On Thu, Mar 07, 2024 at 07:25:05PM -0800, Alexei Starovoitov wrote: > On Thu, Mar 7, 2024 at 12:51 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > > > > On Thu, Mar 7, 2024 at 4:55 AM Christian Brauner <brauner@xxxxxxxxxx> wrote: > > > > > > There's one fundamental question here that we'll need an official answer to: > > > > > > Is it ok for an out-of-tree BPF LSM program, that nobody has ever seen > > > to request access to various helpers in the kernel? > > > > Phrased in a slightly different way, and a bit more generalized: do we > > treat out-of-tree BPF programs the same as we do with out-of-tree > > kernel modules? I believe that's the real question, and if we answer > > that, we should also have our answer for the internal helper function > > question. > > From 10k ft view bpf programs may look like kernel modules, > but looking closely they are very different. > > Modules can read/write any data structure and can call any exported function. > All modules fall into two categories GPL or not. > While bpf progs are divided by program type. > Tracing progs can read any kernel memory safely via probe_read_kernel. > Networking prog can read/write packets, but cannot read kernel memory. > bpf_lsm programs can be called from lsm hooks and > call only kfuncs that were explicitly allowlisted to bpf_lsm prog type. > Furthermore kfuncs have acquire/release semantics enforced by > the verifier. > For example, bpf progs can do bpf_rcu_read_lock() which is > a wrapper around rcu_read_lock() and the verifier will make sure > that bpf_rcu_read_unlock() is called. > Under bpf_rcu_read_lock() bpf programs can dereference __rcu tagged > fields and the verifier will track them as rcu protected objects > until bpf_rcu_read_unlock(). > In other words the verifier is doing sparse-on-steroids analysis > and enforcing it. > Kernel modules are not subject to such enforcement. > > One more distinction: 99.9% of bpf features require a GPL-ed bpf program. > All kfuncs are GPL only. While these are certainly all very nice properties it doesn't change the core question. An out of-tree BPF LSM program is requesting us to add nine vfs helpers to the BPF kfunc api. That out-of-tree BPF LSM program is not even accessible to the public. There is no meaningful difference to an out-of-tree kernel module asking us to add nine functions to the export api. The safety properties don't matter for this. Clearly, they didn't prevent the previous bpf_d_path() stuff from happening. We need rules for how this is supposed to be handled. Unless those rules are clearly specified and make sense we shouldn't be adding BPF kfuncs based on requests from out-of-tree BPF LSMs that amount to "we need this".
