From: KP Singh <kpsingh@kernel.org>
To: Dave Chinner <david@fromorbit.com>
Cc: Christian Brauner <brauner@kernel.org>,
bpf@vger.kernel.org, linux-security-module@vger.kernel.org,
linux-fsdevel@vger.kernel.org,
Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Andrii Nakryiko <andrii@kernel.org>,
Benjamin Tissoires <benjamin.tissoires@redhat.com>,
Yosry Ahmed <yosryahmed@google.com>
Subject: Re: [PATCH v5 bpf-next 0/5] Add bpf_getxattr
Date: Wed, 29 Jun 2022 04:05:48 +0200 [thread overview]
Message-ID: <CACYkzJ70uqVJr5EnM0i03Lu+zkuSsXOXcOLQoUS6HZPqH=skpQ@mail.gmail.com> (raw)
In-Reply-To: <CACYkzJ7dyY7m8gmHkhWQ0CCLLbq9BaYBzMnjV2eWADYoys9T8w@mail.gmail.com>
On Wed, Jun 29, 2022 at 4:00 AM KP Singh <kpsingh@kernel.org> wrote:
>
> On Wed, Jun 29, 2022 at 3:36 AM Dave Chinner <david@fromorbit.com> wrote:
> >
> > On Tue, Jun 28, 2022 at 07:21:42PM +0200, KP Singh wrote:
> > > On Tue, Jun 28, 2022 at 7:20 PM KP Singh <kpsingh@kernel.org> wrote:
> > > > On Tue, Jun 28, 2022 at 7:13 PM Christian Brauner <brauner@kernel.org> wrote:
> > > > > On Tue, Jun 28, 2022 at 04:19:43PM +0000, KP Singh wrote:
> > > > > > v4 -> v5
> > > > > >
> > > > > > - Fixes suggested by Andrii
> > > > > >
> > > > > > v3 -> v4
> > > > > >
> > > > > > - Fixed issue incorrect increment of arg counter
> > > > > > - Removed __weak and noinline from kfunc definiton
> > > > > > - Some other minor fixes.
> > > > > >
> > > > > > v2 -> v3
> > > > > >
> > > > > > - Fixed missing prototype error
> > > > > > - Fixes suggested by other Joanne and Kumar.
> > > > > >
> > > > > > v1 -> v2
> > > > > >
> > > > > > - Used kfuncs as suggested by Alexei
> > > > > > - Used Benjamin Tissoires' patch from the HID v4 series to add a
> > > > > > sleepable kfunc set (I sent the patch as a part of this series as it
> > > > > > seems to have been dropped from v5) and acked it. Hope this is okay.
> > > > > > - Added support for verifying string constants to kfuncs
> > > > >
> > > > > Hm, I mean this isn't really giving any explanation as to why you are
> > > > > doing this. There's literally not a single sentence about the rationale?
> > > > > Did you accidently forget to put that into the cover letter? :)
> > > >
> > > >
> > > > Yes, actually I did forget to copy paste :)
> > > >
> > > > Foundation for building more complex security policies using the
> > > > BPF LSM as presented in LSF/MM/BPF:
> > > >
> > > > http://vger.kernel.org/bpfconf2022_material/lsfmmbpf2022-xattr.pdf\
> > >
> > > And my copy paste skills are getting worse (with the back-slash removed):
> > >
> > > http://vger.kernel.org/bpfconf2022_material/lsfmmbpf2022-xattr.pdf
> >
> > There's literally zero information in that link, so I still have no
> > clue on what this does and how it interacts with filesystem xattr
> > code.
>
> This is literally a wrapper around __vfs_getxattr which is an exported
> symbol. So, the interaction with the xattr code is the same as
> __vfs_getxattr interacts currently.
>
> ssize_t bpf_getxattr(struct dentry *dentry, struct inode *inode,
> const char *name, void *value, int value__sz)
> {
> return __vfs_getxattr(dentry, inode, name, value, value__sz);
> }
>
> The reason for the wrapper is that the BPF verifier offers
> extra checks on the arguments passed.
>
> https://lore.kernel.org/bpf/20210325015240.1550074-1-kafai@fb.com/T/
>
> has more information on the kfunc support.
