Hi Al Christian and Jan, Could you please help review this set? The fs side change is in 1/7 (already reviewed by fs folks) and 6/7. Thanks, Song On Thu, Jan 9, 2025 at 5:13 PM Song Liu <song@xxxxxxxxxx> wrote: > > Add support to set and remove xattr from BPF program. Also add > security.bpf. xattr name prefix. > > kfuncs are added to set and remove xattrs with security.bpf. name > prefix. Update kfuncs bpf_get_[file|dentry]_xattr to read xattrs > with security.bpf. name prefix. Note that BPF programs can read > user. xattrs, but not write and remove them. > > To pick the right version of kfunc to use, a remap logic is added to > btf_kfunc_id_set. This helps move some kfunc specific logic off the > verifier core code. Also use this remap logic to select > bpf_dynptr_from_skb or bpf_dynptr_from_skb_rdonly. > > > Cover letter of v1 and v2: > > Follow up discussion in LPC 2024 [1], that we need security.bpf xattr > prefix. This set adds "security.bpf." xattr name prefix, and allows > bpf kfuncs bpf_get_[file|dentry]_xattr() to read these xattrs. > > [1] https://lpc.events/event/18/contributions/1940/ > > Changes v8 => v9 > 1. Fix build for CONFIG_DEBUG_INFO_BTF=n case. (kernel test robot) > > v8: https://lore.kernel.org/bpf/20250108225140.3467654-1-song@xxxxxxxxxx/ > > Changes v7 => v8 > 1. Rebase and resolve conflicts. > > v7: https://lore.kernel.org/bpf/20241219221439.2455664-1-song@xxxxxxxxxx/ > > Changes v6 => v7 > 1. Move btf_kfunc_id_remap() to the right place. (Bug reported by CI) > > v6: https://lore.kernel.org/bpf/20241219202536.1625216-1-song@xxxxxxxxxx/ > > Changes v5 => v6 > 1. Hide _locked version of the kfuncs from vmlinux.h (Alexei) > 2. Add remap logic to btf_kfunc_id_set and use that to pick the correct > version of kfuncs to use. > 3. Also use the remap logic for bpf_dynptr_from_skb[|_rdonly]. > > v5: https://lore.kernel.org/bpf/20241218044711.1723221-1-song@xxxxxxxxxx/ > > Changes v4 => v5 > 1. Let verifier pick proper kfunc (_locked or not _locked) based on the > calling context. (Alexei) > 2. Remove the __failure test (6/6 of v4). > > v4: https://lore.kernel.org/bpf/20241217063821.482857-1-song@xxxxxxxxxx/ > > Changes v3 => v4 > 1. Do write permission check with inode locked. (Jan Kara) > 2. Fix some source_inline warnings. > > v3: https://lore.kernel.org/bpf/20241210220627.2800362-1-song@xxxxxxxxxx/ > > Changes v2 => v3 > 1. Add kfuncs to set and remove xattr from BPF programs. > > v2: https://lore.kernel.org/bpf/20241016070955.375923-1-song@xxxxxxxxxx/ > > Changes v1 => v2 > 1. Update comment of bpf_get_[file|dentry]_xattr. (Jiri Olsa) > 2. Fix comment for return value of bpf_get_[file|dentry]_xattr. > > v1: https://lore.kernel.org/bpf/20241002214637.3625277-1-song@xxxxxxxxxx/ > > Song Liu (7): > fs/xattr: bpf: Introduce security.bpf. xattr name prefix > selftests/bpf: Extend test fs_kfuncs to cover security.bpf. xattr > names > bpf: lsm: Add two more sleepable hooks > bpf: Extend btf_kfunc_id_set to handle kfunc polymorphism > bpf: Use btf_kfunc_id_set.remap logic for bpf_dynptr_from_skb > bpf: fs/xattr: Add BPF kfuncs to set and remove xattrs > selftests/bpf: Test kfuncs that set and remove xattr from BPF programs > > fs/bpf_fs_kfuncs.c | 246 +++++++++++++++++- > include/linux/bpf_lsm.h | 2 + > include/linux/btf.h | 20 ++ > include/linux/btf_ids.h | 4 + > include/uapi/linux/xattr.h | 4 + > kernel/bpf/bpf_lsm.c | 2 + > kernel/bpf/btf.c | 117 +++++++-- > kernel/bpf/verifier.c | 31 +-- > net/core/filter.c | 49 +++- > tools/testing/selftests/bpf/bpf_kfuncs.h | 5 + > .../selftests/bpf/prog_tests/fs_kfuncs.c | 162 +++++++++++- > .../selftests/bpf/progs/test_get_xattr.c | 28 +- > .../bpf/progs/test_set_remove_xattr.c | 133 ++++++++++ > 13 files changed, 740 insertions(+), 63 deletions(-) > create mode 100644 tools/testing/selftests/bpf/progs/test_set_remove_xattr.c > > -- > 2.43.5
