From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-oa1-f52.google.com (mail-oa1-f52.google.com [209.85.160.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6088939A7E7 for ; Wed, 1 Jul 2026 06:09:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.160.52 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782886198; cv=none; b=VqGo6gfAm5iUWuKCRSkoBRUzgT/yoffLpX9TkAx3c8OJ3wKcXG+m7URjxNZD9kLxbTPjHAxm5EcoXxQq8Ega3allh0lEZBUwWZI3dsuNC/NmkY73S2NF0/Df8R0AYhPe2QNZN649F2JrCoOSmM7Lv8qqlofFt6VW+PeXC60L7ac= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782886198; c=relaxed/simple; bh=6KbUYY4Kud4/SPqyi3x2WMVAQjlqAWpfU8+H8Iqg4wE=; h=Mime-Version:Content-Type:Date:Message-Id:Cc:Subject:From:To: References:In-Reply-To; b=hXefBCKG4W4W/aeDUjtZWU2ig4liCCe1KyHKccATvSmGPfhLA/PdtGDi2aVjEQEuAbwEHFlMOOjKa09uvgXzZqx5lm7ZH1aN/VqfjO6Tynk3Xb4su+MBET34U49Y4CHMQKrkXExpoIY7J4ki1ZC2xxtMqHvp/CwcACHw92ax06s= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=qPALaJxL; arc=none smtp.client-ip=209.85.160.52 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="qPALaJxL" Received: by mail-oa1-f52.google.com with SMTP id 586e51a60fabf-44847520d7cso168759fac.1 for ; Tue, 30 Jun 2026 23:09:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1782886195; x=1783490995; darn=vger.kernel.org; h=in-reply-to:references:to:from:subject:cc:message-id:date :content-transfer-encoding:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=qHk2CYv9CFjND1DA8+37qjWHNRV+096bhWS2yVE+OC0=; b=qPALaJxL49eCojqqTZcH7dHmncs/Z/anbHriboVoEHKtv72PkXZU0V5uGQaQ2N9wWZ nMp/GCLkq7cY2sl+E5E/scOov1FYElc45jgJ27fx6ejdC8pkUVS1a/0+34DLXzVHEM5j piCjbnymC6RWYRuQmTy/BpHobJ8E4w9cdxFYAabB6zrcMKc/kSO0n/f7+SvPDQPZrjiS pUgYH2ZRd2f4sWpr4eWfGsC7+k7w/cp+wVhGIBw7zI2zt8gmGpcuA03TsTLaqDTNoMN6 JI/BEfzJp4aZSNpJ4DG0p4FeEjjnBQ+gDPdZU1OefWVPcZssIrAYOwE5xiQxMiILwdyY urUg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782886195; x=1783490995; h=in-reply-to:references:to:from:subject:cc:message-id:date :content-transfer-encoding:mime-version:x-gm-gg:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=qHk2CYv9CFjND1DA8+37qjWHNRV+096bhWS2yVE+OC0=; b=SxtUHDle4aIYPUfP2DfyyVPwc32jqJCEEuX3W7rb7BjuRZuPK8bOSr9jurP3tgLLUe M3hWWsr8wAuqqII2kI3LlO3d3LSwVnCUzJjoKiMjKY+aEQQLadPEdTxC7RH1gW3+cA70 CHH7TGubISSPeikMJZgGHuHeNbwKAjeJ1RUk75ktnP8xaOgv77/v5B2YcgPqlqHlyfdb VkM7MAS5HusJlQtbm1RbTV16v5c6AcyjPvVmN9jycEEyp/1+85eWAkbBrGVLwiqr23mH Nf4iJ8WEGkFDVMb64Mpr5sNC0/DPTC0IaaLaHi2LzqaP1uXavroDvp2/oXqzHFNVPGte DMWA== X-Forwarded-Encrypted: i=1; AHgh+RqsYFzeBoviV66xVB3pH9b26WcDUObyXO5FFl3BWoiAHQsc427erp7Dlh2yNgrOeoo99VQ9V/cCKOvuSnR3pGAWuSrg+Sg=@vger.kernel.org X-Gm-Message-State: AOJu0YzOSkja3PeyfOYvGsqoE46g4LK0FXdwsvkR7aniy5qQdDKj6Bv8 vDyU4Ws/D11R1TNVfTIJ7ru3Og0uR56i2BUvG6CO6e5MFB7+ZgU2p6/d X-Gm-Gg: AfdE7ckusFRtgX4y0MVGGGRLyUvlKzbLgAnvRXYBDFZA/TVhz+qV5s0WYz+SeERGPad 8ikwpuj1LEBrWMGwVg1MAy/ymKCJi9x0Rbnaec7MR9iyZfx6h4D/7KP1Hh0i79bozQVA3ASqS1X gLyqiHCUG8J942UxowXEGtwlzBJE/LlP4ro/e5b/bwtG4kjUCixqq2/wuZP7/+76pn6P82km69A W+5QCAGbj7FeM4x0veP593dSCRcDRjpS5/rRxwxX2y06hKn4hTmT0FKUJIZ+jsFWeHCfyvO9qJb v8jSR0mglxu1pY01GCDkEA3jsiTPOPcBl/vxf4Ya8dk1Sgs80B0uuSN3OOOZ5PuAE99q1JXlKe+ Zj/ao1A1SjkOYbJtGPF6dixS40oycDgMvI2bJM7iLLC+soGZqjY0f+Z4BvhkTv7/9GKHiEOp+ZV 7v5A01ok7o1w1TvRey+8lNZ80Yk/HAsmvRnDBB5RRXNF/ZTF32Vqyqp9gYRur+kdBtU3RJJ/wX9 h08LadmY6bpgA== X-Received: by 2002:a05:6870:9e83:b0:43d:5d22:4719 with SMTP id 