From: "Mickaël Salaün" <mic@digikod.net>
To: Steven Rostedt <rostedt@goodmis.org>
Cc: "Christian Brauner" <brauner@kernel.org>,
"Günther Noack" <gnoack@google.com>,
"Jann Horn" <jannh@google.com>, "Jeff Xu" <jeffxu@google.com>,
"Justin Suess" <utilityemal77@gmail.com>,
"Kees Cook" <kees@kernel.org>,
"Masami Hiramatsu" <mhiramat@kernel.org>,
"Mathieu Desnoyers" <mathieu.desnoyers@efficios.com>,
"Matthieu Buffet" <matthieu@buffet.re>,
"Mikhail Ivanov" <ivanov.mikhail1@huawei-partners.com>,
"Tingmao Wang" <m@maowtm.org>,
kernel-team@cloudflare.com, linux-fsdevel@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-trace-kernel@vger.kernel.org
Subject: Re: [PATCH v2 12/17] landlock: Add tracepoints for ptrace and scope denials
Date: Tue, 7 Apr 2026 15:00:27 +0200 [thread overview]
Message-ID: <20260407.Aesoo2sairai@digikod.net> (raw)
In-Reply-To: <20260406110123.4072a765@gandalf.local.home>
On Mon, Apr 06, 2026 at 11:01:23AM -0400, Steven Rostedt wrote:
> On Mon, 6 Apr 2026 16:37:10 +0200
> Mickaël Salaün <mic@digikod.net> wrote:
>
> > ---
> > include/trace/events/landlock.h | 135 ++++++++++++++++++++++++++++++++
> > security/landlock/log.c | 20 +++++
> > 2 files changed, 155 insertions(+)
> >
> > diff --git a/include/trace/events/landlock.h b/include/trace/events/landlock.h
> > index 1afab091efba..9f96c9897f44 100644
> > --- a/include/trace/events/landlock.h
> > +++ b/include/trace/events/landlock.h
> > @@ -11,6 +11,7 @@
> > #define _TRACE_LANDLOCK_H
> >
> > #include <linux/tracepoint.h>
> > +#include <net/af_unix.h>
> >
> > struct dentry;
> > struct landlock_domain;
> > @@ -19,6 +20,7 @@ struct landlock_rule;
> > struct landlock_ruleset;
> > struct path;
> > struct sock;
> > +struct task_struct;
> >
> > /**
> > * DOC: Landlock trace events
> > @@ -433,6 +435,139 @@ TRACE_EVENT(
> > __entry->log_new_exec, __entry->blockers, __entry->sport,
> > __entry->dport));
> >
> > +/**
> > + * landlock_deny_ptrace - ptrace access denied
> > + * @hierarchy: Hierarchy node that blocked the access (never NULL)
> > + * @same_exec: Whether the current task is the same executable that called
> > + * landlock_restrict_self() for the denying hierarchy node
> > + * @tracee: Target task (never NULL); eBPF can read pid, comm, cred,
> > + * namespaces, and cgroup via BTF
> > + */
> > +TRACE_EVENT(
> > + landlock_deny_ptrace,
> > +
> > + TP_PROTO(const struct landlock_hierarchy *hierarchy, bool same_exec,
> > + const struct task_struct *tracee),
> > +
> > + TP_ARGS(hierarchy, same_exec, tracee),
> > +
> > + TP_STRUCT__entry(
> > + __field(__u64, domain_id) __field(bool, same_exec)
> > + __field(u32, log_same_exec) __field(u32, log_new_exec)
> > + __field(pid_t, tracee_pid)
> > + __string(tracee_comm, tracee->comm)),
>
> Event formats are different than normal macro formatting. Please use the
> event formatting. The above is a defined structure that is being created
> for use. Keep it looking like a structure:
>
> TP_STRUCT__entry(
> __field( __u64, domain_id)
> __field( bool, same_exec)
> __field( u32, log_same_exec)
> __field( u32, log_new_exec)
> __field( pid_t, tracee_pid)
> __string( tracee_comm, tracee->comm)
> ),
I was using clang-format, but it doesn't make sense here, I'll fix it.
>
> See how the above resembles:
>
> struct entry {
> __u64 domain_id;
> bool same_exec;
> u32 log_same_exec;
> u32 log_new_exec;
> pid_t tracee_pid;
> string tracee_comm;
> };
>
> Because that's pretty much what the trace event TP_STRUCT__entry() is going
> to do with it. (The string will obviously be something else).
