On Wed, Jul 1, 2026 at 8:55 AM Paul Moore <[email protected]> wrote: > On Wed, Jul 1, 2026 at 2:09 AM Alexei Starovoitov > <[email protected]> wrote: > > On Tue Jun 30, 2026 at 12:20 PM PDT, Paul Moore wrote: > > >> +__bpf_kfunc int bpf_init_inode_xattr(struct lsm_xattrs *xattrs, > > >> + const char *name__str, > > >> + const struct bpf_dynptr *value_p) > > >> +{ > > >> + struct bpf_dynptr_kern *value_ptr = (struct bpf_dynptr_kern > > >> *)value_p; > > >> + size_t name_len; > > >> + void *xattr_value; > > >> + struct xattr *xattr; > > >> + const void *value; > > >> + u32 value_len; > > >> + > > >> + if (!xattrs || !xattrs->xattrs || !name__str) > > >> + return -EINVAL; > > >> + if (bpf_xattrs_used(xattrs) >= BPF_LSM_INODE_INIT_XATTRS) > > >> + return -ENOSPC; > > >> + > > >> + name_len = strlen(name__str); > > >> + if (name_len == 0 || name_len > XATTR_NAME_MAX) > > >> + return -EINVAL; > > >> + if (strncmp(name__str, XATTR_BPF_LSM_SUFFIX, > > >> + sizeof(XATTR_BPF_LSM_SUFFIX) - 1)) > > >> + return -EPERM; > > >> + > > >> + value_len = __bpf_dynptr_size(value_ptr); > > >> + if (value_len == 0 || value_len > XATTR_SIZE_MAX) > > >> + return -EINVAL; > > >> + > > >> + value = __bpf_dynptr_data(value_ptr, value_len); > > >> + if (!value) > > >> + return -EINVAL; > > >> + > > >> + /* Combine xattr value + name into one allocation. */ > > >> + xattr_value = kmalloc(value_len + name_len + 1, GFP_NOFS); > > >> + if (!xattr_value) > > >> + return -ENOMEM; > > >> + > > >> + memcpy(xattr_value, value, value_len); > > >> + memcpy(xattr_value + value_len, name__str, name_len); > > >> + ((char *)xattr_value)[value_len + name_len] = '\0'; > > >> + > > >> + xattr = lsm_get_xattr_slot(xattrs); > > >> + if (!xattr) { > > >> + kfree(xattr_value); > > >> + return -ENOSPC; > > >> + } > > >> + > > >> + xattr->value = xattr_value; > > >> + xattr->name = (const char *)xattr_value + value_len; > > >> + xattr->value_len = value_len; > > >> + > > >> + return 0; > > >> +} > > > > > > This is not a generic VFS function, it is a LSM specific function, it > > > belongs under security/, please move the code as discussed previously. > > > > Paul, > > Not quite. It's all about xattrs. > > Having "struct lsm_xattrs" in the arguments doesn't make it lsm related. > > You needs to study existing kfuncs and tracepoints. > > A bunch of them have "*lsm*" in the arguments. > > Alexei, > > I'm sorry you don't understand the basics of the LSM concept, but > please look at evm_inode_init_security(), xattr_dupval(), and > selinux_inode_init_security() for some background. There should not > be any usage of lsm_get_xattr_slot() or BPF_LSM_INODE_INIT_XATTRS > outside of security/; you argued a similar idea to justify your NACK > of Hornet, I'm simply applying the same logic here. We also have the > very recent security issue caused by the BPF subsystem which failed to > acknowledge that the admin disabled the BPF LSM and then walked all > over kernel memory when it shouldn't. Moving LSM internals outside of > the LSM creates an environment where flaws like this can go > undetected. > > As I said previously, if you absolutely insist on the kfunc being in > the VFS kfunc file, the LSM specific bits need to be abstracted out > into an LSM function. > > kfunc bpf_init_inode_xattr(...) > { > /* sanity check params */ > if (!xattrs ...) > return -EINVAL; > > /* get value/len from bpf dynptr */ > > /* hook will check for LSM specific xattr count/limits, allocate, > copy value*/ > rc = security_lsmxattr_add(xattrs, LSM_ID_BPF, value, value_len); > if (rc) > return rc; > } > > David, if you like I can provide you a patch that implements the > security_lsmxattr_add() hook above if you aren't comfortable writing > that, but if you want to give it a shot that's all the better :)
One other thing - as this patchset is primarily LSM related, it needs to be merged via the LSM tree. If Alexei can't tolerate the LSM tree merging a minor BPF patch he can either choose to pull from an LSM tree topic branch or we can merge the LSM infrastructure bits now and he can merge the BPF changes when the LSM bits hit Linus' tree. -- paul-moore.com

