kernel/bpf/token.c

Source file repositories/reference/linux-study-clean/kernel/bpf/token.c

File Facts

System
Linux kernel
Corpus path
kernel/bpf/token.c
Extension
.c
Size
6831 bytes
Lines
263
Domain
Core OS
Bucket
Scheduler, Processes, Timers, Sync, And Syscalls
Inferred role
Core OS: operation-table or driver-model contract
Status
pattern implementation candidate

Why This File Exists

Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.

Dependency Surface

Detected Declarations

Annotated Snippet

const struct file_operations bpf_token_fops = {
	.release	= bpf_token_release,
	.show_fdinfo	= bpf_token_show_fdinfo,
};

int bpf_token_create(union bpf_attr *attr)
{
	struct bpf_token *token __free(kfree) = NULL;
	struct bpf_mount_opts *mnt_opts;
	struct user_namespace *userns;
	struct inode *inode;
	CLASS(fd, f)(attr->token_create.bpffs_fd);
	struct path path;
	struct super_block *sb;
	umode_t mode;
	int err;

	if (fd_empty(f))
		return -EBADF;

	path = fd_file(f)->f_path;
	sb = path.dentry->d_sb;

	if (path.dentry != sb->s_root)
		return -EINVAL;
	if (sb->s_op != &bpf_super_ops)
		return -EINVAL;
	err = path_permission(&path, MAY_ACCESS);
	if (err)
		return err;

	userns = sb->s_user_ns;
	/*
	 * Enforce that creators of BPF tokens are in the same user
	 * namespace as the BPF FS instance. This makes reasoning about
	 * permissions a lot easier and we can always relax this later.
	 */
	if (current_user_ns() != userns)
		return -EPERM;
	if (!ns_capable(userns, CAP_BPF))
		return -EPERM;

	/* Creating BPF token in init_user_ns doesn't make much sense. */
	if (current_user_ns() == &init_user_ns)
		return -EOPNOTSUPP;

	mnt_opts = sb->s_fs_info;
	if (mnt_opts->delegate_cmds == 0 &&
	    mnt_opts->delegate_maps == 0 &&
	    mnt_opts->delegate_progs == 0 &&
	    mnt_opts->delegate_attachs == 0)
		return -ENOENT; /* no BPF token delegation is set up */

	mode = S_IFREG | ((S_IRUSR | S_IWUSR) & ~current_umask());
	inode = bpf_get_inode(sb, NULL, mode);
	if (IS_ERR(inode))
		return PTR_ERR(inode);

	inode->i_op = &bpf_token_iops;
	inode->i_fop = &bpf_token_fops;
	clear_nlink(inode); /* make sure it is unlinked */

	FD_PREPARE(fdf, O_CLOEXEC,
		   alloc_file_pseudo(inode, path.mnt, BPF_TOKEN_INODE_NAME,
				     O_RDWR, &bpf_token_fops));
	if (fdf.err)
		return fdf.err;

	token = kzalloc_obj(*token, GFP_USER);
	if (!token)
		return -ENOMEM;

	atomic64_set(&token->refcnt, 1);

	/* remember bpffs owning userns for future ns_capable() checks. */
	token->userns = userns;
	token->allowed_cmds = mnt_opts->delegate_cmds;
	token->allowed_maps = mnt_opts->delegate_maps;
	token->allowed_progs = mnt_opts->delegate_progs;
	token->allowed_attachs = mnt_opts->delegate_attachs;

	err = security_bpf_token_create(token, attr, &path);
	if (err)
		return err;

	get_user_ns(token->userns);
	fd_prepare_file(fdf)->private_data = no_free_ptr(token);
	return fd_publish(fdf);
}

Annotation

Implementation Notes