>
> This way it's also easy to spot wholes in the structure that is written
> into the ring buffer. The "same_exec" being a bool followed by two u32
> types, is going to cause a hole. Move it to between tracee_pid and
> tracee_comm.
Actually, the log_* field should be bool too. Anyway, is it a concern
that the ring buffer leaks (previous event) kernel memory or is the
concern mostly about avoiding wasted space and making easy to spot holes
even if it's OK?
>
> Please fix the other events too.
Sure. Thanks!
>
> -- Steve
>
>
> > +
> > + TP_fast_assign(__entry->domain_id = hierarchy->id;
> > + __entry->same_exec = same_exec;
> > + __entry->log_same_exec = hierarchy->log_same_exec;
> > + __entry->log_new_exec = hierarchy->log_new_exec;
> > + __entry->tracee_pid =
> > + task_tgid_nr((struct task_struct *)tracee);
> > + __assign_str(tracee_comm);),
> > +
> > + TP_printk(
> > + "domain=%llx same_exec=%d log_same_exec=%u log_new_exec=%u tracee_pid=%d comm=%s",
> > + __entry->domain_id, __entry->same_exec, __entry->log_same_exec,
> > + __entry->log_new_exec, __entry->tracee_pid,
> > + __print_untrusted_str(tracee_comm)));
Are you OK with this new helper?
> > +
> >
>
next prev parent reply other threads:[~2026-04-07 13:00 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-06 14:36 [PATCH v2 00/17] Landlock tracepoints Mickaël Salaün
2026-04-06 14:36 ` [PATCH v2 01/17] landlock: Prepare ruleset and domain type split Mickaël Salaün
2026-04-06 14:37 ` [PATCH v2 02/17] landlock: Move domain query functions to domain.c Mickaël Salaün
2026-04-06 14:37 ` [PATCH v2 03/17] landlock: Split struct landlock_domain from struct landlock_ruleset Mickaël Salaün
2026-04-06 14:37 ` [PATCH v2 04/17] landlock: Split denial logging from audit into common framework Mickaël Salaün
2026-04-06 14:37 ` [PATCH v2 05/17] tracing: Add __print_untrusted_str() Mickaël Salaün
2026-04-06 14:37 ` [PATCH v2 06/17] landlock: Add create_ruleset and free_ruleset tracepoints Mickaël Salaün
2026-04-06 14:37 ` [PATCH v2 07/17] landlock: Add landlock_add_rule_fs and landlock_add_rule_net tracepoints Mickaël Salaün
2026-04-06 14:37 ` [PATCH v2 08/17] landlock: Add restrict_self and free_domain tracepoints Mickaël Salaün
2026-04-06 14:37 ` [PATCH v2 09/17] landlock: Add tracepoints for rule checking Mickaël Salaün
2026-04-06 14:37 ` [PATCH v2 10/17] landlock: Set audit_net.sk for socket access checks Mickaël Salaün
2026-04-06 14:37 ` [PATCH v2 11/17] landlock: Add landlock_deny_access_fs and landlock_deny_access_net Mickaël Salaün
2026-04-06 14:37 ` [PATCH v2 12/17] landlock: Add tracepoints for ptrace and scope denials Mickaël Salaün
2026-04-06 15:01 ` Steven Rostedt
2026-04-07 13:00 ` Mickaël Salaün [this message]
2026-04-06 14:37 ` [PATCH v2 13/17] selftests/landlock: Add trace event test infrastructure and tests Mickaël Salaün
2026-04-06 14:37 ` [PATCH v2 14/17] selftests/landlock: Add filesystem tracepoint tests Mickaël Salaün
2026-04-06 14:37 ` [PATCH v2 15/17] selftests/landlock: Add network " Mickaël Salaün
2026-04-06 14:37 ` [PATCH v2 16/17] selftests/landlock: Add scope and ptrace " Mickaël Salaün
2026-04-06 14:37 ` [PATCH v2 17/17] landlock: Document tracepoints Mickaël Salaün
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260407.Aesoo2sairai@digikod.net \
--to=mic@digikod.net \
--cc=brauner@kernel.org \
--cc=gnoack@google.com \
--cc=ivanov.mikhail1@huawei-partners.com \
--cc=jannh@google.com \
--cc=jeffxu@google.com \
--cc=kees@kernel.org \
--cc=kernel-team@cloudflare.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linux-trace-kernel@vger.kernel.org \
--cc=m@maowtm.org \
--cc=mathieu.desnoyers@efficios.com \
--cc=matthieu@buffet.re \
--cc=mhiramat@kernel.org \
--cc=rostedt@goodmis.org \
--cc=utilityemal77@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox