Hello, While trying to implement an eBPF gatekeeper program, we ran into an issue whereas the LSM hooks are missing some relevant data. Certain subcommands passed to the bpf() syscall can be invoked from either the kernel or userspace. Additionally, some fields in the bpf_attr sruct contain pointers, and depending on where the subcommand was invoked, could point to either user or kernel memory. One example of this, is the bpf_prog_load subcommand and it's fd_array. This data is made available and used by the verifier, but not made available to the LSM subsystem. This patchset simply exposes that information to applicable LSM hooks. Blaise Boscaccy (1): security: Propagate universal pointer data in bpf hooks include/linux/lsm_hook_defs.h | 6 +++--- include/linux/security.h | 13 +++++++------ kernel/bpf/syscall.c | 10 +++++----- security/security.c | 17 ++++++++++------- security/selinux/hooks.c | 6 +++--- 5 files changed, 28 insertions(+), 24 deletions(-) -- 2.48.1
