Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp926806pxp; Wed, 16 Mar 2022 21:34:53 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzISpQeWg6WpLi2cgECbMf9pfnCwLBUs61eUrgmWzqbyg3o/OETxVvtfW6Um0w2jp20FGBZ X-Received: by 2002:a17:90a:c782:b0:1bc:dac0:88e with SMTP id gn2-20020a17090ac78200b001bcdac0088emr13783564pjb.172.1647491692949; Wed, 16 Mar 2022 21:34:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1647491692; cv=none; d=google.com; s=arc-20160816; b=vDH6PCO94oD3C0CjzVhGTIDH+kJ23KsdcBGQpJA8xCJhf+ZU/bYpoKRlpxpbQb1Xk7 rEoCIsO1zjJCqD4LDST1FqJcYgPkQd01PJehJ2QlpJ4MPH3hbPL4IRtch7ojX90gLotU 5VbWdnBHUrApyUhsp617CQu1PAsUArvD0H1NdhUAtMuQ9pr2Uj+Qd7ltF2Yf9GpaXkk/ 4BHeJ2hZOUD9eQFCpS6TFr3Fm52yesxPocGqYuHlW2DxFjP/7o2RGll7nNe7E62lVMKD OIt7h+hRRQ4vdBsAjmsLM5eJZn5gwwt9xa6ZabKixedok5C3LrPZA8rm5STVLupYZEk5 Sn7w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=jzTzwH5r+B8zHWp2dL9bIRp+jnDQp4u6qStPolr36JI=; b=Fv5y+7RKaYYO2mmnYYcHC5diZ0Zt6Mn5PhY+UPAwXHv9d7PcWX+PR+lMi5yUpQxANv 4CJ+Ld+mlb1ZUUTs553ZRbE36NGtLRl/bA7yfSXwQbCY0lOS35UO83q4DovCFCbbF5iw P7hDlH55gJfS65Bc8vdMCrJW9DuN6HjXLG85bX8E+JfkRGeZ+iy28So2bu425/hZOsk2 Ls07S1pSkZUIWCejwDNojOVOtNXBEtrrslX5rAvHOhA9gfJBFfzhRtkLHAzCgWoEYqag FgpRolhlhs/lffccQZS5wBMnHld1lcrwSrxpO6NX1K12o4E799sMhXX6VVI0C0QqdTGv +fhg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=SVFOtodr; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id r10-20020a65508a000000b003816043f137si990755pgp.812.2022.03.16.21.34.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Mar 2022 21:34:52 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=SVFOtodr; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 53F9E10C527; Wed, 16 Mar 2022 21:02:10 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1351466AbiCOTtU (ORCPT + 99 others); Tue, 15 Mar 2022 15:49:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59744 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S245391AbiCOTtS (ORCPT ); Tue, 15 Mar 2022 15:49:18 -0400 Received: from mail-qt1-x833.google.com (mail-qt1-x833.google.com [IPv6:2607:f8b0:4864:20::833]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 56F97DEA0 for ; Tue, 15 Mar 2022 12:48:06 -0700 (PDT) Received: by mail-qt1-x833.google.com with SMTP id c4so159753qtx.1 for ; Tue, 15 Mar 2022 12:48:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=jzTzwH5r+B8zHWp2dL9bIRp+jnDQp4u6qStPolr36JI=; b=SVFOtodruKnk3NeRKIG5/VG4myOANEFzk02YEJ0NuwwHWsE4VW6a5bvyR4IHJYh6tI qLGRCkAWEu1W3EUTBUpHvk3+xcmTBepwVGz8/ujzD59oWiwx8m1A3KGiIeIyn7PJbr3n cjI5Tq52DG0wgeJnFutkLs0F3maHVsyVr/X5u9lk521S/opk+v81JmdUxwNgLKf2tpAl OPY6ngods97/J3fjOT8eK1o8F2/Rgkgh5P5e94VScnMUVWoPV8/FsuijXoBvUUqKJnYc MTyeXlAe8IEPYmqhRiBfvUoce+l+/IIOq2B35ZPzKtYGeXOCBAjAL1+suZcEXA+xd7+P bq2A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=jzTzwH5r+B8zHWp2dL9bIRp+jnDQp4u6qStPolr36JI=; b=yuVq9tCokSH2hr71zynMrnB+ZlTeYwfh2tu2QiSgrJBZbFokHKlgJluo2Y0naq82bs