On Thu, May 12, 2022 at 10:30 AM Alexei Starovoitov
<alexei.starovoitov@xxxxxxxxx> wrote:
>
> On Thu, May 12, 2022 at 9:50 AM KP Singh <kpsingh@xxxxxxxxxx> wrote:
> >
> > +BPF_CALL_5(bpf_getxattr, struct user_namespace *, mnt_userns, struct dentry *,
> > + dentry, void *, name, void *, value, size_t, value_size)
> > +{
> > + return vfs_getxattr(mnt_userns, dentry, name, value, value_size);
> > +}
>
> It will deadlock in tracing, since it grabs all kinds of locks
> and calls lsm hooks (potentially calling other bpf progs).
I wonder if we can limit these to just sleepable LSM programs
and for sleepable hooks + programs.
> It probably should be sleepable only.
Yes, it's currently sleepable only.
> Also there is no need to make it uapi.
> kfunc is a better interface here.
Sure, let me try with kfunc, simple wrappers like
these are a good use-case for kfuncs.
> __vfs_getxattr() is probably better too,
> since vfs_getxattr() calls xattr_permission which calls
> a bunch of capable*() which will return "random values"
Agreed.
> depending on the current task, since it's called from bpf prog.
