[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <0DB83868-0049-40E3-8E62-0D8D913CB9CB@fb.com>
Date: Tue, 15 Oct 2024 05:21:48 +0000
From: Song Liu <songliubraving@...a.com>
To: Christoph Hellwig <hch@...radead.org>
CC: Song Liu <song@...nel.org>, bpf <bpf@...r.kernel.org>,
Linux-Fsdevel
<linux-fsdevel@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>,
Kernel
Team <kernel-team@...a.com>,
Andrii Nakryiko <andrii@...nel.org>,
Eduard
Zingerman <eddyz87@...il.com>,
Alexei Starovoitov <ast@...nel.org>,
Daniel
Borkmann <daniel@...earbox.net>,
Martin KaFai Lau <martin.lau@...ux.dev>,
Al
Viro <viro@...iv.linux.org.uk>,
Christian Brauner <brauner@...nel.org>, Jan
Kara <jack@...e.cz>,
KP Singh <kpsingh@...nel.org>,
Matt Bobrowski
<mattbobrowski@...gle.com>
Subject: Re: [PATCH bpf-next 2/2] selftests/bpf: Extend test fs_kfuncs to
cover security.bpf xattr names
Hi Christoph,
> On Oct 14, 2024, at 10:07 PM, Christoph Hellwig <hch@...radead.org> wrote:
>
> On Wed, Oct 02, 2024 at 02:46:37PM -0700, Song Liu wrote:
>> Extend test_progs fs_kfuncs to cover different xattr names. Specifically:
>> xattr name "user.kfuncs", "security.bpf", and "security.bpf.xxx" can be
>> read from BPF program with kfuncs bpf_get_[file|dentry]_xattr(); while
>> "security.bpfxxx" and "security.selinux" cannot be read.
>
> So you read code from untrusted user.* xattrs? How can you carve out
> that space and not known any pre-existing userspace cod uses kfuncs
> for it's own purpose?
I don't quite follow the comment here.
Do you mean user.* xattrs are untrusted (any user can set it), so we
should not allow BPF programs to read them? Or do you mean xattr
name "user.kfuncs" might be taken by some use space?
Thanks,
Song
Powered by blists - more mailing lists