[PATCH v2 bpf-next 0/5] Introduce bpf_cgroup_read_xattr
Song Liu
song at kernel.org
Thu Jun 19 22:01:09 UTC 2025
Introduce a new kfunc bpf_cgroup_read_xattr, which can read xattr from
cgroupfs nodes. The primary users are LSMs, cgroup programs, and sched_ext.
---
Changes v1 => v2:
1. Replace 1/4 in v1 with Chritian's version (1/5 in v2).
2. Rename bpf_kernfs_read_xattr => bpf_cgroup_read_xattr, and limit access
to cgroup only.
3. Add 5/5, which makes bpf_cgroup_read_xattr available to cgroup and
struct_ops programs.
v1: https://lore.kernel.org/bpf/20250618233739.189106-1-song@kernel.org/
Christian Brauner (1):
kernfs: remove iattr_mutex
Song Liu (4):
bpf: Introduce bpf_cgroup_read_xattr to read xattr of cgroup's node
bpf: Mark cgroup_subsys_state->cgroup RCU safe
selftests/bpf: Add tests for bpf_cgroup_read_xattr
bpf: Make bpf_cgroup_read_xattr available to cgroup and struct_ops
progs
fs/bpf_fs_kfuncs.c | 86 +++++++++-
fs/kernfs/inode.c | 74 ++++----
kernel/bpf/verifier.c | 5 +
.../selftests/bpf/prog_tests/cgroup_xattr.c | 145 ++++++++++++++++
.../selftests/bpf/progs/cgroup_read_xattr.c | 158 ++++++++++++++++++
.../selftests/bpf/progs/read_cgroupfs_xattr.c | 60 +++++++
6 files changed, 489 insertions(+), 39 deletions(-)
create mode 100644 tools/testing/selftests/bpf/prog_tests/cgroup_xattr.c
create mode 100644 tools/testing/selftests/bpf/progs/cgroup_read_xattr.c
create mode 100644 tools/testing/selftests/bpf/progs/read_cgroupfs_xattr.c
--
2.47.1
More information about the Linux-security-module-archive
mailing list