On Fri, Nov 3, 2023 at 5:13 PM Song Liu <song@xxxxxxxxxx> wrote: > > It is common practice for security solutions to store tags/labels in > xattrs. To implement similar functionalities in BPF LSM, add new kfunc > bpf_get_file_xattr(). > > The first use case of bpf_get_file_xattr() is to implement file > verifications with asymmetric keys. Specificially, security applications > could use fsverity for file hashes and use xattr to store file signatures. > (kfunc for fsverity hash will be added in a separate commit.) > > Currently, only xattrs with "user." prefix can be read with kfunc > bpf_get_file_xattr(). As use cases evolve, we may add a dedicated prefix > for bpf_get_file_xattr(). > > To avoid recursion, bpf_get_file_xattr can be only called from LSM hooks. Song, have you studied the prior attempt to add this kfunc? https://lore.kernel.org/bpf/20220628161948.475097-1-kpsingh@xxxxxxxxxx/ file instead of (dentry,inode) pair makes sense, and restricting to "user." prefix makes sense to me as well, but you need to cc vfs experts in the future. > + * For security reasons, only *name__str* with prefix "user." is allowed. > + * > + * Return: 0 on success, a negative value on error. > + */ > +__bpf_kfunc int bpf_get_file_xattr(struct file *file, const char *name__str, > + struct bpf_dynptr_kern *value_ptr) > +{ > + struct dentry *dentry; > + u32 value_len; > + void *value; > + > + if (strncmp(name__str, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) > + return -EPERM; > + > + value_len = __bpf_dynptr_size(value_ptr); > + value = __bpf_dynptr_data_rw(value_ptr, value_len); > + if (!value) > + return -EINVAL; > + > + dentry = file_dentry(file); > + return __vfs_getxattr(dentry, dentry->d_inode, name__str, value, value_len); > +} > + > +__diag_pop(); > + > +BTF_SET8_START(fs_kfunc_set_ids) > +BTF_ID_FLAGS(func, bpf_get_file_xattr, KF_SLEEPABLE | KF_TRUSTED_ARGS) See earlier Al's point. Just sleepable is not enough.
