Commit 0de267d9 authored by Song Liu's avatar Song Liu Committed by Alexei Starovoitov
Browse files

Documentation/bpf: Add documentation for filesystem kfuncs 



Add a brief introduction for file system kfuncs:

  bpf_get_file_xattr()
  bpf_get_fsverity_digest()

The documentation highlights the strategy to avoid recursions of these
kfuncs.

Signed-off-by: default avatarSong Liu <song@kernel.org>
Link: https://lore.kernel.org/r/20231129234417.856536-4-song@kernel.org


Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
parent 67814c00

Documentation/bpf/fs_kfuncs.rst

0 → 100644
+21 −0
Original line number Diff line number Diff line 
.. SPDX-License-Identifier: GPL-2.0



.. _fs_kfuncs-header-label:



=====================

BPF filesystem kfuncs

=====================



BPF LSM programs need to access filesystem data from LSM hooks. The following

BPF kfuncs can be used to get these data.



 * ``bpf_get_file_xattr()``



 * ``bpf_get_fsverity_digest()``



To avoid recursions, these kfuncs follow the following rules:



1. These kfuncs are only permitted from BPF LSM function.

2. These kfuncs should not call into other LSM hooks, i.e. security_*(). For

   example, ``bpf_get_file_xattr()`` does not use ``vfs_getxattr()``, because

   the latter calls LSM hook ``security_inode_getxattr``.

Documentation/bpf/index.rst

+1 −0
Original line number Diff line number Diff line
@@ -21,6 +21,7 @@ that goes into great technical depth about the BPF Architecture. 
   helpers

   kfuncs

   cpumasks

   fs_kfuncs

   programs

   maps

   bpf_prog_run