> I decided to address only multilevel pointers as this is what we encountered in practice and have to use BPF helper workarounds. I think there are no technical restrictions for treating single level pointers as PTR_TO_MEM.
Hi Slava and Eduard, If we add support for writable single-level int pointers, we could trivially implement bpf_inode_set_xattr in the way that Alexei originally suggested[1] when it was first attempted to be added. One note, for this particular case, the kfunc would need to be able to write to the xattr int* param, as lsm_get_xattr_slot[2] increments the LSM-internal xattr_count. Others would be possible as well (cred_getsecid). [1] https://kernsec.org/pipermail/linux-security-module-archive/2022-October/034878.html [2] https://elixir.bootlin.com/linux/v6.19-rc5/source/include/linux/lsm_hooks.h#L215
