Re: [PATCH bpf-next 2/2] selftests/bpf: Extend test fs_kfuncs to cover security.bpf xattr names

From: Christoph Hellwig
Date: Thu Oct 31 2024 - 02:57:15 EST

Next message: Biju Das: "RE: [PATCH 2/2] clk: renesas: cpg-mssr: automate 'soc' node release in cpg_mssr_reserved_init()"
Previous message: alice . guo: "[PATCH v4] soc: imx: Add SoC device register for i.MX9"
In reply to: Song Liu: "Re: [PATCH bpf-next 2/2] selftests/bpf: Extend test fs_kfuncs to cover security.bpf xattr names"
Next in thread: Song Liu: "Re: [PATCH bpf-next 2/2] selftests/bpf: Extend test fs_kfuncs to cover security.bpf xattr names"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Oct 30, 2024 at 08:44:26PM +0000, Song Liu wrote:
> Given bpf kfuncs can read user.* xattrs for almost a year now, I think we
> cannot simply revert it. We already have some users using it.
>
> Instead, we can work on a plan to deprecated it. How about we add a
> WARN_ON_ONCE as part of this patchset, and then remove user.* support
> after some time?

As Christian mentioned having bpf access to user xattrs is probably
not a big issue. OTOH anything that makes security decisions based
on it is probably pretty broken. Not sure how you want to best
handle that.

Next message: Biju Das: "RE: [PATCH 2/2] clk: renesas: cpg-mssr: automate 'soc' node release in cpg_mssr_reserved_init()"
Previous message: alice . guo: "[PATCH v4] soc: imx: Add SoC device register for i.MX9"
In reply to: Song Liu: "Re: [PATCH bpf-next 2/2] selftests/bpf: Extend test fs_kfuncs to cover security.bpf xattr names"
Next in thread: Song Liu: "Re: [PATCH bpf-next 2/2] selftests/bpf: Extend test fs_kfuncs to cover security.bpf xattr names"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]