Re: [PATCH bpf-next 2/2] selftests/bpf: Extend test fs_kfuncs to cover security.bpf xattr names

[Song Liu]

Hi Christoph,

> On Oct 14, 2024, at 11:42 PM, Christoph Hellwig <hch@xxxxxxxxxxxxx> wrote:
> 
> On Tue, Oct 15, 2024 at 05:52:02AM +0000, Song Liu wrote:
>>>> Do you mean user.* xattrs are untrusted (any user can set it), so we 
>>>> should not allow BPF programs to read them? Or do you mean xattr 
>>>> name "user.kfuncs" might be taken by some use space?
>>> 
>>> All of the above.
>> 
>> This is a selftest, "user.kfunc" is picked for this test. The kfuncs
>> (bpf_get_[file|dentry]_xattr) can read any user.* xattrs. 
>> 
>> Reading untrusted xattrs from trust BPF LSM program can be useful. 
>> For example, we can sign a binary with private key, and save the
>> signature in the xattr. Then the kernel can verify the signature
>> and the binary matches the public key.
> 
> I would expect that to be done through an actual privileged interface.
> Taking an arbitrary name that was available for use by user space
> programs for 20 years and now giving it a new meaning is not a good
> idea.

Agreed that using security.bpf xattrs are better for this use case. 
In fact, this patchset adds the support for security.bpf xattrs. 
Support for user.* xattrs were added last year. 

Thanks,
Song