mirror of
https://github.com/torvalds/linux.git
synced 2026-03-08 01:04:41 +01:00
591beb0e3a
-----BEGIN PGP SIGNATURE----- iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmmGJ1kQHGF4Ym9lQGtl cm5lbC5kawAKCRD301j7KXHgpky8EAChIL3uJ5Vmv+oQTxT4EVb1wpc8U/XzXWU5 Q5F9IpZZCGO7+i015Y7iTTqDRixjblRaWpWzZZP8vflWDUS8LESNZLQdcoEnxaiv P367KNPUGwxejcKsu8PvZvfnX6JWSQoNstcDmrwkCF0ND2UUfvvMZyn3uKhkbBRY h5Ehcqkvqc1OJDAWC7+yPzYAmB01uRPQ6sc9/GeujznHPlfbvie4u6gBvvfXeirT 592zbVftINMrm6Twd6zl4n+HNAn+CUoyVMppeeddv5IcyFPm9uz/dLOZBXTz6552 jFYNmB0U4g+SxGXMyqp37YISTALnuY+57y5eXmEAtgkEeE3HrF+F/ZdxQHwXSpo3 T2Lb9IOqFyHtSvq678HZ37JB6aIYbBE/mZdNf8FFFpnPJGb5Ey7d50qPp/ywVq0H p9CahbpkzGUBMsZ+koew0YHiFdWV9tww+/Bnk5dTtn2197uyaHsLdmbf4C36GWke Bk5cwNgU+3DMFAfTiL9m+AIXYsJkBayRJn+hViTrF5AL7gcGiBryGF43FOSKoYuq f0mniDnGSwvn86VZPuZQ6wBRHZPEMR3OlaUXn6XrUU6cYyvMg0pBZV+QHF7zlsSP 2sdfUbPL5TxexF3G8dsxlDIypz9Z6TCoUCfU0WiiUETnCrVNkXfIY846A+w08p0b ejBjzrwRtQ== =CqJq -----END PGP SIGNATURE----- Merge tag 'io_uring-bpf-restrictions.4-20260206' of git://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux Pull io_uring bpf filters from Jens Axboe: "This adds support for both cBPF filters for io_uring, as well as task inherited restrictions and filters. seccomp and io_uring don't play along nicely, as most of the interesting data to filter on resides somewhat out-of-band, in the submission queue ring. As a result, things like containers and systemd that apply seccomp filters, can't filter io_uring operations. That leaves them with just one choice if filtering is critical - filter the actual io_uring_setup(2) system call to simply disallow io_uring. That's rather unfortunate, and has limited us because of it. io_uring already has some filtering support. It requires the ring to be setup in a disabled state, and then a filter set can be applied. This filter set is completely bi-modal - an opcode is either enabled or it's not. Once a filter set is registered, the ring can be enabled. This is very restrictive, and it's not useful at all to systemd or containers which really want both broader and more specific control. This first adds support for cBPF filters for opcodes, which enables tighter control over what exactly a specific opcode may do. As examples, specific support is added for IORING_OP_OPENAT/OPENAT2, allowing filtering on resolve flags. And another example is added for IORING_OP_SOCKET, allowing filtering on domain/type/protocol. These are both common use cases. cBPF was chosen rather than eBPF, because the latter is often restricted in containers as well. These filters are run post the init phase of the request, which allows filters to even dip into data that is being passed in struct in user memory, as the init side of requests make that data stable by bringing it into the kernel. This allows filtering without needing to copy this data twice, or have filters etc know about the exact layout of the user data. The filters get the already copied and sanitized data passed. On top of that support is added for per-task filters, meaning that any ring created with a task that has a per-task filter will get those filters applied when it's created. These filters are inherited across fork as well. Once a filter has been registered, any further added filters may only further restrict what operations are permitted. Filters cannot change the return value of an operation, they can only permit or deny it based on the contents" * tag 'io_uring-bpf-restrictions.4-20260206' of git://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux: io_uring: allow registration of per-task restrictions io_uring: add task fork hook io_uring/bpf_filter: add ref counts to struct io_bpf_filter io_uring/bpf_filter: cache lookup table in ctx->bpf_filters io_uring/bpf_filter: allow filtering on contents of struct open_how io_uring/net: allow filtering on IORING_OP_SOCKET data io_uring: add support for BPF filtering for opcode restrictions |
||
|---|---|---|
| .. | ||
| advise.c | ||
| advise.h | ||
| alloc_cache.c | ||
| alloc_cache.h | ||
| bpf_filter.c | ||
| bpf_filter.h | ||
| cancel.c | ||
| cancel.h | ||
| cmd_net.c | ||
| epoll.c | ||
| epoll.h | ||
| eventfd.c | ||
| eventfd.h | ||
| fdinfo.c | ||
| fdinfo.h | ||
| filetable.c | ||
| filetable.h | ||
| fs.c | ||
| fs.h | ||
| futex.c | ||
| futex.h | ||
| io-wq.c | ||
| io-wq.h | ||
| io_uring.c | ||
| io_uring.h | ||
| kbuf.c | ||
| kbuf.h | ||
| Kconfig | ||
| Makefile | ||
| memmap.c | ||
| memmap.h | ||
| mock_file.c | ||
| msg_ring.c | ||
| msg_ring.h | ||
| napi.c | ||
| napi.h | ||
| net.c | ||
| net.h | ||
| nop.c | ||
| nop.h | ||
| notif.c | ||
| notif.h | ||
| opdef.c | ||
| opdef.h | ||
| openclose.c | ||
| openclose.h | ||
| poll.c | ||
| poll.h | ||
| query.c | ||
| query.h | ||
| refs.h | ||
| register.c | ||
| register.h | ||
| rsrc.c | ||
| rsrc.h | ||
| rw.c | ||
| rw.h | ||
| slist.h | ||
| splice.c | ||
| splice.h | ||
| sqpoll.c | ||
| sqpoll.h | ||
| statx.c | ||
| statx.h | ||
| sync.c | ||
| sync.h | ||
| tctx.c | ||
| tctx.h | ||
| timeout.c | ||
| timeout.h | ||
| truncate.c | ||
| truncate.h | ||
| tw.c | ||
| tw.h | ||
| uring_cmd.c | ||
| uring_cmd.h | ||
| wait.c | ||
| wait.h | ||
| waitid.c | ||
| waitid.h | ||
| xattr.c | ||
| xattr.h | ||
| zcrx.c | ||
| zcrx.h | ||