Skip to content

Introduce bpf_cgroup_read_xattr #5503

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: bpf-next_base
Choose a base branch
from
Open

Introduce bpf_cgroup_read_xattr #5503

wants to merge 4 commits into from
+448 −34

Conversation

kernel-patches-daemon-bpf-rc[bot]
Copy link

Pull request for series with
subject: Introduce bpf_cgroup_read_xattr
version: 3
url: https://patchwork.kernel.org/project/netdevbpf/list/?series=974689

@kernel-patches-daemon-bpf-rc
Copy link
Author

Upstream branch: 99fe8af
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=974689
version: 3

@kernel-patches-daemon-bpf-rc
Copy link
Author

Upstream branch: c11f34e
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=974689
version: 3

@kernel-patches-daemon-bpf-rc
Copy link
Author

Upstream branch: 3ce7cdd
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=974689
version: 3

@kernel-patches-daemon-bpf-rc
Copy link
Author

Upstream branch: 3ce7cdd
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=974689
version: 3

brauner and others added 4 commits June 24, 2025 18:54
@brauner
kernfs: remove iattr_mutex
6d50039 
All allocations of struct kernfs_iattrs are serialized through a global
mutex. Simply do a racy allocation and let the first one win. I bet most
callers are under inode->i_rwsem anyway and it wouldn't be needed but
let's not require that.

Signed-off-by: Christian Brauner <[email protected]>
Acked-by: Greg Kroah-Hartman <[email protected]>
Acked-by: Tejun Heo <[email protected]>
Signed-off-by: Song Liu <[email protected]>
@liu-song-6
bpf: Introduce bpf_cgroup_read_xattr to read xattr of cgroup's node
41dc740 
BPF programs, such as LSM and sched_ext, would benefit from tags on
cgroups. One common practice to apply such tags is to set xattrs on
cgroupfs folders.

Introduce kfunc bpf_cgroup_read_xattr, which allows reading cgroup's
xattr.

Note that, we already have bpf_get_[file|dentry]_xattr. However, these
two APIs are not ideal for reading cgroupfs xattrs, because:

  1) These two APIs only works in sleepable contexts;
  2) There is no kfunc that matches current cgroup to cgroupfs dentry.

bpf_cgroup_read_xattr is generic and can be useful for many program
types. It is also safe, because it requires trusted or rcu protected
argument (KF_RCU). Therefore, we make it available to all program types.

Signed-off-by: Song Liu <[email protected]>
Acked-by: Tejun Heo <[email protected]>
@liu-song-6
bpf: Mark cgroup_subsys_state->cgroup RCU safe
b34ca0e 
Mark struct cgroup_subsys_state->cgroup as safe under RCU read lock. This
will enable accessing css->cgroup from a bpf css iterator.

Signed-off-by: Song Liu <[email protected]>
@liu-song-6
selftests/bpf: Add tests for bpf_cgroup_read_xattr
c38d54a 
Add tests for different scenarios with bpf_cgroup_read_xattr:
1. Read cgroup xattr from bpf_cgroup_from_id;
2. Read cgroup xattr from bpf_cgroup_ancestor;
3. Read cgroup xattr from css_iter;
4. Use bpf_cgroup_read_xattr in LSM hook security_socket_connect.
5. Use bpf_cgroup_read_xattr in cgroup program.

Signed-off-by: Song Liu <[email protected]>
@kernel-patches-daemon-bpf-rc
Copy link
Author

Upstream branch: 3713b58
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=974689
version: 3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bpf-next new V3
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@brauner @liu-song-6