Re: [PATCH v7 bpf-next 0/2] security: Propagate caller information in bpf hooks
From: patchwork-bot+netdevbpf
Date: Tue Mar 11 2025 - 07:40:09 EST
Hello:
This series was applied to bpf/bpf-next.git (master)
by Alexei Starovoitov <ast@xxxxxxxxxx>:
On Mon, 10 Mar 2025 15:17:10 -0700 you wrote:
> Hello,
>
> While trying to implement an eBPF gatekeeper program, we ran into an
> issue whereas the LSM hooks are missing some relevant data.
>
> Certain subcommands passed to the bpf() syscall can be invoked from
> either the kernel or userspace. Additionally, some fields in the
> bpf_attr struct contain pointers, and depending on where the
> subcommand was invoked, they could point to either user or kernel
> memory. One example of this is the bpf_prog_load subcommand and its
> fd_array. This data is made available and used by the verifier but not
> made available to the LSM subsystem. This patchset simply exposes that
> information to applicable LSM hooks.
>
> [...]
Here is the summary with links:
- [v7,bpf-next,1/2] security: Propagate caller information in bpf hooks
https://git.kernel.org/bpf/bpf-next/c/a8cd03532fc9
- [v7,bpf-next,2/2] selftests/bpf: Add a kernel flag test for LSM bpf hook
https://git.kernel.org/bpf/bpf-next/c/f563314d7293
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html