[v2,bpf-next,4/9] bpf: Add kfunc bpf_get_file_xattr

Message ID	20231023061354.941552-5-song@kernel.org (mailing list archive)
State	Superseded
Headers	show Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0D4E763AB; Mon, 23 Oct 2023 06:14:30 +0000 (UTC) From: Song Liu <song@kernel.org> To: bpf@vger.kernel.org, fsverity@lists.linux.dev Cc: ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org, martin.lau@kernel.org, kernel-team@meta.com, ebiggers@kernel.org, tytso@mit.edu, roberto.sassu@huaweicloud.com, Song Liu <song@kernel.org> Subject: [PATCH v2 bpf-next 4/9] bpf: Add kfunc bpf_get_file_xattr Date: Sun, 22 Oct 2023 23:13:49 -0700 Message-Id: <20231023061354.941552-5-song@kernel.org> In-Reply-To: <20231023061354.941552-1-song@kernel.org> References: <20231023061354.941552-1-song@kernel.org> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	bpf: File verification with LSM and fsverity \| expand [v2,bpf-next,0/9] bpf: File verification with LSM and fsverity [v2,bpf-next,1/9] bpf: Expose bpf_dynptr_slice* kfuncs for in kernel use [v2,bpf-next,2/9] bpf: Factor out helper check_reg_const_str() [v2,bpf-next,3/9] bpf: Introduce KF_ARG_PTR_TO_CONST_STR [v2,bpf-next,4/9] bpf: Add kfunc bpf_get_file_xattr [v2,bpf-next,5/9] bpf, fsverity: Add kfunc bpf_get_fsverity_digest [v2,bpf-next,6/9] Documentation/bpf: Add documentation for filesystem kfuncs [v2,bpf-next,7/9] selftests/bpf: Sort config in alphabetic order [v2,bpf-next,8/9] selftests/bpf: Add tests for filesystem kfuncs [v2,bpf-next,9/9] selftests/bpf: Add test that use fsverity and xattr to sign a file

Message ID

20231023061354.941552-5-song@kernel.org (mailing list archive)

State

Superseded

Headers

From: Song Liu <song@kernel.org>
To: bpf@vger.kernel.org,
	fsverity@lists.linux.dev
Cc: ast@kernel.org,
	daniel@iogearbox.net,
	andrii@kernel.org,
	martin.lau@kernel.org,
	kernel-team@meta.com,
	ebiggers@kernel.org,
	tytso@mit.edu,
	roberto.sassu@huaweicloud.com,
	Song Liu <song@kernel.org>
Subject: [PATCH v2 bpf-next 4/9] bpf: Add kfunc bpf_get_file_xattr
Date: Sun, 22 Oct 2023 23:13:49 -0700
Message-Id: <20231023061354.941552-5-song@kernel.org>
In-Reply-To: <20231023061354.941552-1-song@kernel.org>
References: <20231023061354.941552-1-song@kernel.org>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

bpf: File verification with LSM and fsverity | expand

Commit Message

Song Liu Oct. 23, 2023, 6:13 a.m. UTC

This kfunc can be used to read xattr of a file. To avoid recursion, only
allow calling this kfunc from LSM hooks.

Signed-off-by: Song Liu <song@kernel.org>
---
 kernel/trace/bpf_trace.c | 56 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 56 insertions(+)

Comments

KP Singh Nov. 2, 2023, 1:27 a.m. UTC | #1

On Mon, Oct 23, 2023 at 8:14 AM Song Liu <song@kernel.org> wrote:
>
> This kfunc can be used to read xattr of a file. To avoid recursion, only
> allow calling this kfunc from LSM hooks.

I think this needs a bit more explanation in the commit message (some
details on what it could be used for, we can explain the use case
about persistent LSM policy and LSM signatures with FSVerity). I know
you add a selftest but some more details in the commit message would
help.

What about adding the KF_TRUSTED_ARGS for the kfunc?



