[linux-block.git] / Documentation / bpf / fs_kfuncs.rst

.. SPDX-License-Identifier: GPL-2.0

.. _fs_kfuncs-header-label:

=====================
BPF filesystem kfuncs
=====================

BPF LSM programs need to access filesystem data from LSM hooks. The following
BPF kfuncs can be used to get these data.

 * ``bpf_get_file_xattr()``

 * ``bpf_get_fsverity_digest()``

To avoid recursions, these kfuncs follow the following rules:

1. These kfuncs are only permitted from BPF LSM function.
2. These kfuncs should not call into other LSM hooks, i.e. security_*(). For
   example, ``bpf_get_file_xattr()`` does not use ``vfs_getxattr()``, because
   the latter calls LSM hook ``security_inode_getxattr``.
Commit	Line	Data
0de267d9 SL	1	.. SPDX-License-Identifier: GPL-2.0
	2
	3	.. _fs_kfuncs-header-label:
	4
	5	=====================
	6	BPF filesystem kfuncs
	7	=====================
	8
	9	BPF LSM programs need to access filesystem data from LSM hooks. The following
	10	BPF kfuncs can be used to get these data.
	11
	12	* ``bpf_get_file_xattr()``
	13
	14	* ``bpf_get_fsverity_digest()``
	15
	16	To avoid recursions, these kfuncs follow the following rules:
	17
	18	1. These kfuncs are only permitted from BPF LSM function.
	19	2. These kfuncs should not call into other LSM hooks, i.e. security_*(). For
	20	example, ``bpf_get_file_xattr()`` does not use ``vfs_getxattr()``, because
	21	the latter calls LSM hook ``security_inode_getxattr``.