path: root/security/bpf/hooks.c
diff options
authorKP Singh <>2020-11-06 10:37:40 +0000
committerAlexei Starovoitov <>2020-11-06 08:08:37 -0800
commit4cf1bc1f10452065a29d576fc5693fc4fab5b919 (patch)
tree142a7cf6f1baf696dc72b54d510a59823ca139eb /security/bpf/hooks.c
parent9e7a4d9831e836eb03dedab89902277ee94eb7a6 (diff)
bpf: Implement task local storage
Similar to bpf_local_storage for sockets and inodes add local storage for task_struct. The life-cycle of storage is managed with the life-cycle of the task_struct. i.e. the storage is destroyed along with the owning task with a callback to the bpf_task_storage_free from the task_free LSM hook. The BPF LSM allocates an __rcu pointer to the bpf_local_storage in the security blob which are now stackable and can co-exist with other LSMs. The userspace map operations can be done by using a pid fd as a key passed to the lookup, update and delete operations. Signed-off-by: KP Singh <> Signed-off-by: Alexei Starovoitov <> Acked-by: Song Liu <> Acked-by: Martin KaFai Lau <> Link:
Diffstat (limited to 'security/bpf/hooks.c')
1 files changed, 2 insertions, 0 deletions
diff --git a/security/bpf/hooks.c b/security/bpf/hooks.c
index 788667d582ae..e5971fa74fd7 100644
--- a/security/bpf/hooks.c
+++ b/security/bpf/hooks.c
@@ -12,6 +12,7 @@ static struct security_hook_list bpf_lsm_hooks[] __lsm_ro_after_init = {
#include <linux/lsm_hook_defs.h>
#undef LSM_HOOK
LSM_HOOK_INIT(inode_free_security, bpf_inode_storage_free),
+ LSM_HOOK_INIT(task_free, bpf_task_storage_free),
static int __init bpf_lsm_init(void)
@@ -23,6 +24,7 @@ static int __init bpf_lsm_init(void)
struct lsm_blob_sizes bpf_lsm_blob_sizes __lsm_ro_after_init = {
.lbs_inode = sizeof(struct bpf_storage_blob),
+ .lbs_task = sizeof(struct bpf_storage_blob),
DEFINE_LSM(bpf) = {