kernel/bpf/token.c
Source file repositories/reference/linux-study-clean/kernel/bpf/token.c
File Facts
- System
- Linux kernel
- Corpus path
kernel/bpf/token.c- Extension
.c- Size
- 6831 bytes
- Lines
- 263
- Domain
- Core OS
- Bucket
- Scheduler, Processes, Timers, Sync, And Syscalls
- Inferred role
- Core OS: operation-table or driver-model contract
- Status
- pattern implementation candidate
Why This File Exists
Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Defines an operation table; this is where Linux turns generic core objects into subsystem-specific behavior.
- Touches user memory; correctness depends on fault-safe copying and privilege boundary handling.
- Allocates kernel memory; connect allocation flags and lifetime to context constraints.
- Defines or uses C structs; map object ownership, embedded links, reference counts, and lock ownership.
Dependency Surface
linux/bpf.hlinux/vmalloc.hlinux/file.hlinux/fs.hlinux/kernel.hlinux/idr.hlinux/namei.hlinux/user_namespace.hlinux/security.h
Detected Declarations
function bpf_ns_capablefunction bpf_token_capablefunction bpf_token_incfunction bpf_token_freefunction bpf_token_put_deferredfunction bpf_token_putfunction bpf_token_releasefunction bpf_token_show_fdinfofunction bpf_token_createfunction bpf_token_get_info_by_fdfunction bpf_token_allow_cmdfunction bpf_token_allow_map_typefunction bpf_token_allow_prog_type
Annotated Snippet
const struct file_operations bpf_token_fops = {
.release = bpf_token_release,
.show_fdinfo = bpf_token_show_fdinfo,
};
int bpf_token_create(union bpf_attr *attr)
{
struct bpf_token *token __free(kfree) = NULL;
struct bpf_mount_opts *mnt_opts;
struct user_namespace *userns;
struct inode *inode;
CLASS(fd, f)(attr->token_create.bpffs_fd);
struct path path;
struct super_block *sb;
umode_t mode;
int err;
if (fd_empty(f))
return -EBADF;
path = fd_file(f)->f_path;
sb = path.dentry->d_sb;
if (path.dentry != sb->s_root)
return -EINVAL;
if (sb->s_op != &bpf_super_ops)
return -EINVAL;
err = path_permission(&path, MAY_ACCESS);
if (err)
return err;
userns = sb->s_user_ns;
/*
* Enforce that creators of BPF tokens are in the same user
* namespace as the BPF FS instance. This makes reasoning about
* permissions a lot easier and we can always relax this later.
*/
if (current_user_ns() != userns)
return -EPERM;
if (!ns_capable(userns, CAP_BPF))
return -EPERM;
/* Creating BPF token in init_user_ns doesn't make much sense. */
if (current_user_ns() == &init_user_ns)
return -EOPNOTSUPP;
mnt_opts = sb->s_fs_info;
if (mnt_opts->delegate_cmds == 0 &&
mnt_opts->delegate_maps == 0 &&
mnt_opts->delegate_progs == 0 &&
mnt_opts->delegate_attachs == 0)
return -ENOENT; /* no BPF token delegation is set up */
mode = S_IFREG | ((S_IRUSR | S_IWUSR) & ~current_umask());
inode = bpf_get_inode(sb, NULL, mode);
if (IS_ERR(inode))
return PTR_ERR(inode);
inode->i_op = &bpf_token_iops;
inode->i_fop = &bpf_token_fops;
clear_nlink(inode); /* make sure it is unlinked */
FD_PREPARE(fdf, O_CLOEXEC,
alloc_file_pseudo(inode, path.mnt, BPF_TOKEN_INODE_NAME,
O_RDWR, &bpf_token_fops));
if (fdf.err)
return fdf.err;
token = kzalloc_obj(*token, GFP_USER);
if (!token)
return -ENOMEM;
atomic64_set(&token->refcnt, 1);
/* remember bpffs owning userns for future ns_capable() checks. */
token->userns = userns;
token->allowed_cmds = mnt_opts->delegate_cmds;
token->allowed_maps = mnt_opts->delegate_maps;
token->allowed_progs = mnt_opts->delegate_progs;
token->allowed_attachs = mnt_opts->delegate_attachs;
err = security_bpf_token_create(token, attr, &path);
if (err)
return err;
get_user_ns(token->userns);
fd_prepare_file(fdf)->private_data = no_free_ptr(token);
return fd_publish(fdf);
}
Annotation
- Immediate include surface: `linux/bpf.h`, `linux/vmalloc.h`, `linux/file.h`, `linux/fs.h`, `linux/kernel.h`, `linux/idr.h`, `linux/namei.h`, `linux/user_namespace.h`.
- Detected declarations: `function bpf_ns_capable`, `function bpf_token_capable`, `function bpf_token_inc`, `function bpf_token_free`, `function bpf_token_put_deferred`, `function bpf_token_put`, `function bpf_token_release`, `function bpf_token_show_fdinfo`, `function bpf_token_create`, `function bpf_token_get_info_by_fd`.
- Atlas domain: Core OS / Scheduler, Processes, Timers, Sync, And Syscalls.
- Implementation status: pattern implementation candidate.
- This snippet crosses the user/kernel memory boundary; validate fault handling and access checks before translating the pattern.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.