micromaomao · micromaomao · Jun 29, 2025 · Jul 5, 2025 · Jul 5, 2025 · Jul 6, 2025
diff --git a/include/trace/events/landlock.h b/include/trace/events/landlock.h
@@ -0,0 +1,56 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * Copyright © 2025 Microsoft Corporation
+ */
+
+#undef TRACE_SYSTEM
+#define TRACE_SYSTEM landlock
+
+#if !defined(_TRACE_LANDLOCK_H) || defined(TRACE_HEADER_MULTI_READ)
+#define _TRACE_LANDLOCK_H
+
+#include <linux/tracepoint.h>
+
+struct landlock_domain_index;
+
+TRACE_EVENT(
+	landlock_domain_hash_find,
+	TP_PROTO(
+		const struct landlock_domain_index* indices_arr,
+		u32 num_indices,
+		int hash_bits,
+		const struct landlock_domain_index* elem_to_find,
+		u32 collisions_followed
+	),
+
+	TP_ARGS(indices_arr, num_indices, hash_bits, elem_to_find, collisions_followed),
+	TP_STRUCT__entry(
+		__field(const struct landlock_domain_index *, indices_arr)
+		__field(u32, num_indices)
+		__field(u32, hash_bits)
+		__field(uintptr_t, key)
+		__field(u32, collisions_followed)
+	),
+
+	TP_fast_assign(
+		__entry->indices_arr = indices_arr;
+		__entry->num_indices = num_indices;
+		__entry->hash_bits = hash_bits;
+		__entry->key = *(uintptr_t *)elem_to_find;
-		__entry->key = *(uintptr_t *)elem_to_find;
+		__entry->key = elem_to_find->key.data;
-		__entry->key = *(uintptr_t *)elem_to_find;
+		__entry->key = elem_to_find->key.data;
+		__entry->collisions_followed = collisions_followed;
+	),
+
+	TP_printk(
+		"indices_arr=%p num_indices=%u hash_bits=%u, key=%lx collisions_followed=%u",
-		"indices_arr=%p num_indices=%u hash_bits=%u, key=%lx collisions_followed=%u",
+		"indices_arr=%p num_indices=%u hash_bits=%u key=%lx collisions_followed=%u",
-		"indices_arr=%p num_indices=%u hash_bits=%u, key=%lx collisions_followed=%u",
+		"indices_arr=%p num_indices=%u hash_bits=%u key=%lx collisions_followed=%u",
+		__entry->indices_arr,
+		__entry->num_indices,
+		__entry->hash_bits,
+		__entry->key,
+		__entry->collisions_followed
+	)
+);
+
+#endif /* _TRACE_LANDLOCK_H */
+
+/* This part must be outside protection */
+#include <trace/define_trace.h>
diff --git a/security/landlock/Makefile b/security/landlock/Makefile
@@ -1,11 +1,10 @@
 obj-$(CONFIG_SECURITY_LANDLOCK) := landlock.o
 
 landlock-y := setup.o syscalls.o object.o ruleset.o \
-	cred.o task.o fs.o
+	cred.o task.o fs.o domain.o trace.o
 
 landlock-$(CONFIG_INET) += net.o
 
 landlock-$(CONFIG_AUDIT) += \
 	id.o \
-	audit.o \
-	domain.o
+	audit.o
diff --git a/security/landlock/audit.c b/security/landlock/audit.c
@@ -134,7 +134,7 @@ static void log_domain(struct landlock_hierarchy *const hierarchy)
 }
 
 static struct landlock_hierarchy *
-get_hierarchy(const struct landlock_ruleset *const domain, const size_t layer)
+get_hierarchy(const struct landlock_domain *const domain, const size_t layer)
 {
 	struct landlock_hierarchy *hierarchy = domain->hierarchy;
 	ssize_t i;
@@ -167,7 +167,7 @@ static void test_get_hierarchy(struct kunit *const test)
 		.parent = &dom1_hierarchy,
 		.id = 30,
 	};
-	struct landlock_ruleset dom2 = {
+	struct landlock_domain dom2 = {
 		.hierarchy = &dom2_hierarchy,
 		.num_layers = 3,
 	};
@@ -180,7 +180,7 @@ static void test_get_hierarchy(struct kunit *const test)
 
 #endif /* CONFIG_SECURITY_LANDLOCK_KUNIT_TEST */
 
-static size_t get_denied_layer(const struct landlock_ruleset *const domain,
+static size_t get_denied_layer(const struct landlock_domain *const domain,
 			       access_mask_t *const access_request,
 			       const layer_mask_t (*const layer_masks)[],
 			       const size_t layer_masks_size)
@@ -218,7 +218,7 @@ static size_t get_denied_layer(const struct landlock_ruleset *const domain,
 
 static void test_get_denied_layer(struct kunit *const test)
 {
-	const struct landlock_ruleset dom = {
+	const struct landlock_domain dom = {
 		.num_layers = 5,
 	};
 	const layer_mask_t layer_masks[LANDLOCK_NUM_ACCESS_FS] = {