From nobody Sat Feb 7 16:00:16 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B2F78268C73; Tue, 3 Jun 2025 06:59:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748933977; cv=none; b=pRShydMYftUj7f32QNlbhQDVQR0NOKdIUj1Ymazx8sjN90SDIOQnd9wD9gFAaubd6cpwSi2jg1mh2GB07tYPGiD0dlQxQ40LFOFVJBJjdutDf6l9Unln2Tf29MuEee/Rxg4ZmOlfbRudXEqzB4KkekuSVKuob2X/86lxuHOiCOo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748933977; c=relaxed/simple; bh=gYgctafhNOcX+plQIUV39B4VlTOC095ErEoqwaKakQE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=WuRSeY7d/PVdxf7vy/+48FZ0QaEaGGxOq964aInR9/q9NGlquXrlA+RuoHzcEA+wFFMA/vrT9RQDO5+oPouzi/PIVC8ii/ZeJR9sTiT5zvivMcYfpR846YhuQaGOeVNqO2dYiNf0yBp4D4F1fjtce8lzi6QYrqP03J2p69SsM08= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=JoErlSRx; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="JoErlSRx" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 04BEEC4CEF2; Tue, 3 Jun 2025 06:59:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1748933977; bh=gYgctafhNOcX+plQIUV39B4VlTOC095ErEoqwaKakQE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=JoErlSRxr0rJlfDIkSQeQaOff/ryeJFuZx4Q4Ll5o9A/cdjQziu2/ymAED7UnNMzb N1tK78e8XfaC1UsGdw5YwW86mytUzlbrbxWhs1mbYW59VmVdux93O8ODM2qGhhwANX k5BPw87TUaQ2kLYyMZok9r91siWHaKIL/9ULti43dYXZeVhzDy4w1gdIUylqRQeSWc waUPiHPu4SM5fRGvqW62GxoDRsXINVjGpBx7l//+YmXzT0nvQiCjsDtzlgH4hNwewT 2hY4IxTq9THows0CHfDAdm8GaIm0DD4HxwF5TrqfcS7MgJT2CIIQ0YRiLcytwZwNfG r/YSYezO0DQ0A== From: Song Liu To: bpf@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org Cc: kernel-team@meta.com, andrii@kernel.org, eddyz87@gmail.com, ast@kernel.org, daniel@iogearbox.net, martin.lau@linux.dev, viro@zeniv.linux.org.uk, brauner@kernel.org, jack@suse.cz, kpsingh@kernel.org, mattbobrowski@google.com, amir73il@gmail.com, repnop@google.com, jlayton@kernel.org, josef@toxicpanda.com, mic@digikod.net, gnoack@google.com, m@maowtm.org, Song Liu Subject: [PATCH v2 bpf-next 1/4] namei: Introduce new helper function path_walk_parent() Date: Mon, 2 Jun 2025 23:59:17 -0700 Message-ID: <20250603065920.3404510-2-song@kernel.org> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250603065920.3404510-1-song@kernel.org> References: <20250603065920.3404510-1-song@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" This helper walks an input path to its parent. Logic are added to handle walking across mount tree. This will be used by landlock, and BPF LSM. Signed-off-by: Song Liu --- fs/namei.c | 52 +++++++++++++++++++++++++++++++++++++++++++ include/linux/namei.h | 2 ++ 2 files changed, 54 insertions(+) diff --git a/fs/namei.c b/fs/namei.c index 4bb889fc980b..7d5bf2bb604f 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -1424,6 +1424,58 @@ static bool choose_mountpoint(struct mount *m, const= struct path *root, return found; } =20 +/** + * path_walk_parent - Walk to the parent of path + * @path: input and output path. + * @root: root of the path walk, do not go beyond this root. If @root is + * zero'ed, walk all the way to real root. + * + * Given a path, find the parent path. Replace @path with the parent path. + * If we were already at the real root or a disconnected root, @path is + * not changed. + * + * The logic of