[RFC PATCH v1 4/5] landlock: Add landlock_add_rule_fs tracepoint

Mickaël Salaün mic at digikod.net
Fri May 23 16:57:40 UTC 2025 

Add a tracepoint for Landlock path_beneath rule addition.  This is
useful to tie a Landlock object with a file for debug purpose.

Allocate the absolute path names when adding new rules.  This is OK
because landlock_add_rule(2) is not a performance critical code.

Here is an example of landlock_add_rule_fs traces:
  ruleset=0x000000007e3b1c4a key=inode:0xffff888004f59260 allowed=0xd dev=0:16 ino=306 path=/usr
  ruleset=0x000000007e3b1c4a key=inode:0xffff888004f59240 allowed=0xffff dev=0:16 ino=346 path=/root

TODO: Use Landlock IDs instead of kernel addresses to identify Landlock
objects (e.g. inode).

Cc: Günther Noack <gnoack at google.com>
Cc: Masami Hiramatsu <mhiramat at kernel.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers at efficios.com>
Cc: Steven Rostedt <rostedt at goodmis.org>
Cc: Tingmao Wang <m at maowtm.org>
Signed-off-by: Mickaël Salaün <mic at digikod.net>
---
 MAINTAINERS                     |  1 +
 include/trace/events/landlock.h | 68 +++++++++++++++++++++++++++++++++
 security/landlock/Makefile      | 11 +++++-
 security/landlock/fs.c          | 22 +++++++++++
 security/landlock/fs.h          |  3 ++
 security/landlock/trace.c       | 14 +++++++
 6 files changed, 117 insertions(+), 2 deletions(-)
 create mode 100644 include/trace/events/landlock.h
 create mode 100644 security/landlock/trace.c

diff --git a/MAINTAINERS b/MAINTAINERS
index d48dd6726fe6..f75c21a935c1 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -13393,6 +13393,7 @@ F:	Documentation/admin-guide/LSM/landlock.rst
 F:	Documentation/security/landlock.rst
 F:	Documentation/userspace-api/landlock.rst
 F:	fs/ioctl.c
+F:	include/trace/events/landlock.h
 F:	include/uapi/linux/landlock.h
 F:	samples/landlock/
 F:	security/landlock/
diff --git a/include/trace/events/landlock.h b/include/trace/events/landlock.h
new file mode 100644
index 000000000000..41e10965ba7b
--- /dev/null
+++ b/include/trace/events/landlock.h
@@ -0,0 +1,68 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * Copyright © 2025 Microsoft Corporation
+ */
+
+#undef TRACE_SYSTEM
+#define TRACE_SYSTEM landlock
+
+#if !defined(_TRACE_LANDLOCK_H) || defined(TRACE_HEADER_MULTI_READ)
+#define _TRACE_LANDLOCK_H
+
+#include <linux/tracepoint.h>
+
+struct landlock_rule_ref;
+struct landlock_ruleset;
+struct path;
+typedef u16 access_mask_t;
+
+TRACE_EVENT(landlock_add_rule_fs,
+
+	TP_PROTO(
+		const struct landlock_ruleset *ruleset,
+		const struct landlock_rule_ref *ref,
+		access_mask_t access_rights,
+		const struct path *path,
+		const char *pathname
+	),
+
+	TP_ARGS(ruleset, ref, access_rights, path, pathname),
+
+	TP_STRUCT__entry(
+		__field(const struct landlock_ruleset *, ruleset)
+		__field(uintptr_t, ref_key)
+		__field(access_mask_t, allowed)
+		__field(dev_t, dev)
+		__field(ino_t, ino)
+		__string(pathname, pathname)
+	),
+
+	TP_fast_assign(
+		__entry->ruleset = ruleset;
+		__entry->ref_key = ref->key.data;
+		__entry->allowed = access_rights;
+		__entry->dev = path->dentry->d_sb->s_dev;
+		__entry->ino = path->dentry->d_inode->i_ino;
+		__assign_str(pathname);
+	),
+
+	/*
+	 * The inode number may not be the user-visible one, but it will be the same
+	 * used by audit.
+	 */
+	TP_printk(
+		"ruleset=0x%p key=inode:0x%lx allowed=0x%x dev=%u:%u ino=%lu path=%s",
+		__entry->ruleset,
+		__entry->ref_key,
+		__entry->allowed,
+		MAJOR(__entry->dev),
+		MINOR(__entry->dev),
+		__entry->ino,
+		__print_untrusted_str(pathname)
+	)
+);
+
+#endif /* _TRACE_LANDLOCK_H */
+
+/* This part must be outside protection */
+#include <trace/define_trace.h>
diff --git a/security/landlock/Makefile b/security/landlock/Makefile
index 3160c2bdac1d..c19b406a6c67 100644
--- a/security/landlock/Makefile
+++ b/security/landlock/Makefile
@@ -1,7 +1,14 @@
 obj-$(CONFIG_SECURITY_LANDLOCK) := landlock.o
 