>
> Signed-off-by: Song Liu <song@kernel.org>
> ---
>  kernel/trace/bpf_trace.c | 56 ++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 56 insertions(+)
>
> diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
> index 43ed45a83ee2..4178d0e339d3 100644
> --- a/kernel/trace/bpf_trace.c
> +++ b/kernel/trace/bpf_trace.c
> @@ -24,6 +24,7 @@
>  #include <linux/key.h>
>  #include <linux/verification.h>
>  #include <linux/namei.h>
> +#include <linux/fileattr.h>
>
>  #include <net/bpf_sk_storage.h>
>
> @@ -1436,6 +1437,61 @@ static int __init bpf_key_sig_kfuncs_init(void)
>  late_initcall(bpf_key_sig_kfuncs_init);
>  #endif /* CONFIG_KEYS */
>
> +/* filesystem kfuncs */
> +__diag_push();
> +__diag_ignore_all("-Wmissing-prototypes",
> +                 "kfuncs which will be used in BPF programs");
> +
> +/**
> + * bpf_get_file_xattr - get xattr of a file
> + * @file: file to get xattr from
> + * @name__const_str: name of the xattr
> + * @value_ptr: output buffer of the xattr value
> + *
> + * Get xattr *name__const_str* of *file* and store the output in *value_ptr*.
> + *
> + * Return: 0 on success, a negative value on error.
> + */
> +__bpf_kfunc int bpf_get_file_xattr(struct file *file, const char *name__const_str,
> +                                  struct bpf_dynptr_kern *value_ptr)
> +{
> +       struct dentry *dentry;
> +       void *value;
> +
> +       value = bpf_dynptr_slice_rdwr(value_ptr, 0, NULL, 0);
> +       if (IS_ERR_OR_NULL(value))
> +               return PTR_ERR(value);
> +
> +       dentry = file_dentry(file);
> +       return __vfs_getxattr(dentry, dentry->d_inode, name__const_str,
> +                             value, __bpf_dynptr_size(value_ptr));
> +}
> +
> +__diag_pop();
> +
> +static int bpf_get_file_xattr_filter(const struct bpf_prog *prog, u32 kfunc_id)
> +{
> +       /* Only allow to attach from LSM hooks, to avoid recursion */
> +       return prog->type != BPF_PROG_TYPE_LSM ? -EACCES : 0;
> +}
> +
> +BTF_SET8_START(fs_kfunc_set)
> +BTF_ID_FLAGS(func, bpf_get_file_xattr, KF_SLEEPABLE)
> +BTF_SET8_END(fs_kfunc_set)
> +
> +const struct btf_kfunc_id_set bpf_fs_kfunc_set = {
> +       .owner = THIS_MODULE,
> +       .set = &fs_kfunc_set,
> +       .filter = bpf_get_file_xattr_filter,
> +};
> +
> +static int __init bpf_fs_kfuncs_init(void)
> +{
> +       return register_btf_kfunc_id_set(BPF_PROG_TYPE_LSM, &bpf_fs_kfunc_set);
> +}
> +
> +late_initcall(bpf_fs_kfuncs_init);
> +
>  static const struct bpf_func_proto *
>  bpf_tracing_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
>  {
> --
> 2.34.1
>
>

Song Liu Nov. 2, 2023, 6:43 a.m. UTC | #2

On Wed, Nov 1, 2023 at 6:27 PM KP Singh <kpsingh@kernel.org> wrote:
>
> On Mon, Oct 23, 2023 at 8:14 AM Song Liu <song@kernel.org> wrote:
> >
> > This kfunc can be used to read xattr of a file. To avoid recursion, only
> > allow calling this kfunc from LSM hooks.
>
> I think this needs a bit more explanation in the commit message (some
> details on what it could be used for, we can explain the use case
> about persistent LSM policy and LSM signatures with FSVerity). I know
> you add a selftest but some more details in the commit message would
> help.

Sure, I will add a short description here.

> What about adding the KF_TRUSTED_ARGS for the kfunc?

Yeah, I was thinking about this. Adding it to the next version.

Thanks,
Song

[...]

diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
index 43ed45a83ee2..4178d0e339d3 100644
--- a/kernel/trace/bpf_trace.c
+++ b/kernel/trace/bpf_trace.c
@@ -24,6 +24,7 @@ 
 #include <linux/key.h>
 #include <linux/verification.h>
 #include <linux/namei.h>
+#include <linux/fileattr.h>
 
 #include <net/bpf_sk_storage.h>
 
@@ -1436,6 +1437,61 @@  static int __init bpf_key_sig_kfuncs_init(void)
 late_initcall(bpf_key_sig_kfuncs_init);
 #endif /* CONFIG_KEYS */
 
+/* filesystem kfuncs */
+__diag_push();
+__diag_ignore_all("-Wmissing-prototypes",
+		  "kfuncs which will be used in BPF programs");
+
+/**
+ * bpf_get_file_xattr - get xattr of a file
+ * @file: file to get xattr from
+ * @name__const_str: name of the xattr
+ * @value_ptr: output buffer of the xattr value
+ *
+ * Get xattr *name__const_str* of *file* and store the output in *value_ptr*.
+ *
+ * Return: 0 on success, a negative value on error.
+ */
+__bpf_kfunc int bpf_get_file_xattr(struct file *file, const char *name__const_str,
+				   struct bpf_dynptr_kern *value_ptr)
+{
+	struct dentry *dentry;
+	void *value;
+
+	value = bpf_dynptr_slice_rdwr(value_ptr, 0, NULL, 0);
+	if (IS_ERR_OR_NULL(value))
+		return PTR_ERR(value);
+
+	dentry = file_dentry(file);
+	return __vfs_getxattr(dentry, dentry->d_inode, name__const_str,
+			      value, __bpf_dynptr_size(value_ptr));
+}
+
+__diag_pop();
+
+static int bpf_get_file_xattr_filter(const struct bpf_prog *prog, u32 kfunc_id)
+{
+	/* Only allow to attach from LSM hooks, to avoid recursion */
+	return prog->type != BPF_PROG_TYPE_LSM ? -EACCES : 0;
+}
+
+BTF_SET8_START(fs_kfunc_set)
+BTF_ID_FLAGS(func, bpf_get_file_xattr, KF_SLEEPABLE)
+BTF_SET8_END(fs_kfunc_set)
+
+const struct btf_kfunc_id_set bpf_fs_kfunc_set = {
+	.owner = THIS_MODULE,
+	.set = &fs_kfunc_set,
+	.filter = bpf_get_file_xattr_filter,
+};
+
+static int __init bpf_fs_kfuncs_init(void)
+{
+	return register_btf_kfunc_id_set(BPF_PROG_TYPE_LSM, &bpf_fs_kfunc_set);
+}
+
+late_initcall(bpf_fs_kfuncs_init);
+
 static const struct bpf_func_proto *
 bpf_tracing_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
 {

[v2,bpf-next,4/9] bpf: Add kfunc bpf_get_file_xattr

Commit Message

Comments

Patch