On 7/25/21 7:18 AM, Hengqi Chen wrote:
Add vfs_* and security_* to bpf_d_path allowlist, so that we can use bpf_d_path helper to extract full file path from these functions' `struct path *` and `struct file *` arguments. This will help tools like IOVisor's filetop[2]/filelife to get full file path.
Please use bcc intead of IOVisor. What is "[2]" in "filetop[2]"?
Signed-off-by: Hengqi Chen <hengqi.chen@xxxxxxxxx>
LGTM with minor comments below. Acked-by: Yonghong Song <yhs@xxxxxx>
--- kernel/trace/bpf_trace.c | 52 ++++++++++++++++++++++++++++++++++++++-- 1 file changed, 50 insertions(+), 2 deletions(-) diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c index c5e0b6a64091..355777b5bf63 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c @@ -850,16 +850,64 @@ BPF_CALL_3(bpf_d_path, struct path *, path, char *, buf, u32, sz) BTF_SET_START(btf_allowlist_d_path) #ifdef CONFIG_SECURITY BTF_ID(func, security_file_permission) -BTF_ID(func, security_inode_getattr) BTF_ID(func, security_file_open) +BTF_ID(func, security_file_ioctl) +BTF_ID(func, security_file_free) +BTF_ID(func, security_file_alloc) +BTF_ID(func, security_file_lock) +BTF_ID(func, security_file_fcntl) +BTF_ID(func, security_file_set_fowner) +BTF_ID(func, security_file_receive) +BTF_ID(func, security_inode_getattr) +BTF_ID(func, security_sb_mount) +BTF_ID(func, security_bprm_check)
Here and also below "segments" (security_path_* functions, and later vfs_*/dentry_open/filp_close functions), maybe you can list functions with increasing alphabet order. This will make it easy to check whether a particular function exists or not and whether we miss anything. There are more security_bprm_* functions, e.g., security_bprm_creds_from_file, security_bprm_committing_creds and security_bprm_committed_creds. These functions all have "struct linux_binprm *bprm" parameters. Maybe we can add these few functions as well in this round.
#endif #ifdef CONFIG_SECURITY_PATH BTF_ID(func, security_path_truncate) +BTF_ID(func, security_path_notify) +BTF_ID(func, security_path_unlink) +BTF_ID(func, security_path_mkdir) +BTF_ID(func, security_path_rmdir) +BTF_ID(func, security_path_mknod) +BTF_ID(func, security_path_symlink) +BTF_ID(func, security_path_link) +BTF_ID(func, security_path_rename) +BTF_ID(func, security_path_chmod) +BTF_ID(func, security_path_chown) +BTF_ID(func, security_path_chroot) #endif BTF_ID(func, vfs_truncate) BTF_ID(func, vfs_fallocate) -BTF_ID(func, dentry_open) BTF_ID(func, vfs_getattr) +BTF_ID(func, vfs_fadvise) +BTF_ID(func, vfs_fchmod) +BTF_ID(func, vfs_fchown) +BTF_ID(func, vfs_open) +BTF_ID(func, vfs_setpos) +BTF_ID(func, vfs_llseek) +BTF_ID(func, vfs_read) +BTF_ID(func, vfs_write) +BTF_ID(func, vfs_iocb_iter_read) +BTF_ID(func, vfs_iter_read) +BTF_ID(func, vfs_readv) +BTF_ID(func, vfs_iocb_iter_write) +BTF_ID(func, vfs_iter_write) +BTF_ID(func, vfs_writev) +BTF_ID(func, vfs_copy_file_range) +BTF_ID(func, vfs_getattr_nosec) +BTF_ID(func, vfs_ioctl) +BTF_ID(func, vfs_fsync_range) +BTF_ID(func, vfs_fsync) +BTF_ID(func, vfs_utimes) +BTF_ID(func, vfs_statfs) +BTF_ID(func, vfs_dedupe_file_range_one) +BTF_ID(func, vfs_dedupe_file_range) +BTF_ID(func, vfs_clone_file_range) +BTF_ID(func, vfs_cancel_lock) +BTF_ID(func, vfs_test_lock) +BTF_ID(func, vfs_setlease) +BTF_ID(func, vfs_lock_file)
I double checked that for the above three lock related functions (vfs_cancel_lock, vfs_test_lock, vfs_lock_file), I double checked d_path does not use these locks, so we should be fine.
+BTF_ID(func, dentry_open) BTF_ID(func, filp_close) BTF_SET_END(btf_allowlist_d_path) -- 2.25.1
