From: Matt Bobrowski <mattbobrowski@google.com>
To: Song Liu <song@kernel.org>
Cc: bpf@vger.kernel.org, ast@kernel.org, kpsingh@kernel.org,
andrii@kernel.org, jannh@google.com, brauner@kernel.org,
linux-fsdevel@vger.kernel.org, jolsa@kernel.org,
daniel@iogearbox.net, memxor@gmail.com
Subject: Re: [PATCH v3 bpf-next 1/3] bpf: introduce new VFS based BPF kfuncs
Date: Sun, 28 Jul 2024 19:52:29 +0000 [thread overview]
Message-ID: <ZqahfTVzrs33tE95@google.com> (raw)
In-Reply-To: <CAPhsuW4WcksBrLkwr8zwTZttmbpQCw1=D95Qs+X7Kj5zkTMA6g@mail.gmail.com>
On Fri, Jul 26, 2024 at 04:52:50PM -0700, Song Liu wrote:
> On Fri, Jul 26, 2024 at 1:56 AM Matt Bobrowski <mattbobrowski@google.com> wrote:
> >
> > Add a new variant of bpf_d_path() named bpf_path_d_path() which takes
> > the form of a BPF kfunc and enforces KF_TRUSTED_ARGS semantics onto
> > its arguments.
> >
> > This new d_path() based BPF kfunc variant is intended to address the
> > legacy bpf_d_path() BPF helper's susceptibility to memory corruption
> > issues [0, 1, 2] by ensuring to only operate on supplied arguments
> > which are deemed trusted by the BPF verifier. Typically, this means
> > that only pointers to a struct path which have been referenced counted
> > may be supplied.
> >
> > In addition to the new bpf_path_d_path() BPF kfunc, we also add a
> > KF_ACQUIRE based BPF kfunc bpf_get_task_exe_file() and KF_RELEASE
> > counterpart BPF kfunc bpf_put_file(). This is so that the new
> > bpf_path_d_path() BPF kfunc can be used more flexibility from within
> > the context of a BPF LSM program. It's rather common to ascertain the
> > backing executable file for the calling process by performing the
> > following walk current->mm->exe_file while instrumenting a given
> > operation from the context of the BPF LSM program. However, walking
> > current->mm->exe_file directly is never deemed to be OK, and doing so
> > from both inside and outside of BPF LSM program context should be
> > considered as a bug. Using bpf_get_task_exe_file() and in turn
> > bpf_put_file() will allow BPF LSM programs to reliably get and put
> > references to current->mm->exe_file.
> >
> > As of now, all the newly introduced BPF kfuncs within this patch are
> > limited to sleepable BPF LSM program types. Therefore, they may only
> > be called when a BPF LSM program is attached to one of the listed
> > attachment points defined within the sleepable_lsm_hooks BTF ID set.
> >
> > [0] https://lore.kernel.org/bpf/CAG48ez0ppjcT=QxU-jtCUfb5xQb3mLr=5FcwddF_VKfEBPs_Dg@mail.gmail.com/
> > [1] https://lore.kernel.org/bpf/20230606181714.532998-1-jolsa@kernel.org/
> > [2] https://lore.kernel.org/bpf/20220219113744.1852259-1-memxor@gmail.com/
> >
> > Signed-off-by: Matt Bobrowski <mattbobrowski@google.com>
>
> checkpatch reported a few syntax issues on this one:
>
> https://netdev.bots.linux.dev/static/nipa/874023/13742510/checkpatch/stdout
Thanks for making aware, all has been addressed.
/M
next prev parent reply other threads:[~2024-07-28 19:52 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-26 8:56 [PATCH v3 bpf-next 0/3] introduce new VFS based BPF kfuncs Matt Bobrowski
2024-07-26 8:56 ` [PATCH v3 bpf-next 1/3] bpf: " Matt Bobrowski
2024-07-26 13:18 ` Christian Brauner
2024-07-26 20:31 ` Matt Bobrowski
2024-07-26 20:43 ` Alexei Starovoitov
2024-07-28 20:35 ` Matt Bobrowski
2024-07-26 21:25 ` Song Liu
2024-07-26 21:49 ` Matt Bobrowski
2024-07-26 22:48 ` Song Liu
2024-07-28 20:29 ` Matt Bobrowski
2024-07-29 10:56 ` Christian Brauner
2024-07-29 11:11 ` Matt Bobrowski
2024-07-26 23:52 ` Song Liu
2024-07-28 19:52 ` Matt Bobrowski [this message]
2024-07-26 8:56 ` [PATCH v3 bpf-next 2/3] selftests/bpf: add negative tests for " Matt Bobrowski
2024-07-26 23:38 ` Song Liu
2024-07-28 19:34 ` Matt Bobrowski
2024-07-26 8:56 ` [PATCH v3 bpf-next 3/3] selftests/bpf: add positive " Matt Bobrowski
2024-07-26 23:44 ` Song Liu
2024-07-26 13:22 ` [PATCH v3 bpf-next 0/3] introduce " Christian Brauner
2024-07-26 20:22 ` Matt Bobrowski
2024-07-26 20:35 ` Alexei Starovoitov
2024-07-30 7:37 ` Christian Brauner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZqahfTVzrs33tE95@google.com \
--to=mattbobrowski@google.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=brauner@kernel.org \
--cc=daniel@iogearbox.net \
--cc=jannh@google.com \
--cc=jolsa@kernel.org \
--cc=kpsingh@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=memxor@gmail.com \
--cc=song@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).