From: Christian Brauner <brauner@kernel.org>
To: Juntong Deng <juntong.deng@outlook.com>
Cc: ast@kernel.org, daniel@iogearbox.net, john.fastabend@gmail.com,
andrii@kernel.org, martin.lau@linux.dev, eddyz87@gmail.com,
song@kernel.org, yonghong.song@linux.dev, kpsingh@kernel.org,
sdf@fomichev.me, haoluo@google.com, jolsa@kernel.org,
memxor@gmail.com, snorcht@gmail.com, bpf@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH bpf-next v9 4/5] bpf: Make fs kfuncs available for SYSCALL program type
Date: Thu, 30 Jan 2025 16:32:11 +0100 [thread overview]
Message-ID: <20250130-dauer-stich-21e0f1f09568@brauner> (raw)
In-Reply-To: <AM6PR03MB50809BB6156BF239C4AC28C799EC2@AM6PR03MB5080.eurprd03.prod.outlook.com>
On Mon, Jan 27, 2025 at 11:46:53PM +0000, Juntong Deng wrote:
> Currently fs kfuncs are only available for LSM program type, but fs
> kfuncs are general and useful for scenarios other than LSM.
>
> This patch makes fs kfuncs available for SYSCALL program type.
>
> Signed-off-by: Juntong Deng <juntong.deng@outlook.com>
> ---
I still have a hard time understanding what syscall program types do and
why we should want to allow the usage of all current fs functions that
were added for LSMs specifically to such program types. I can't say
anything about this until I have a rough understanding what a syscall
bpf program allows you to do and what it's used for. Preferably some
example.
> fs/bpf_fs_kfuncs.c | 14 ++++++--------
> 1 file changed, 6 insertions(+), 8 deletions(-)
>
> diff --git a/fs/bpf_fs_kfuncs.c b/fs/bpf_fs_kfuncs.c
> index 4a810046dcf3..8a7e9ed371de 100644
> --- a/fs/bpf_fs_kfuncs.c
> +++ b/fs/bpf_fs_kfuncs.c
> @@ -26,8 +26,6 @@ __bpf_kfunc_start_defs();
> * acquired by this BPF kfunc will result in the BPF program being rejected by
> * the BPF verifier.
> *
> - * This BPF kfunc may only be called from BPF LSM programs.
> - *
> * Internally, this BPF kfunc leans on get_task_exe_file(), such that calling
> * bpf_get_task_exe_file() would be analogous to calling get_task_exe_file()
> * directly in kernel context.
> @@ -49,8 +47,6 @@ __bpf_kfunc struct file *bpf_get_task_exe_file(struct task_struct *task)
> * passed to this BPF kfunc. Attempting to pass an unreferenced file pointer, or
> * any other arbitrary pointer for that matter, will result in the BPF program
> * being rejected by the BPF verifier.
> - *
> - * This BPF kfunc may only be called from BPF LSM programs.
> */
> __bpf_kfunc void bpf_put_file(struct file *file)
> {
> @@ -70,8 +66,6 @@ __bpf_kfunc void bpf_put_file(struct file *file)
> * reference, or else the BPF program will be outright rejected by the BPF
> * verifier.
> *
> - * This BPF kfunc may only be called from BPF LSM programs.
> - *
> * Return: A positive integer corresponding to the length of the resolved
> * pathname in *buf*, including the NUL termination character. On error, a
> * negative integer is returned.
> @@ -184,7 +178,8 @@ BTF_KFUNCS_END(bpf_fs_kfunc_set_ids)
> static int bpf_fs_kfuncs_filter(const struct bpf_prog *prog, u32 kfunc_id)
> {
> if (!btf_id_set8_contains(&bpf_fs_kfunc_set_ids, kfunc_id) ||
> - prog->type == BPF_PROG_TYPE_LSM)
> + prog->type == BPF_PROG_TYPE_LSM ||
> + prog->type == BPF_PROG_TYPE_SYSCALL)
> return 0;
> return -EACCES;
> }
> @@ -197,7 +192,10 @@ static const struct btf_kfunc_id_set bpf_fs_kfunc_set = {
>
> static int __init bpf_fs_kfuncs_init(void)
> {
> - return register_btf_kfunc_id_set(BPF_PROG_TYPE_LSM, &bpf_fs_kfunc_set);
> + int ret;
> +
> + ret = register_btf_kfunc_id_set(BPF_PROG_TYPE_LSM, &bpf_fs_kfunc_set);
> + return ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_SYSCALL, &bpf_fs_kfunc_set);
> }
>
> late_initcall(bpf_fs_kfuncs_init);
> --
> 2.39.5
>
next prev parent reply other threads:[~2025-01-30 15:32 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-27 23:44 [PATCH bpf-next v9 0/5] bpf: Add open-coded style process file iterator and bpf_fget_task() kfunc Juntong Deng
2025-01-27 23:46 ` [PATCH bpf-next v9 1/5] bpf: Introduce task_file open-coded iterator kfuncs Juntong Deng
2025-01-30 2:35 ` Alexei Starovoitov
2025-01-30 16:04 ` Christian Brauner
2025-01-30 16:35 ` Linus Torvalds
2025-01-31 5:52 ` Al Viro
2025-01-27 23:46 ` [PATCH bpf-next v9 2/5] selftests/bpf: Add tests for open-coded style process file iterator Juntong Deng
2025-01-27 23:46 ` [PATCH bpf-next v9 3/5] bpf: Add bpf_fget_task() kfunc Juntong Deng
2025-01-27 23:46 ` [PATCH bpf-next v9 4/5] bpf: Make fs kfuncs available for SYSCALL program type Juntong Deng
2025-01-30 15:32 ` Christian Brauner [this message]
2025-01-27 23:46 ` [PATCH bpf-next v9 5/5] selftests/bpf: Add tests for bpf_fget_task() kfunc Juntong Deng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250130-dauer-stich-21e0f1f09568@brauner \
--to=brauner@kernel.org \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=eddyz87@gmail.com \
--cc=haoluo@google.com \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=juntong.deng@outlook.com \
--cc=kpsingh@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=martin.lau@linux.dev \
--cc=memxor@gmail.com \
--cc=sdf@fomichev.me \
--cc=snorcht@gmail.com \
--cc=song@kernel.org \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox