On Tue, Jun 28, 2022 at 7:23 PM Al Viro <viro@xxxxxxxxxxxxxxxxxx> wrote: > > On Tue, Jun 28, 2022 at 04:19:47PM +0000, KP Singh wrote: > > LSMs like SELinux store security state in xattrs. bpf_getxattr enables > > BPF LSM to implement similar functionality. In combination with > > bpf_local_storage, xattrs can be used to develop more complex security > > policies. > > > > This kfunc wraps around __vfs_getxattr which can sleep and is, > > therefore, limited to sleepable programs using the newly added > > sleepable_set for kfuncs. > > "Sleepable" is nowhere near enough - for a trivial example, consider > what e.g. ext2_xattr_get() does. > down_read(&EXT2_I(inode)->xattr_sem); > in there means that having that thing executed in anything that happens > to hold ->xattr_sem is a deadlock fodder. > We could limit this to sleepable LSM hooks: https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/tree/kernel/bpf/bpf_lsm.c#n169 and when we have abilities to tag kernel functions and pointers with the work Yonghong did (e.g. https://reviews.llvm.org/D113496) we can expand the set. > "Can't use that in BPF program executed in non-blocking context" is > *not* sufficient to make it safe.
