bpf-lsm: Make bpf_lsm_userns_create() sleepable

Users may want to audit calls to security_create_user_ns() and access user space memory. Also create_user_ns() runs without pagefault_disabled(). Therefore, make bpf_lsm_userns_create() sleepable for mandatory access control policies. Acked-by: Alexei Starovoitov <ast@kernel.org> Acked-by: Christian Brauner (Microsoft) <brauner@kernel.org> Acked-by: KP Singh <kpsingh@kernel.org> Signed-off-by: Frederick Lawler <fred@cloudflare.com> Signed-off-by: Paul Moore <paul@paul-moore.com>

bpf-lsm: Make bpf_lsm_userns_create() sleepable
Users may want to audit calls to security_create_user_ns() and access user space memory. Also create_user_ns() runs without pagefault_disabled(). Therefore, make bpf_lsm_userns_create() sleepable for mandatory access control policies. Acked-by: Alexei Starovoitov <ast@kernel.org> Acked-by: Christian Brauner (Microsoft) <brauner@kernel.org> Acked-by: KP Singh <kpsingh@kernel.org> Signed-off-by: Frederick Lawler <fred@cloudflare.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
401e64b3 · Frederick Lawler · Paul Moore · 7cd4c5c2 · 401e64b3
Commit 401e64b3 authored Aug 15, 2022 by Frederick Lawler Committed by Paul Moore Aug 16, 2022
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 0 deletions

kernel/bpf/bpf_lsm.c kernel/bpf/bpf_lsm.c +1 -0

No files found.
--- a/kernel/bpf/bpf_lsm.c
+++ b/kernel/bpf/bpf_lsm.c
@@ -335,6 +335,7 @@ BTF_ID(func, bpf_lsm_task_getsecid_obj)
 BTF_ID(func, bpf_lsm_task_prctl)
 BTF_ID(func, bpf_lsm_task_setscheduler)
 BTF_ID(func, bpf_lsm_task_to_inode)
+BTF_ID(func, bpf_lsm_userns_create)
 BTF_SET_END(sleepable_lsm_hooks)
 bool bpf_lsm_is_sleepable_hook(u32 btf_id)