Skip to content

[Deepin-Kernel-SIG] [linux 6.12-y] [Upstream] bpf: annotate file argument as __nullable in bpf_lsm_mmap_file #1392

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
lanlanxiyiji merged 1 commit into from
Dec 24, 2025
Merged

[Deepin-Kernel-SIG] [linux 6.12-y] [Upstream] bpf: annotate file argument as __nullable in bpf_lsm_mmap_file #1392

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions MAINTAINERS
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4291,6 +4291,7 @@ S: Maintained
F: Documentation/bpf/prog_lsm.rst
F: include/linux/bpf_lsm.h
F: kernel/bpf/bpf_lsm.c
F: kernel/bpf/bpf_lsm_proto.c
F: kernel/trace/bpf_trace.c
F: security/bpf/

Expand Down
12 changes: 11 additions & 1 deletion kernel/bpf/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,17 @@ endif
ifeq ($(CONFIG_BPF_JIT),y)
obj-$(CONFIG_BPF_SYSCALL) += bpf_struct_ops.o
obj-$(CONFIG_BPF_SYSCALL) += cpumask.o
obj-${CONFIG_BPF_LSM} += bpf_lsm.o
# bpf_lsm_proto.o must precede bpf_lsm.o. The current pahole logic
# deduplicates function prototypes within
# btf_encoder__add_saved_func() by keeping the first instance seen. We
# need the function prototype(s) in bpf_lsm_proto.o to take precedence
# over those within bpf_lsm.o. Having bpf_lsm_proto.o precede
# bpf_lsm.o ensures its DWARF CU is processed early, forcing the
# generated BTF to contain the overrides.
#
# Notably, this is a temporary workaround whilst the deduplication
# semantics within pahole are revisited accordingly.
obj-${CONFIG_BPF_LSM} += bpf_lsm_proto.o bpf_lsm.o
endif
ifneq ($(CONFIG_CRYPTO),)
obj-$(CONFIG_BPF_SYSCALL) += crypto.o
Expand Down
5 changes: 3 additions & 2 deletions kernel/bpf/bpf_lsm.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,10 +18,11 @@
#include <linux/bpf-cgroup.h>

/* For every LSM hook that allows attachment of BPF programs, declare a nop
* function where a BPF program can be attached.
* function where a BPF program can be attached. Notably, we qualify each with
* weak linkage such that strong overrides can be implemented if need be.
*/
#define LSM_HOOK(RET, DEFAULT, NAME, ...) \
noinline RET bpf_lsm_##NAME(__VA_ARGS__) \
__weak noinline RET bpf_lsm_##NAME(__VA_ARGS__) \
{ \
return DEFAULT; \
}
Expand Down
19 changes: 19 additions & 0 deletions kernel/bpf/bpf_lsm_proto.c
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
// SPDX-License-Identifier: GPL-2.0
/*
* Copyright 2025 Google LLC.
*/

#include <linux/fs.h>
#include <linux/bpf_lsm.h>

/*
* Strong definition of the mmap_file() BPF LSM hook. The __nullable suffix on
* the struct file pointer parameter name marks it as PTR_MAYBE_NULL. This
* explicitly enforces that BPF LSM programs check for NULL before attempting to
* dereference it.
*/
int bpf_lsm_mmap_file(struct file *file__nullable, unsigned long reqprot,
unsigned long prot, unsigned long flags)
{
return 0;
}