bpf: Implement exclusive map creation

Exclusive maps allow maps to only be accessed by program with a program with a matching hash which is specified in the excl_prog_hash attr. For the signing use-case, this allows the trusted loader program to load the map and verify the integrity Signed-off-by: KP Singh <kpsingh@kernel.org> Link: https://lore.kernel.org/r/20250914215141.15144-3-kpsingh@kernel.org Signed-off-by: Alexei Starovoitov <ast@kernel.org>
author: KP Singh <kpsingh@kernel.org> 2025-09-15 00:51:31 +0300
committer: Alexei Starovoitov <ast@kernel.org> 2025-09-19 05:11:42 +0300
commit: baefdbdf6812e120c9fba9cfb101d3656f478026 (patch)
tree: 222ccd1c61819475bb6a46a761b7d5e4092c1e6c /include/uapi
parent: 603b4416232524dafde8e2cf859788dae786dea1 (diff)
download: linux-baefdbdf6812e120c9fba9cfb101d3656f478026.tar.xz
1 files changed, 6 insertions, 0 deletions
diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
index 233de8677382..57687b2e1c47 100644
--- a/include/uapi/linux/bpf.h
+++ b/include/uapi/linux/bpf.h
@@ -1522,6 +1522,12 @@ union bpf_attr {
 		 * If provided, map_flags should have BPF_F_TOKEN_FD flag set.
 		 */
 		__s32	map_token_fd;
+
+		/* Hash of the program that has exclusive access to the map.
+		 */
+		__aligned_u64 excl_prog_hash;
+		/* Size of the passed excl_prog_hash. */
+		__u32 excl_prog_hash_size;
 	};
 
 	struct { /* anonymous struct used by BPF_MAP_*_ELEM and BPF_MAP_FREEZE commands */
author	KP Singh <kpsingh@kernel.org>	2025-09-15 00:51:31 +0300
committer	Alexei Starovoitov <ast@kernel.org>	2025-09-19 05:11:42 +0300
commit	baefdbdf6812e120c9fba9cfb101d3656f478026 (patch)
tree	222ccd1c61819475bb6a46a761b7d5e4092c1e6c /include/uapi
parent	603b4416232524dafde8e2cf859788dae786dea1 (diff)
download	linux-baefdbdf6812e120c9fba9cfb101d3656f478026.tar.xz