Introduce a new kfunc bpf_kernfs_read_xattr, which can read xattr from
kernfs nodes (cgroupfs, for example). The primary users are LSMs, for
example, from systemd. sched_ext could also use xattrs on cgroupfs nodes.
However, this is not allowed yet, because bpf_kernfs_read_xattr is only
allowed from LSM hooks. The plan is to address sched_ext later (or in a
later revision of this set).

Song Liu (4):
  kernfs: Add __kernfs_xattr_get for RCU protected access
  bpf: Introduce bpf_kernfs_read_xattr to read xattr of kernfs nodes
  bpf: Mark cgroup_subsys_state->cgroup RCU safe
  selftests/bpf: Add tests for bpf_kernfs_read_xattr

 fs/bpf_fs_kfuncs.c                            |  33 ++++
 fs/kernfs/inode.c                             |  14 ++
 include/linux/kernfs.h                        |   2 +
 kernel/bpf/verifier.c                         |   5 +
 .../selftests/bpf/prog_tests/kernfs_xattr.c   | 145 ++++++++++++++++++
 .../selftests/bpf/progs/kernfs_read_xattr.c   | 117 ++++++++++++++
 .../selftests/bpf/progs/read_cgroupfs_xattr.c |  60 ++++++++
 7 files changed, 376 insertions(+)
 create mode 100644 tools/testing/selftests/bpf/prog_tests/kernfs_xattr.c
 create mode 100644 tools/testing/selftests/bpf/progs/kernfs_read_xattr.c
 create mode 100644 tools/testing/selftests/bpf/progs/read_cgroupfs_xattr.c

--
2.47.1

Hello,

On Wed, Jun 18, 2025 at 04:37:35PM -0700, Song Liu wrote:
> Introduce a new kfunc bpf_kernfs_read_xattr, which can read xattr from
> kernfs nodes (cgroupfs, for example). The primary users are LSMs, for
> example, from systemd. sched_ext could also use xattrs on cgroupfs nodes.
> However, this is not allowed yet, because bpf_kernfs_read_xattr is only
> allowed from LSM hooks. The plan is to address sched_ext later (or in a
> later revision of this set).

I don't think kernfs is the name we should be exposing to BPF users. This is
an implementation detail which may change in the future. I'd rather make it
a generic interface or a cgroup specific one. The name "kernfs" doesn't
really mean much outside kernel code that's using them.

Thanks.

-- 
tejun

On Wed, Jun 18, 2025 at 02:43:34PM -1000, Tejun Heo wrote:
> Hello,
> 
> On Wed, Jun 18, 2025 at 04:37:35PM -0700, Song Liu wrote:
> > Introduce a new kfunc bpf_kernfs_read_xattr, which can read xattr from
> > kernfs nodes (cgroupfs, for example). The primary users are LSMs, for
> > example, from systemd. sched_ext could also use xattrs on cgroupfs nodes.
> > However, this is not allowed yet, because bpf_kernfs_read_xattr is only
> > allowed from LSM hooks. The plan is to address sched_ext later (or in a
> > later revision of this set).
> 
> I don't think kernfs is the name we should be exposing to BPF users. This is
> an implementation detail which may change in the future. I'd rather make it
> a generic interface or a cgroup specific one. The name "kernfs" doesn't

cgroup specific, please. That's what I suggested to Daan.

> On Jun 19, 2025, at 1:48 AM, Christian Brauner <brauner@kernel.org> wrote:
> 
> On Wed, Jun 18, 2025 at 02:43:34PM -1000, Tejun Heo wrote:
>> Hello,
>> 
>> On Wed, Jun 18, 2025 at 04:37:35PM -0700, Song Liu wrote:
>>> Introduce a new kfunc bpf_kernfs_read_xattr, which can read xattr from
>>> kernfs nodes (cgroupfs, for example). The primary users are LSMs, for
>>> example, from systemd. sched_ext could also use xattrs on cgroupfs nodes.
>>> However, this is not allowed yet, because bpf_kernfs_read_xattr is only
>>> allowed from LSM hooks. The plan is to address sched_ext later (or in a
>>> later revision of this set).
>> 
>> I don't think kernfs is the name we should be exposing to BPF users. This is
>> an implementation detail which may change in the future. I'd rather make it
>> a generic interface or a cgroup specific one. The name "kernfs" doesn't
> 
> cgroup specific, please. That's what I suggested to Daan.

I guess there was some misunderstanding. I will make this cgroup specific 
in v2. 

Thanks,
Song