[RFC PATCH 10/20] bpf: verifier: Add Landlock ruleset map support
From: Justin Suess
Date: Tue Apr 07 2026 - 16:07:38 EST
Add support for the BPF_MAP_TYPE_LANDLOCK_RULESET in the verifier. Mark
the map as storing a trusted pointer to a BTF object.
Specify the map as being usable from sleepable contexts.
Signed-off-by: Justin Suess <utilityemal77@xxxxxxxxx>
---
kernel/bpf/verifier.c | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index f108c01ff6d0..52ba58536387 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -493,7 +493,8 @@ static bool is_acquire_function(enum bpf_func_id func_id,
if (func_id == BPF_FUNC_map_lookup_elem &&
(map_type == BPF_MAP_TYPE_SOCKMAP ||
- map_type == BPF_MAP_TYPE_SOCKHASH))
+ map_type == BPF_MAP_TYPE_SOCKHASH ||
+ map_type == BPF_MAP_TYPE_LANDLOCK_RULESET))
return true;
return false;
@@ -2269,6 +2270,10 @@ static void mark_ptr_not_null_reg(struct bpf_reg_state *reg)
} else if (map->map_type == BPF_MAP_TYPE_SOCKMAP ||
map->map_type == BPF_MAP_TYPE_SOCKHASH) {
reg->type = PTR_TO_SOCKET;
+ } else if (map->map_type == BPF_MAP_TYPE_LANDLOCK_RULESET) {
+ reg->type = PTR_TO_BTF_ID | PTR_TRUSTED;
+ reg->btf = btf_vmlinux;
+ reg->btf_id = *bpf_landlock_ruleset_btf_ids;
} else {
reg->type = PTR_TO_MAP_VALUE;
}
@@ -10238,6 +10243,13 @@ static int check_map_func_compatibility(struct bpf_verifier_env *env,
!may_update_sockmap(env, func_id))
goto error;
break;
+ case BPF_MAP_TYPE_LANDLOCK_RULESET:
+ if (resolve_prog_type(env->prog) != BPF_PROG_TYPE_LSM)
+ goto error;
+ if (func_id != BPF_FUNC_map_lookup_elem &&
+ func_id != BPF_FUNC_map_delete_elem)
+ goto error;
+ break;
case BPF_MAP_TYPE_REUSEPORT_SOCKARRAY:
if (func_id != BPF_FUNC_sk_select_reuseport)
goto error;
@@ -21662,6 +21674,7 @@ static int check_map_prog_compatibility(struct bpf_verifier_env *env,
case BPF_MAP_TYPE_ARENA:
case BPF_MAP_TYPE_INSN_ARRAY:
case BPF_MAP_TYPE_PROG_ARRAY:
+ case BPF_MAP_TYPE_LANDLOCK_RULESET:
break;
default:
verbose(env,
--
2.53.0