-landlock-y := setup.o syscalls.o object.o ruleset.o \
-	cred.o task.o fs.o
+landlock-y := \
+	setup.o \
+	syscalls.o \
+	object.o \
+	ruleset.o \
+	cred.o \
+	task.o \
+	fs.o \
+	trace.o
 
 landlock-$(CONFIG_INET) += net.o
 
diff --git a/security/landlock/fs.c b/security/landlock/fs.c
index 73a20a501c3c..e5d673240882 100644
--- a/security/landlock/fs.c
+++ b/security/landlock/fs.c
@@ -36,6 +36,7 @@
 #include <linux/types.h>
 #include <linux/wait_bit.h>
 #include <linux/workqueue.h>
+#include <trace/events/landlock.h>
 #include <uapi/linux/fiemap.h>
 #include <uapi/linux/landlock.h>
 
@@ -345,6 +346,27 @@ int landlock_append_fs_rule(struct landlock_ruleset *const ruleset,
 	mutex_lock(&ruleset->lock);
 	err = landlock_insert_rule(ruleset, ref, access_rights);
 	mutex_unlock(&ruleset->lock);
+
+	if (!err && trace_landlock_add_rule_fs_enabled()) {
+		const char *pathname;
+		/* Does not handle deleted files. */
+		char *buffer __free(__putname) = __getname();
+
+		if (buffer) {
+			const char *absolute_path =
+				d_absolute_path(path, buffer, PATH_MAX);
+			if (!IS_ERR_OR_NULL(absolute_path))
+				pathname = absolute_path;
+			else
+				pathname = "<too_long>";
+		} else {
+			/* Same format as audit_log_d_path(). */
+			pathname = "<no_memory>";
+		}
+		trace_landlock_add_rule_fs(ruleset, &ref, access_rights, path,
+					   pathname);
+	}
+
 	/*
 	 * No need to check for an error because landlock_insert_rule()
 	 * increments the refcount for the new object if needed.
diff --git a/security/landlock/fs.h b/security/landlock/fs.h
index bf9948941f2f..60be95ebfb0b 100644
--- a/security/landlock/fs.h
+++ b/security/landlock/fs.h
@@ -11,6 +11,7 @@
 #define _SECURITY_LANDLOCK_FS_H
 
 #include <linux/build_bug.h>
+#include <linux/cleanup.h>
 #include <linux/fs.h>
 #include <linux/init.h>
 #include <linux/rcupdate.h>
@@ -128,4 +129,6 @@ int landlock_append_fs_rule(struct landlock_ruleset *const ruleset,
 			    const struct path *const path,
 			    access_mask_t access_hierarchy);
 
+DEFINE_FREE(__putname, char *, if (_T) __putname(_T))
+
 #endif /* _SECURITY_LANDLOCK_FS_H */
diff --git a/security/landlock/trace.c b/security/landlock/trace.c
new file mode 100644
index 000000000000..98874cda473b
--- /dev/null
+++ b/security/landlock/trace.c
@@ -0,0 +1,14 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * Landlock - Tracepoints
+ *
+ * Copyright © 2025 Microsoft Corporation
+ */
+
+#include <linux/path.h>
+
+#include "access.h"
+#include "ruleset.h"
+
+#define CREATE_TRACE_POINTS
+#include <trace/events/landlock.h>
-- 
2.49.0

More information about the Linux-security-module-archive mailing list