Re: [PATCH bpf-next 2/2] selftests/bpf: Extend test fs_kfuncs to cover security.bpf xattr names

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Christoph,  

> On Oct 14, 2024, at 10:07 PM, Christoph Hellwig <hch@xxxxxxxxxxxxx> wrote:
> 
> On Wed, Oct 02, 2024 at 02:46:37PM -0700, Song Liu wrote:
>> Extend test_progs fs_kfuncs to cover different xattr names. Specifically:
>> xattr name "user.kfuncs", "security.bpf", and "security.bpf.xxx" can be
>> read from BPF program with kfuncs bpf_get_[file|dentry]_xattr(); while
>> "security.bpfxxx" and "security.selinux" cannot be read.
> 
> So you read code from untrusted user.* xattrs?  How can you carve out
> that space and not known any pre-existing userspace cod uses kfuncs
> for it's own purpose?

I don't quite follow the comment here. 

Do you mean user.* xattrs are untrusted (any user can set it), so we 
should not allow BPF programs to read them? Or do you mean xattr 
name "user.kfuncs" might be taken by some use space?

Thanks,
Song





[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux