Re: [PATCH bpf-next 2/2] selftests/bpf: Extend test fs_kfuncs to cover security.bpf xattr names

From: Song Liu
Date: Tue Oct 15 2024 - 09:54:27 EST


Hi Christoph,

> On Oct 14, 2024, at 11:42 PM, Christoph Hellwig <hch@xxxxxxxxxxxxx> wrote:
>
> On Tue, Oct 15, 2024 at 05:52:02AM +0000, Song Liu wrote:
>>>> Do you mean user.* xattrs are untrusted (any user can set it), so we
>>>> should not allow BPF programs to read them? Or do you mean xattr
>>>> name "user.kfuncs" might be taken by some use space?
>>>
>>> All of the above.
>>
>> This is a selftest, "user.kfunc" is picked for this test. The kfuncs
>> (bpf_get_[file|dentry]_xattr) can read any user.* xattrs.
>>
>> Reading untrusted xattrs from trust BPF LSM program can be useful.
>> For example, we can sign a binary with private key, and save the
>> signature in the xattr. Then the kernel can verify the signature
>> and the binary matches the public key.
>
> I would expect that to be done through an actual privileged interface.
> Taking an arbitrary name that was available for use by user space
> programs for 20 years and now giving it a new meaning is not a good
> idea.

Agreed that using security.bpf xattrs are better for this use case.
In fact, this patchset adds the support for security.bpf xattrs.
Support for user.* xattrs were added last year.

Thanks,
Song