129 lines
3.0 KiB
C
Executable File
129 lines
3.0 KiB
C
Executable File
// SPDX-License-Identifier: GPL-2.0
|
|
// Copyright (c) 2021 Google LLC
|
|
|
|
#include <linux/filter.h>
|
|
#include <linux/android_fuse.h>
|
|
|
|
static const struct bpf_func_proto *
|
|
fuse_prog_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
|
|
{
|
|
switch (func_id) {
|
|
case BPF_FUNC_trace_printk:
|
|
return bpf_get_trace_printk_proto();
|
|
|
|
case BPF_FUNC_get_current_uid_gid:
|
|
return &bpf_get_current_uid_gid_proto;
|
|
|
|
case BPF_FUNC_get_current_pid_tgid:
|
|
return &bpf_get_current_pid_tgid_proto;
|
|
|
|
case BPF_FUNC_map_lookup_elem:
|
|
return &bpf_map_lookup_elem_proto;
|
|
|
|
case BPF_FUNC_map_update_elem:
|
|
return &bpf_map_update_elem_proto;
|
|
|
|
default:
|
|
pr_debug("Invalid fuse bpf func %d\n", func_id);
|
|
return NULL;
|
|
}
|
|
}
|
|
|
|
static bool fuse_prog_is_valid_access(int off, int size,
|
|
enum bpf_access_type type,
|
|
const struct bpf_prog *prog,
|
|
struct bpf_insn_access_aux *info)
|
|
{
|
|
int i;
|
|
|
|
if (off < 0 || off > offsetofend(struct fuse_bpf_args, out_args))
|
|
return false;
|
|
|
|
/* TODO This is garbage. Do it properly */
|
|
for (i = 0; i < 5; i++) {
|
|
if (off == offsetof(struct fuse_bpf_args, in_args[i].value)) {
|
|
info->reg_type = PTR_TO_BUF;
|
|
info->ctx_field_size = 256;
|
|
if (type != BPF_READ)
|
|
return false;
|
|
return true;
|
|
}
|
|
}
|
|
for (i = 0; i < 3; i++) {
|
|
if (off == offsetof(struct fuse_bpf_args, out_args[i].value)) {
|
|
info->reg_type = PTR_TO_BUF;
|
|
info->ctx_field_size = 256;
|
|
return true;
|
|
}
|
|
}
|
|
if (type != BPF_READ)
|
|
return false;
|
|
|
|
return true;
|
|
}
|
|
|
|
const struct bpf_verifier_ops fuse_verifier_ops = {
|
|
.get_func_proto = fuse_prog_func_proto,
|
|
.is_valid_access = fuse_prog_is_valid_access,
|
|
};
|
|
|
|
const struct bpf_prog_ops fuse_prog_ops = {
|
|
};
|
|
|
|
struct bpf_prog *fuse_get_bpf_prog(struct file *file)
|
|
{
|
|
struct bpf_prog *bpf_prog = ERR_PTR(-EINVAL);
|
|
|
|
if (!file || IS_ERR(file))
|
|
return bpf_prog;
|
|
/**
|
|
* Two ways of getting a bpf prog from another task's fd, since
|
|
* bpf_prog_get_type_dev only works with an fd
|
|
*
|
|
* 1) Duplicate a little of the needed code. Requires access to
|
|
* bpf_prog_fops for validation, which is not exported for modules
|
|
* 2) Insert the bpf_file object into a fd from the current task
|
|
* Stupidly complex, but I think OK, as security checks are not run
|
|
* during the existence of the handle
|
|
*
|
|
* Best would be to upstream 1) into kernel/bpf/syscall.c and export it
|
|
* for use here. Failing that, we have to use 2, since fuse must be
|
|
* compilable as a module.
|
|
*/
|
|
#if 1
|
|
if (file->f_op != &bpf_prog_fops)
|
|
goto out;
|
|
|
|
bpf_prog = file->private_data;
|
|
if (bpf_prog->type == BPF_PROG_TYPE_FUSE)
|
|
bpf_prog_inc(bpf_prog);
|
|
else
|
|
bpf_prog = ERR_PTR(-EINVAL);
|
|
|
|
#else
|
|
{
|
|
int task_fd = get_unused_fd_flags(file->f_flags);
|
|
|
|
if (task_fd < 0)
|
|
goto out;
|
|
|
|
fd_install(task_fd, file);
|
|
|
|
bpf_prog = bpf_prog_get_type_dev(task_fd, BPF_PROG_TYPE_FUSE,
|
|
false);
|
|
|
|
/* Close the fd, which also closes the file */
|
|
__close_fd(current->files, task_fd);
|
|
file = NULL;
|
|
}
|
|
#endif
|
|
|
|
out:
|
|
if (file)
|
|
fput(file);
|
|
return bpf_prog;
|
|
}
|
|
EXPORT_SYMBOL(fuse_get_bpf_prog);
|
|
|
|
|