>
> >
> > So for those of us who have zero clue as to what you are trying to
> > do, please write a cover letter containing a non-zero amount of
> > information. i.e. a description of the problem, the threat model
> > being addressed, the design of the infrastructure that needs this
> > hook, document assumptions that have been made (e.g. for
> > accessing inode metadata atomically from random bpf contexts), what
>
> The intention is to use this in BPF programs which can only be loaded
> with CAP_SYS_ADMIN.
> We are currently planning on limiting the usage of this kfunc
> to the sleepable LSM hooks listed here:
>
> https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/tree/kernel/bpf/bpf_lsm.c#n169
>
> > xattr namespace(s) this hook should belong/be constrained to,
> > whether you're going to ask for a setxattr hook next, etc.
>
> Fair point, I will resend the series with the details.
>
> >
> > At minimum this is going to need a bunch of documentation for people
> > to understand how to use this - where can I find that?
>
> There are a bunch of examples in selftests on how to use kfuncs in BPF
> and we added a selftests (there is a simple selftests added with this patch
> too).
>
> As to how we will use xattrs to create security policies or use this
> functionality for
> logging, this is work in progress.
In any case, I will update the cover letter with some use-cases
we ideated over in LSF/MM/BPF in the next version.
- KP
>
> Cheers,
> - KP
>
> >
> > Cheers,
> >
> > Dave.
> > --
> > Dave Chinner
> > david@fromorbit.com
prev parent reply other threads:[~2022-06-29 2:06 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-28 16:19 [PATCH v5 bpf-next 0/5] Add bpf_getxattr KP Singh
2022-06-28 16:19 ` [PATCH v5 bpf-next 1/5] btf: Add a new kfunc set which allows to mark a function to be sleepable KP Singh
2022-06-28 16:19 ` [PATCH v5 bpf-next 2/5] bpf: kfunc support for ARG_PTR_TO_CONST_STR KP Singh
2022-06-28 16:19 ` [PATCH v5 bpf-next 3/5] bpf: Allow kfuncs to be used in LSM programs KP Singh
2022-06-28 16:19 ` [PATCH v5 bpf-next 4/5] bpf: Add a bpf_getxattr kfunc KP Singh
2022-06-28 17:22 ` Christian Brauner
2022-06-28 17:23 ` Al Viro
2022-06-28 17:29 ` KP Singh
2022-06-28 16:19 ` [PATCH v5 bpf-next 5/5] bpf/selftests: Add a selftest for bpf_getxattr KP Singh
2022-06-28 17:33 ` Christian Brauner
2022-06-28 17:52 ` KP Singh
2022-06-28 22:28 ` Alexei Starovoitov
2022-06-29 8:11 ` Christian Brauner
2022-06-29 9:55 ` Christian Brauner
2022-06-30 3:02 ` Alexei Starovoitov
2022-06-30 11:45 ` Christian Brauner
2022-06-30 12:21 ` KP Singh
2022-06-30 12:23 ` KP Singh
2022-06-30 13:26 ` Christian Brauner
2022-06-30 13:29 ` KP Singh
2022-06-30 13:47 ` Christian Brauner
2022-06-30 14:37 ` Christian Brauner
2022-06-30 16:10 ` Casey Schaufler
2022-06-30 22:23 ` KP Singh
2022-06-30 23:23 ` Casey Schaufler
2022-07-01 8:32 ` Amir Goldstein
2022-07-01 8:58 ` Christian Brauner
2022-07-01 9:24 ` Amir Goldstein
2022-06-30 16:28 ` Amir Goldstein
2022-06-30 22:25 ` KP Singh
2022-06-28 17:13 ` [PATCH v5 bpf-next 0/5] Add bpf_getxattr Christian Brauner
2022-06-28 17:20 ` KP Singh
2022-06-28 17:21 ` KP Singh
2022-06-29 1:36 ` Dave Chinner
2022-06-29 2:00 ` KP Singh
2022-06-29 2:05 ` KP Singh [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CACYkzJ70uqVJr5EnM0i03Lu+zkuSsXOXcOLQoUS6HZPqH=skpQ@mail.gmail.com' \
--to=kpsingh@kernel.org \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=benjamin.tissoires@redhat.com \
--cc=bpf@vger.kernel.org \
--cc=brauner@kernel.org \
--cc=daniel@iogearbox.net \
--cc=david@fromorbit.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=yosryahmed@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.