Introduce bpf_kern_path and bpf_path_put #6427
Open
+422
−12
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Author
|
Upstream branch: 688b745 |
kernel-patches-daemon-bpf-rc
bot
force-pushed
the
bpf-next_base
branch
from
8c83cb5 to
f015201
Compare
Author
|
Upstream branch: 19f4091 |
kernel-patches-daemon-bpf-rc
bot
force-pushed
the
series/1028078=>bpf-next
branch
from
5f7b35f to
f988457
Compare
kernel-patches-daemon-bpf-rc
bot
force-pushed
the
bpf-next_base
branch
from
f015201 to
884c5bc
Compare
Author
|
Upstream branch: bd5bdd2 |
kernel-patches-daemon-bpf-rc
bot
force-pushed
the
series/1028078=>bpf-next
branch
from
f988457 to
5f837d9
Compare
kernel-patches-daemon-bpf-rc
bot
force-pushed
the
bpf-next_base
branch
from
884c5bc to
4355736
Compare
Author
|
Upstream branch: 34235a3 |
kernel-patches-daemon-bpf-rc
bot
force-pushed
the
series/1028078=>bpf-next
branch
from
5f837d9 to
fd3d858
Compare
kernel-patches-daemon-bpf-rc
bot
force-pushed
the
bpf-next_base
branch
from
4355736 to
5bece43
Compare
Author
|
Upstream branch: c1af446 |
kernel-patches-daemon-bpf-rc
bot
force-pushed
the
series/1028078=>bpf-next
branch
from
fd3d858 to
74fc5a4
Compare
kernel-patches-daemon-bpf-rc
bot
force-pushed
the
bpf-next_base
branch
from
5bece43 to
52f5a27
Compare
Let the BPF verifier to recognize const char * arguments from LSM hooks (and other BPF program types) as valid const string pointers that can be passed to kfuncs expecting KF_ARG_PTR_TO_CONST_STR. Previously, kfuncs with KF_ARG_PTR_TO_CONST_STR only accepted PTR_TO_MAP_VALUE from readonly maps. This was limiting for LSM programs that receive const char * arguments from hooks like sb_mount's dev_name. Signed-off-by: Song Liu <[email protected]>
Author
|
Upstream branch: ff34657 |
Add two new kfuncs to fs/bpf_fs_kfuncs.c that wrap kern_path() for use
by BPF LSM programs:
bpf_kern_path():
- Resolves a pathname string to a struct path
- Allocates memory for the path structure
- Returns NULL on error or if the path doesn't exist
- Marked with KF_ACQUIRE | KF_SLEEPABLE | KF_RET_NULL
bpf_path_put():
- Releases the path reference and frees the allocated memory
- Marked with KF_RELEASE to enforce acquire/release semantics
These kfuncs enable BPF LSM programs to resolve pathnames provided by
hook arguments (e.g., dev_name from sb_mount) and validate or inspect
the resolved paths. The verifier enforces proper resource management
through acquire/release tracking.
Example usage:
struct path *p = bpf_kern_path("/etc/passwd", LOOKUP_FOLLOW);
if (p) {
// Use the path...
bpf_path_put(p); // Must release
}
Signed-off-by: Song Liu <[email protected]>
Add comprehensive selftests for the new bpf_kern_path and bpf_path_put
kfuncs:
1. Functional tests (prog_tests/kern_path.c, progs/test_kern_path.c):
- test_kern_path_basic: Tests successful path resolution using
/proc/self/exe and validates the resolved path with bpf_path_d_path
- test_kern_path_sb_mount: Tests bpf_kern_path with dynamic input
from LSM hook parameter (dev_name from sb_mount), demonstrating
real-world usage where BPF programs resolve paths from hook args
2. Verifier success tests (progs/verifier_kern_path.c):
- kern_path_success: Proper acquire -> use -> release pattern
- kern_path_multiple_paths: Multiple concurrent path acquisitions
3. Verifier failure tests (progs/verifier_kern_path_fail.c):
- kern_path_unreleased: Resource leak detection
- path_put_unacquired: Releasing unacquired path
- path_use_after_put: Use-after-free detection
- double_path_put: Double-free detection
- kern_path_non_lsm: Program type restrictions (LSM only)
- kern_path_non_const_str: reject none const string
These tests verify both the functionality of the kfuncs and that the
verifier properly enforces acquire/release semantics to prevent
resource leaks.
Signed-off-by: Song Liu <[email protected]>
kernel-patches-daemon-bpf-rc
bot
force-pushed
the
series/1028078=>bpf-next
branch
from
74fc5a4 to
95bbfd6
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Pull request for series with
subject: Introduce bpf_kern_path and bpf_path_put
version: 1
url: https://patchwork.kernel.org/project/netdevbpf/list/?series=1028078