path_walk_parent() is similar to follow_dotdot(), except + * that path_walk_parent() will continue walking for !path_connected case. + * This effectively means we are walking from disconnectedbind mount to the + * original mount point. If this behavior is not desired, the caller can + * add a check like: + * + * if (path_walk_parent(&path) && !path_connected(path.mnt, path.dentry) + * // continue walking + * else + * // stop walking + * + * Returns: + * true - if @path is updated to its parent. + * false - if @path is already the root (real root or @root). + */ +bool path_walk_parent(struct path *path, const struct path *root) +{ + struct dentry *parent; + + if (path_equal(path, root)) + return false; + + if (unlikely(path->dentry =3D=3D path->mnt->mnt_root)) { + struct path p; + + if (!choose_mountpoint(real_mount(path->mnt), root, &p)) + return false; + path_put(path); + *path =3D p; + return true; + } + + if (unlikely(IS_ROOT(path->dentry))) + return false; + + parent =3D dget_parent(path->dentry); + dput(path->dentry); + path->dentry =3D parent; + return true; +} +EXPORT_SYMBOL_GPL(path_walk_parent); + /* * Perform an automount * - return -EISDIR to tell follow_managed() to stop and return the path we diff --git a/include/linux/namei.h b/include/linux/namei.h index 5d085428e471..cba5373ecf86 100644 --- a/include/linux/namei.h +++ b/include/linux/namei.h @@ -85,6 +85,8 @@ extern int follow_down_one(struct path *); extern int follow_down(struct path *path, unsigned int flags); extern int follow_up(struct path *); =20 +bool path_walk_parent(struct path *path, const struct path *root); + extern struct dentry *lock_rename(struct dentry *, struct dentry *); extern struct dentry *lock_rename_child(struct dentry *, struct dentry *); extern void unlock_rename(struct dentry *, struct dentry *); --=20 2.47.1 From nobody Sat Feb 7 16:00:16 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 150C52686A0; Tue, 3 Jun 2025 06:59:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748933984; cv=none; b=VhaQT/aI9CVAa8CDqb17KGt9EKIAnk+5ea//njmabTWFngpE4mZFSUB0vA7wI0FHxdqZlLRsD3CdYSkxoQJPC1NkE07UdNR16SPCD8KB9WVHK0hlxp3gVkySzGbSmV6UPXcZAnuNPFYRCyXezW/oyOIKmJ0XGCvPkhh49JJFQK4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748933984; c=relaxed/simple; bh=r6SeHhJh7cN3udLApUOE4uIsJst1l3j9wVKO2KszBrc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=kMRrtxSF7laILyDJ6mgW9yxN53EEThKKYJ8TU0fl9w0iGZXbfOvkuW2Q35GPaVrc9sUbUozS/XjY9oAL3aNqNnUikrebpsyFfZeaerm0yVaFKCfzmtFXqgzCa45NRnQgxPJq3ob9srwC5UgMefbnpD8fGAnnxCKKpi9cuRXKz8c= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=UfJjUnqt; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="UfJjUnqt" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3ABA2C4CEED; Tue, 3 Jun 2025 06:59:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1748933983; bh=r6SeHhJh7cN3udLApUOE4uIsJst1l3j9wVKO2KszBrc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=UfJjUnqtzvnXZNj6xU4dK/JeePuGv88lHEiSmLnzkXsjklSsXGBQIRYIK6iUnmVEC vYH4UeFJKrCGA9QGTLQWvPjj+g38KZZ4mFOpHptHmSBPLQPo6wer+fQY/nsMHONWys nqLs/5bynRKzdhLwPMu9DU2k1wHz/cTNPJo5jlqWO382XCU/fZHps87wuhS6I5geK0 +fj7oApf4+3f4b3QAH+9FqV5Ez1kEa3CayFw7J4SPRmjUKI85DKL9953bB51dT+wvm 