mriVv1coyFYRH4Vi5Y9i6WIfbDaSvC6LL92p1e8i035PB1Fn1Xzg7Hnk4IEJ3PjEbRBN +zFhRzCtkwM2pORjK9KnE/W/lDo3sUnHNfWAzoec64dLHS4SC3Teq8ItYuHTz0I/L2kv uLvwjDSes+iUZ9jOZAqgpDwWhAXOyGrU0y9qLV9Yj5OayxF1Qx9YsciawR1VfFJpO5N3 UccsA2D8hvKwhNrQra0qQGH3KQKokZ5SBKDL1EJEy33UEK6rqxeE97JK6dUsgpf+oxEl w1nA== X-Gm-Message-State: AOAM531qqLDv19OQQX3HlrebGqa+Itzd6jW3D20V6AgOl8QoO9Vp6bg3 5lwOMcAlG4DFinPHgR5oySvcNKHBgzzOBFevB3T7Vg== X-Received: by 2002:a05:622a:170a:b0:2e1:cdae:28df with SMTP id h10-20020a05622a170a00b002e1cdae28dfmr10979314qtk.299.1647373685297; Tue, 15 Mar 2022 12:48:05 -0700 (PDT) MIME-Version: 1.0 References: <20220225234339.2386398-1-haoluo@google.com> <20220225234339.2386398-2-haoluo@google.com> In-Reply-To: From: Hao Luo Date: Tue, 15 Mar 2022 12:47:54 -0700 Message-ID: Subject: Re: [PATCH bpf-next v1 1/9] bpf: Add mkdir, rmdir, unlink syscalls for prog_bpf_syscall To: Al Viro Cc: Alexei Starovoitov , Andrii Nakryiko , Daniel Borkmann , Martin KaFai Lau , Song Liu , Yonghong Song , KP Singh , Shakeel Butt , Joe Burton , Tejun Heo , joshdon@google.com, sdf@google.com, bpf@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-9.5 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE, USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Mar 15, 2022 at 12:02 PM Al Viro wrote: > > On Tue, Mar 15, 2022 at 10:27:39AM -0700, Hao Luo wrote: > > > Option 1: We can put restrictions on the pathname passed into this > > helper. We can explicitly require the parameter dirfd to be in bpffs > > (we can verify). In addition, we check pathname to be not containing > > any dot or dotdot, so the resolved path will end up inside bpffs, > > therefore won't take ->i_rwsem that is in the callchain of > > cgroup_mkdir(). > > Won't be enough - mount --bind the parent under itself and there you go... > Sure, you could prohibit mountpoint crossing, etc., but at that point > I'd question the usefulness of pathname resolution in the first place. [Apologies for resend, my response did not get delivered to mail list] I don't see a use case where we need to bind mount the directories in bpffs, right now. So in option 1, we can also prohibit mountpoint crossing. Pathname resolution is still useful in this case. Imagine we want to put all the created dirs under a base dir, we can open the base dir and reuse its fd for multiple mkdirs, for example: Userspace: fd = openat(..., "/sys/fs/bpf", ...); pass fd to the bpf prog bpf prog: bpf_mkdirat(fd, "common1", ...); bpf_mkdirat(fd, "common1/a", ...); bpf_mkdirat(fd, "common1/b", ...); bpf_mkdirat(fd, "common2", ...); ... It would be very inconvenient if we can't resolve multi-level paths. As Alexei said, another option is to delegate syscall to a worker thread. IMHO, we could do that in future if we find there is a need for the full feature of pathname resolution. Al, does that sound good?