGE,
		};

		/* Note that tracing related programs such as
		@@ -3742,6 +3743,42 @@ union bpf_attr {
		* Return
		* The helper returns TC_ACT_REDIRECT on success or
		* TC_ACT_SHOT on error.
		*
		* void bpf_task_storage_get(struct bpf_map map, struct task_struct task, void value, u64 flags)
		* Description
		* Get a bpf_local_storage from the task.
		*
		* Logically, it could be thought of as getting the value from
		* a map with task as the key. From this
		* perspective, the usage is not much different from
		* bpf_map_lookup_elem\ (map, &\ task) except this
		* helper enforces the key must be an task_struct and the map must also
		* be a BPF_MAP_TYPE_TASK_STORAGE.
		*
		* Underneath, the value is stored locally at task instead of
		* the map. The map is used as the bpf-local-storage
		* "type". The bpf-local-storage "type" (i.e. the map) is
		* searched against all bpf_local_storage residing at task.
		*
		* An optional flags (BPF_LOCAL_STORAGE_GET_F_CREATE) can be
		* used such that a new bpf_local_storage will be
		* created if one does not exist. value can be used
		* together with BPF_LOCAL_STORAGE_GET_F_CREATE to specify
		* the initial value of a bpf_local_storage. If value is
		* NULL, the new bpf_local_storage will be zero initialized.
		* Return
		* A bpf_local_storage pointer is returned on success.
		*
		* NULL if not found or there was an error in adding
		* a new bpf_local_storage.
		*
		* long bpf_task_storage_delete(struct bpf_map map, struct task_struct task)
		* Description
		* Delete a bpf_local_storage from a task.
		* Return
		* 0 on success.
		*
		* -ENOENT if the bpf_local_storage cannot be found.
		*/
		#define __BPF_FUNC_MAPPER(FN) \
		FN(unspec), \
		@@ -3900,6 +3937,8 @@ union bpf_attr {
		FN(bpf_per_cpu_ptr), \
		FN(bpf_this_cpu_ptr), \
		FN(redirect_peer), \
		FN(task_storage_get), \
		FN(task_storage_delete), \
		/* */

		/* integer value in 'imm' field of BPF_CALL instruction selects which helper

kernel/bpf/Makefile

+1 −0

Original line number	Diff line number	Diff line
		@@ -6,6 +6,7 @@ obj-$(CONFIG_BPF_SYSCALL) += syscall.o verifier.o inode.o helpers.o tnum.o bpf_i
		obj-$(CONFIG_BPF_SYSCALL) += hashtab.o arraymap.o percpu_freelist.o bpf_lru_list.o lpm_trie.o map_in_map.o
		obj-$(CONFIG_BPF_SYSCALL) += local_storage.o queue_stack_maps.o ringbuf.o
		obj-${CONFIG_BPF_LSM} += bpf_inode_storage.o
		obj-${CONFIG_BPF_LSM} += bpf_task_storage.o
		obj-$(CONFIG_BPF_SYSCALL) += disasm.o
		obj-$(CONFIG_BPF_JIT) += trampoline.o
		obj-$(CONFIG_BPF_SYSCALL) += btf.o

kernel/bpf/bpf_lsm.c

+4 −0

Original line number	Diff line number	Diff line
		@@ -63,6 +63,10 @@ bpf_lsm_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
		return &bpf_spin_lock_proto;
		case BPF_FUNC_spin_unlock:
		return &bpf_spin_unlock_proto;
		case BPF_FUNC_task_storage_get:
		return &bpf_task_storage_get_proto;
		case BPF_FUNC_task_storage_delete:
		return &bpf_task_storage_delete_proto;
		default:
		return tracing_prog_func_proto(func_id, prog);
		}

Admin message