5hCfaKz5gqu/O/+idTKTdqS0vjOxegZtd81fuYp69FURez7qwskFxvy2FezoaIVmMU TNc63pm/Y+exQ== From: Song Liu To: bpf@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org Cc: kernel-team@meta.com, andrii@kernel.org, eddyz87@gmail.com, ast@kernel.org, daniel@iogearbox.net, martin.lau@linux.dev, viro@zeniv.linux.org.uk, brauner@kernel.org, jack@suse.cz, kpsingh@kernel.org, mattbobrowski@google.com, amir73il@gmail.com, repnop@google.com, jlayton@kernel.org, josef@toxicpanda.com, mic@digikod.net, gnoack@google.com, m@maowtm.org, Song Liu Subject: [PATCH v2 bpf-next 2/4] landlock: Use path_walk_parent() Date: Mon, 2 Jun 2025 23:59:18 -0700 Message-ID: <20250603065920.3404510-3-song@kernel.org> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250603065920.3404510-1-song@kernel.org> References: <20250603065920.3404510-1-song@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Use path_walk_parent() to walk a path up to its parent. No functional changes intended. Signed-off-by: Song Liu --- security/landlock/fs.c | 31 ++++++++++--------------------- 1 file changed, 10 insertions(+), 21 deletions(-) diff --git a/security/landlock/fs.c b/security/landlock/fs.c index 6fee7c20f64d..3adac544dc9e 100644 --- a/security/landlock/fs.c +++ b/security/landlock/fs.c @@ -837,8 +837,8 @@ static bool is_access_to_paths_allowed( * restriction. */ while (true) { - struct dentry *parent_dentry; const struct landlock_rule *rule; + struct path root =3D {}; =20 /* * If at least all accesses allowed on the destination are @@ -895,34 +895,23 @@ static bool is_access_to_paths_allowed( /* Stops when a rule from each layer grants access. */ if (allowed_parent1 && allowed_parent2) break; -jump_up: - if (walker_path.dentry =3D=3D walker_path.mnt->mnt_root) { - if (follow_up(&walker_path)) { - /* Ignores hidden mount points. */ - goto jump_up; - } else { - /* - * Stops at the real root. Denies access - * because not all layers have granted access. - */ - break; - } - } + + if (path_walk_parent(&walker_path, &root)) + continue; + if (unlikely(IS_ROOT(walker_path.dentry))) { /* - * Stops at disconnected root directories. Only allows - * access to internal filesystems (e.g. nsfs, which is - * reachable through /proc//ns/). + * Stops at disconnected or real root directories. + * Only allows access to internal filesystems + * (e.g. nsfs, which is reachable through + * /proc//ns/). */ if (walker_path.mnt->mnt_flags & MNT_INTERNAL) { allowed_parent1 =3D true; allowed_parent2 =3D true; } - break; } - parent_dentry =3D dget_parent(walker_path.dentry); - dput(walker_path.dentry); - walker_path.dentry =3D parent_dentry; + break; } path_put(&walker_path); =20 --=20 2.47.1 From nobody Sat Feb 7 16:00:16 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4CADD268C6F; Tue, 3 Jun 2025 06:59:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748933990; cv=none; b=cPCWzFToaTJFa9bsH9g6L1ZW6GFIF7l6O9ouffUzdwm6uBzvusbqAVLGCQq4cNU9uefsK97sCx30ZjsL0/azgP28Bx1IFATbW4Ashs+p+3lUQhl/NeipyvA/VI2UEdbqEqg34qgPtom34e2hf2/u8QH2OaDuRMzMRSQpjLDK7Cw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748933990; c=relaxed/simple; bh=D1DJb4SnUrqB3p+41jAzsi+WoB7vPnyoNcQiK6Opy5w=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=pvBzhW0LiPYG/JsJiOtr1ha+OgdIx+ybyvmvCnpeKeY/Ca9dwDnbyH4ZWtDAhH6Lu5QKq5PjRQZqa/qCPOcHiJd/6yxnV83xIohICrIrr8b7+k3lJW3iloLejKuTU4knrHtHwC4XpBrHZJSH0+PJ3Zzbf+hgg/Wi2jVbsLFLGzs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=ekutbj59; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="ekutbj59" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8D88EC4CEED; Tue, 3 Jun 2025 06:59:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1748933989; bh=D1DJb4SnUrqB3p+41jAzsi+WoB7vPnyoNcQiK6Opy5w=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ekutbj59Zl137NBCNx+l2QdKyupFi173NhNpFGfdiAWf+rt5Dii7sOiDV9D0QQAa3 +UsSoWijbSV0zEYneE9uYhfr0P38JgBfaG0FIgng255cuS15MG8d7AFIAsjjJl4lc3 OFNu4aixNU7TqrG4FBjNoEAoNcpMk0PlabDPqVPertK6/zc5rDgYPWcuKvBR2xq+QL bNfnHzleFJhn1fkmXixlInk6puxJIHlNVUT+UuWjEyaDbQDJnez+gGWCnP5dQC4yH2 Y9ky/bUKH/Ga7H3QjtmWlwniW7A/440X7WZzqdAeVXeWwADk4qiPUWfk5Hm14FbCqL EnVrXiWUesC1w== From: Song Liu To: bpf@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org Cc: kernel-team@meta.com, andrii@kernel.org, eddyz87@gmail.com, ast@kernel.org, daniel@iogearbox.net, martin.lau@linux.dev, viro@zeniv.linux.org.uk, brauner@kernel.org, jack@suse.cz, kpsingh@kernel.org, mattbobrowski@google.com, amir73il@gmail.com, repnop@google.com, jlayton@kernel.org, josef@toxicpanda.com, mic@digikod.net, gnoack@google.com, m@maowtm.org, Song Liu Subject: [PATCH v2 bpf-next 3/4] bpf: Introduce path iterator Date: Mon, 2 Jun 2025 23:59:19 -0700 Message-ID: <20250603065920.3404510-4-song@kernel.org> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250603065920.3404510-1-song@kernel.org> References: <20250603065920.3404510-1-song@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Introduce a path iterator, which reliably walk a struct path toward the root. This path iterator is based on path_walk_parent. A fixed zero'ed root is passed to path_walk_parent(). Therefore, unless the user terminates it earlier, the iterator will terminate at the real root. Signed-off-by: Song Liu --- kernel/bpf/Makefile | 1 + kernel/bpf/helpers.c | 3 +++ kernel/bpf/path_iter.c | 58 ++++++++++++++++++++++++++++++++++++++++++ kernel/bpf/verifier.c | 5 ++++ 4 files changed, 67 insertions(+) create mode 100644 kernel/bpf/path_iter.c diff --git a/kernel/bpf/Makefile b/kernel/bpf/Makefile index 3a335c50e6e3..454a650d934e 100644 --- a/kernel/bpf/Makefile +++ b/kernel/bpf/Makefile @@ -56,6 +56,7 @@ obj-$(CONFIG_BPF_SYSCALL) +=3D kmem_cache_iter.o ifeq ($(CONFIG_DMA_SHARED_BUFFER),y) obj-$(CONFIG_BPF_SYSCALL) +=3D dmabuf_iter.o endif +obj-$(CONFIG_BPF_SYSCALL) +=3D path_iter.o =20 CFLAGS_REMOVE_percpu_freelist.o =3D $(CC_FLAGS_FTRACE) CFLAGS_REMOVE_bpf_lru_list.o =3D $(CC_FLAGS_FTRACE) diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c index b71e428ad936..b190c78e40f6 100644 --- a/kernel/bpf/helpers.c +++ b/kernel/bpf/helpers.c @@ -3397,6 +3397,9 @@ BTF_ID_FLAGS(func, bpf_iter_dmabuf_next, KF_ITER_NEXT= | KF_RET_NULL | KF_SLEEPAB BTF_ID_FLAGS(func, bpf_iter_dmabuf_destroy, KF_ITER_DESTROY | KF_SLEEPABLE) #endif BTF_ID_FLAGS(func, __bpf_trap) +BTF_ID_FLAGS(func, bpf_iter_path_new, KF_ITER_NEW | KF_SLEEPABLE) +BTF_ID_FLAGS(func, bpf_iter_path_next, KF_ITER_NEXT | KF_RET_NULL | KF_SLE= EPABLE) +BTF_ID_FLAGS(func, bpf_iter_path_destroy, KF_ITER_DESTROY | KF_SLEEPABLE) BTF_KFUNCS_END(common_btf_ids) =20 static const struct btf_kfunc_id_set common_kfunc_set =3D { diff --git a/kernel/bpf/path_iter.c b/kernel/bpf/path_iter.c new file mode 100644 index 000000000000..0d972ec84beb --- /dev/null +++ b/kernel/bpf/path_iter.c @@ -0,0 +1,58 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* Copyright (c) 2025 Meta Platforms, Inc. and affiliates. */ +#include +#include +#include +#include + +/* open-coded iterator */ +struct bpf_iter_path { + __u64 __opaque[3]; +} __aligned(8); + +struct bpf_iter_path_kern { + struct path path; + __u64 flags; +} __aligned(8); + +__bpf_kfunc_start_defs(); + +__bpf_kfunc int bpf_iter_path_new(struct bpf_iter_path *it, + struct path *start, + __u64 flags) +{ + struct bpf_iter_path_kern *kit =3D (void *)it; + + BUILD_BUG_ON(sizeof(*kit) > sizeof(*it)); + BUILD_BUG_ON(__alignof__(*kit) !=3D __alignof__(*it)); + + if (flags) { + memset(&kit->path, 0, sizeof(struct path)); + return -EINVAL; + } + + kit->path =3D *start; + path_get(&kit->path); + kit->flags =3D flags; + + return 0; +} + +__bpf_kfunc struct path *bpf_iter_path_next(struct bpf_iter_path *it) +{ + struct bpf_iter_path_kern *kit =3D (void *)it; + struct path root =3D {}; + + if (!path_walk_parent(&kit->path, &root)) + return NULL; + return &kit->path; +} + +__bpf_kfunc void bpf_iter_path_destroy(struct bpf_iter_path *it) +{ + struct bpf_iter_path_kern *kit =3D (void *)it; + + path_put(&kit->path); +} + +__bpf_kfunc_end_defs(); diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index a7d6e0c5928b..45b45cdfb223 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -7036,6 +7036,10 @@ BTF_TYPE_SAFE_TRUSTED_OR_NULL(struct socket) { struct sock *sk; }; =20 +BTF_TYPE_SAFE_TRUSTED_OR_NULL(struct path) { + struct dentry *dentry; +}; + static bool type_is_rcu(struct bpf_verifier_env *env, struct bpf_reg_state *reg, const char *field_name, u32 btf_id) @@ -7076,6 +7080,7 @@ static bool type_is_trusted_or_null(struct bpf_verifi= er_env *env, const char *field_name, u32 btf_id) { BTF_TYPE_EMIT(BTF_TYPE_SAFE_TRUSTED_OR_NULL(struct socket)); + BTF_TYPE_EMIT(BTF_TYPE_SAFE_TRUSTED_OR_NULL(struct path)); =20 return btf_nested_type_is_trusted(&env->log, reg, field_name, btf_id, "__safe_trusted_or_null"); --=20 2.47.1 From nobody Sat Feb 7 16:00:16 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 50DBB268C7F; Tue, 3 Jun 2025 06:59:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748933997; cv=none; b=sR7PLzaIcitWFDXlvJ3HGbqGYCZyZvfPSQMuQIxJ0Qj9bdVGD9BhnuWtA5ek8IT0xmcNrUPQdfY0dBeQz12u++yPsQmUMDYeqTKThY5icWVPqI3XHr8kOEeT/sEfkQmuyHqQRgCyhoUt8sdIsuoGXLdlEjPY9uyBmaKGmSRTjbY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1748933997; c=relaxed/simple; bh=ZvJ2xMZlhu1ON5brft5paCaAhefbbaXbiA98oslx0SQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=S4mD6Gl2gkCq/S3LANIfqA5lmqYezFE8J69hnmInTU6QzPKsVoEkyNh6pmrUvWiFSkUrpVxr3hSJRFHX3zrTwSSxbyHYpHhPTLO1ELzVv/hGf8rRbeb/ANZNlg0Xo9FzLmHf+RAwxvwPnhkrjYBb9h26pmKXnh79Wu5TGwPx0yo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=bw8+RBSM; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="bw8+RBSM" Received: by smtp.kernel.org (Postfix) with ESMTPSA id A9BB6C4CEEF; Tue, 3 Jun 2025 06:59:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1748933995; bh=ZvJ2xMZlhu1ON5brft5paCaAhefbbaXbiA98oslx0SQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=bw8+RBSMp5aJNZtTJZiOiPUJRDoO1OJvdeC9NhCfdscjClFlOsNEAFp0eqCSIkTRN UID3+GDpxR773Jmht/MuJEbKPotLQu5d2LO8UHhKIJCpZ2myc1Vf66y6BfHcdT5Y8o K/upQoat2R3qkcM8QbngJXTfdhi3uUMPiA0VU11BqFN5ymLBFECrYyGAsqhCvCUf5+ +EQKYAkStxRB9VgReGLLmaVViwx0WLAjj9oOnyvhSafsi49f4KQK0ZPgUATcQv1azy MWMqPLMtsPp93G/a7GJZ79tghTPhsfc6YFLk7DkFYcd/Z9M+2s9aX14cSJd36xf3L5 QuzIc2WAmZRsQ== From: Song Liu To: bpf@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org Cc: kernel-team@meta.com, andrii@kernel.org, eddyz87@gmail.com, ast@kernel.org, daniel@iogearbox.net, martin.lau@linux.dev, viro@zeniv.linux.org.uk, brauner@kernel.org, jack@suse.cz, kpsingh@kernel.org, mattbobrowski@google.com, amir73il@gmail.com, repnop@google.com, jlayton@kernel.org, josef@toxicpanda.com, mic@digikod.net, gnoack@google.com, m@maowtm.org, Song Liu Subject: [PATCH v2 bpf-next 4/4] selftests/bpf: Add tests for bpf path iterator Date: Mon, 2 Jun 2025 23:59:20 -0700 Message-ID: <20250603065920.3404510-5-song@kernel.org> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250603065920.3404510-1-song@kernel.org> References: <20250603065920.3404510-1-song@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add tests for bpf path iterator, including test cases similar to real workload (call bpf_path_d_path and bpf_get_dentry_xattr), and test cases where the verifier rejects invalid use of the iterator. Signed-off-by: Song Liu --- .../testing/selftests/bpf/bpf_experimental.h | 6 + .../selftests/bpf/prog_tests/path_iter.c | 12 ++ tools/testing/selftests/bpf/progs/path_iter.c | 134 ++++++++++++++++++ 3 files changed, 152 insertions(+) create mode 100644 tools/testing/selftests/bpf/prog_tests/path_iter.c create mode 100644 tools/testing/selftests/bpf/progs/path_iter.c diff --git a/tools/testing/selftests/bpf/bpf_experimental.h b/tools/testing= /selftests/bpf/bpf_experimental.h index 5e512a1d09d1..cbb759b473df 100644 --- a/tools/testing/selftests/bpf/bpf_experimental.h +++ b/tools/testing/selftests/bpf/bpf_experimental.h @@ -596,4 +596,10 @@ extern int bpf_iter_dmabuf_new(struct bpf_iter_dmabuf = *it) __weak __ksym; extern struct dma_buf *bpf_iter_dmabuf_next(struct bpf_iter_dmabuf *it) __= weak __ksym; extern void bpf_iter_dmabuf_destroy(struct bpf_iter_dmabuf *it) __weak __k= sym; =20 +struct bpf_iter_path; +extern int bpf_iter_path_new(struct bpf_iter_path *it, struct path *start, + __u64 flags) __weak __ksym; +extern struct path *bpf_iter_path_next(struct bpf_iter_path *it) __weak __= ksym; +extern void bpf_iter_path_destroy(struct bpf_iter_path *it) __weak __ksym; + #endif diff --git a/tools/testing/selftests/bpf/prog_tests/path_iter.c b/tools/tes= ting/selftests/bpf/prog_tests/path_iter.c new file mode 100644 index 000000000000..3c99c24fbd96 --- /dev/null +++ b/tools/testing/selftests/bpf/prog_tests/path_iter.c @@ -0,0 +1,12 @@ +// SPDX-License-Identifier: GPL-2.0 +/* Copyright (c) 2025 Meta Platforms, Inc. and affiliates. */ + +#include +#include +#include +#include "path_iter.skel.h" + +void test_path_iter(void) +{ + RUN_TESTS(path_iter); +} diff --git a/tools/testing/selftests/bpf/progs/path_iter.c b/tools/testing/= selftests/bpf/progs/path_iter.c new file mode 100644 index 000000000000..be804fb4302c --- /dev/null +++ b/tools/testing/selftests/bpf/progs/path_iter.c @@ -0,0 +1,134 @@ +// SPDX-License-Identifier: GPL-2.0 +/* Copyright (c) 2025 Meta Platforms, Inc. and affiliates. */ + +#include "vmlinux.h" +#include +#include +#include "bpf_misc.h" +#include "bpf_experimental.h" + +char _license[] SEC("license") =3D "GPL"; + +char path_name[256]; +char xattr_val[64]; + +static __always_inline void access_path_dentry(struct path *p) +{ + struct bpf_dynptr ptr; + struct dentry *dentry; + + if (!p) + return; + + bpf_dynptr_from_mem(xattr_val, sizeof(xattr_val), 0, &ptr); + bpf_path_d_path(p, path_name, sizeof(path_name)); + + dentry =3D p->dentry; + if (dentry) + bpf_get_dentry_xattr(dentry, "user.xattr", &ptr); +} + +SEC("lsm.s/file_open") +__success +int BPF_PROG(open_code, struct file *f) +{ + struct bpf_iter_path path_it; + struct path *p; + int ret; + + ret =3D bpf_iter_path_new(&path_it, &f->f_path, 0); + if (ret) { + bpf_iter_path_destroy(&path_it); + return 0; + } + + p =3D bpf_iter_path_next(&path_it); + access_path_dentry(p); + bpf_iter_path_destroy(&path_it); + + return 0; +} + +SEC("lsm.s/file_open") +__success +int BPF_PROG(for_each, struct file *f) +{ + struct path *p; + + bpf_for_each(path, p, &f->f_path, 0) + access_path_dentry(p); + + return 0; +} + +SEC("lsm.s/file_open") +__failure __msg("Unreleased reference") +int BPF_PROG(missing_destroy, struct file *f) +{ + struct bpf_iter_path path_it; + + bpf_iter_path_new(&path_it, &f->f_path, 0); + + return 0; +} + +SEC("lsm.s/file_open") +__failure __msg("expected an initialized iter_path") +int BPF_PROG(missing_new, struct file *f) +{ + struct bpf_iter_path path_it; + + bpf_iter_path_destroy(&path_it); + return 0; +} + +SEC("lsm.s/file_open") +__failure __msg("expected uninitialized iter_path") +int BPF_PROG(new_twice, struct file *f) +{ + struct bpf_iter_path path_it; + + bpf_iter_path_new(&path_it, &f->f_path, 0); + bpf_iter_path_new(&path_it, &f->f_path, 0); + bpf_iter_path_destroy(&path_it); + return 0; +} + +SEC("lsm.s/file_open") +__failure __msg("expected an initialized iter_path") +int BPF_PROG(destroy_twice, struct file *f) +{ + struct bpf_iter_path path_it; + + bpf_iter_path_new(&path_it, &f->f_path, 0); + bpf_iter_path_destroy(&path_it); + bpf_iter_path_destroy(&path_it); + return 0; +} + +SEC("lsm.s/file_open") +__success +int BPF_PROG(reuse_path_iter, struct file *f) +{ + struct bpf_iter_path path_it; + + bpf_iter_path_new(&path_it, &f->f_path, 0); + bpf_iter_path_destroy(&path_it); + bpf_iter_path_new(&path_it, &f->f_path, 0); + bpf_iter_path_destroy(&path_it); + return 0; +} + +SEC("lsm.s/file_open") +__failure __msg("invalid read from stack off") +int BPF_PROG(invalid_read_path_iter, struct file *f) +{ + struct bpf_iter_path path_it; + struct bpf_iter_path path_it_2; + + + bpf_iter_path_new(&path_it, &f->f_path, 0); + path_it_2 =3D path_it; + bpf_iter_path_destroy(&path_it_2); + return 0; +} --=20 2.47.1