bpf, fsverity: Add kfunc bpf_get_fsverity_digest

fsverity provides fast and reliable hash of files, namely fsverity_digest. The digest can be used by security solutions to verify file contents. Add new kfunc bpf_get_fsverity_digest() so that we can access fsverity from BPF LSM programs. This kfunc is added to fs/verity/measure.c because some data structure used in the function is private to fsverity (fs/verity/fsverity_private.h). To avoid recursion, bpf_get_fsverity_digest is only allowed in BPF LSM programs. Signed-off-by: Song Liu <song@kernel.org> Acked-by: Eric Biggers <ebiggers@google.com> Link: https://lore.kernel.org/r/20231129234417.856536-3-song@kernel.org Signed-off-by: Alexei Starovoitov <ast@kernel.org>
author: Song Liu <song@kernel.org> 2023-11-29 15:44:13 -0800
committer: Alexei Starovoitov <ast@kernel.org> 2023-12-01 16:21:03 -0800
commit: 67814c00de3161181cddd06c77aeaf86ac4cc584 (patch)
tree: ec467b83873691b94b7e4ded55a4abdfa46ef41c /fs/verity/init.c
parent: ac9c05e0e453cfcab2866f6d28f257590e4f66e5 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/fs/verity/init.c b/fs/verity/init.c
index a29f062f6047..1e207c0f71de 100644
--- a/fs/verity/init.c
+++ b/fs/verity/init.c
@@ -69,6 +69,7 @@ static int __init fsverity_init(void)
 	fsverity_init_workqueue();
 	fsverity_init_sysctl();
 	fsverity_init_signature();
+	fsverity_init_bpf();
 	return 0;
 }
 late_initcall(fsverity_init)
author	Song Liu <song@kernel.org>	2023-11-29 15:44:13 -0800
committer	Alexei Starovoitov <ast@kernel.org>	2023-12-01 16:21:03 -0800
commit	67814c00de3161181cddd06c77aeaf86ac4cc584 (patch)
tree	ec467b83873691b94b7e4ded55a4abdfa46ef41c /fs/verity/init.c
parent	ac9c05e0e453cfcab2866f6d28f257590e4f66e5 (diff)