586e51a60fabf-44cab961fa0mr69097fac.22.1782886195152; Tue, 30 Jun 2026 23:09:55 -0700 (PDT) Received: from localhost ([2a03:2880:10ff::]) by smtp.gmail.com with ESMTPSA id 586e51a60fabf-44c62027e5esm886593fac.9.2026.06.30.23.09.52 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 30 Jun 2026 23:09:54 -0700 (PDT) Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Tue, 30 Jun 2026 23:09:52 -0700 Message-Id: Cc: "Alexei Starovoitov" , "Daniel Borkmann" , "Andrii Nakryiko" , "Martin KaFai Lau" , "Eduard Zingerman" , "Song Liu" , "Yonghong Song" , "John Fastabend" , "KP Singh" , "Jiri Olsa" , "Kumar Kartikeya Dwivedi" , "Emil Tsalapatis" , "Matt Bobrowski" , "James Morris" , "Serge E . Hallyn" , "Casey Schaufler" , "Stephen Smalley" , "Ondrej Mosnacek" , "Mimi Zohar" , "Roberto Sassu" , "Dmitry Kasatkin" , "Eric Snowberg" , "Alexander Viro" , "Christian Brauner" , "Jan Kara" , "Shuah Khan" , , , , , , , Subject: Re: [PATCH v4 bpf-next 2/3] bpf: add bpf_init_inode_xattr kfunc for atomic inode labeling From: "Alexei Starovoitov" To: "Paul Moore" , "David Windsor" X-Mailer: aerc References: <20260630183956.281293-1-dwindsor@gmail.com> <20260630183956.281293-3-dwindsor@gmail.com> In-Reply-To: On Tue Jun 30, 2026 at 12:20 PM PDT, Paul Moore wrote: >> +__bpf_kfunc int bpf_init_inode_xattr(struct lsm_xattrs *xattrs, >> + const char *name__str, >> + const struct bpf_dynptr *value_p) >> +{ >> + struct bpf_dynptr_kern *value_ptr =3D (struct bpf_dynptr_kern *)= value_p; >> + size_t name_len; >> + void *xattr_value; >> + struct xattr *xattr; >> + const void *value; >> + u32 value_len; >> + >> + if (!xattrs || !xattrs->xattrs || !name__str) >> + return -EINVAL; >> + if (bpf_xattrs_used(xattrs) >=3D BPF_LSM_INODE_INIT_XATTRS) >> + return -ENOSPC; >> + >> + name_len =3D strlen(name__str); >> + if (name_len =3D=3D 0 || name_len > XATTR_NAME_MAX) >> + return -EINVAL; >> + if (strncmp(name__str, XATTR_BPF_LSM_SUFFIX, >> + sizeof(XATTR_BPF_LSM_SUFFIX) - 1)) >> + return -EPERM; >> + >> + value_len =3D __bpf_dynptr_size(value_ptr); >> + if (value_len =3D=3D 0 || value_len > XATTR_SIZE_MAX) >> + return -EINVAL; >> + >> + value =3D __bpf_dynptr_data(value_ptr, value_len); >> + if (!value) >> + return -EINVAL; >> + >> + /* Combine xattr value + name into one allocation. */ >> + xattr_value =3D kmalloc(value_len + name_len + 1, GFP_NOFS); >> + if (!xattr_value) >> + return -ENOMEM; >> + >> + memcpy(xattr_value, value, value_len); >> + memcpy(xattr_value + value_len, name__str, name_len); >> + ((char *)xattr_value)[value_len + name_len] =3D '\0'; >> + >> + xattr =3D lsm_get_xattr_slot(xattrs); >> + if (!xattr) { >> + kfree(xattr_value); >> + return -ENOSPC; >> + } >> + >> + xattr->value =3D xattr_value; >> + xattr->name =3D (const char *)xattr_value + value_len; >> + xattr->value_len =3D value_len; >> + >> + return 0; >> +} > > This is not a generic VFS function, it is a LSM specific function, it > belongs under security/, please move the code as discussed previously. Paul, Not quite. It's all about xattrs. Having "struct lsm_xattrs" in the arguments doesn't make it lsm related. You needs to study existing kfuncs and tracepoints. A bunch of them have "*lsm*" in the arguments. All, CI found issues, so this set needs another respin. After that it's hopefully good to go. David, you're on the right track. The patchset is getting close. Thank you for working on it.