On Tue, Nov 15, 2022 at 12:58 PM Roberto Sassu roberto.sassu@huaweicloud.com wrote:
From: Roberto Sassu roberto.sassu@huawei.com
Define four return value flags (LSM_RET_NEG, LSM_RET_ZERO, LSM_RET_ONE, LSM_RET_GT_ONE), one for each interval of interest (< 0, = 0, = 1, > 1).
Redefine the LSM_HOOK() macro to add return value flags as argument, and set the correct flags for each LSM hook.
Implementors of new LSM hooks should do the same as well.
Cc: stable@vger.kernel.org # 5.7.x Fixes: 9d3fdea789c8 ("bpf: lsm: Provide attachment points for BPF LSM programs") Signed-off-by: Roberto Sassu roberto.sassu@huawei.com
include/linux/bpf_lsm.h | 2 +- include/linux/lsm_hook_defs.h | 779 ++++++++++++++++++++-------------- include/linux/lsm_hooks.h | 9 +- kernel/bpf/bpf_lsm.c | 5 +- security/bpf/hooks.c | 2 +- security/security.c | 4 +- 6 files changed, 466 insertions(+), 335 deletions(-)
Just a quick note here that even if we wanted to do something like this, it is absolutely not -stable kernel material. No way.