| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 02 Mar 2015 13:26:17 +0100 From: Daniel Borkmann <daniel@...earbox.net> To: Masami Hiramatsu <masami.hiramatsu.pt@...achi.com> CC: Alexei Starovoitov <ast@...mgrid.com>, Ingo Molnar <mingo@...nel.org>, Steven Rostedt <rostedt@...dmis.org>, Namhyung Kim <namhyung@...nel.org>, Arnaldo Carvalho de Melo <acme@...radead.org>, Jiri Olsa <jolsa@...hat.com>, "David S. Miller" <davem@...emloft.net>, Peter Zijlstra <a.p.zijlstra@...llo.nl>, linux-api@...r.kernel.org, netdev@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH v5 tip 1/7] bpf: make internal bpf API independent of CONFIG_BPF_SYSCALL ifdefs On 03/02/2015 12:51 PM, Masami Hiramatsu wrote: > (2015/03/02 20:10), Daniel Borkmann wrote: >> On 03/02/2015 11:53 AM, Masami Hiramatsu wrote: >> ... >>> Hmm, it seems that this still doesn't hide some APIs which is provided >>> only when CONFIG_BPF_SYSCALL. For example bpf_register_map_type etc. >>> I think all those APIs should be hidden in #ifdef or at least be commented >>> so that the user doesn't refer that without the kconfig. >>> (I don't think we need to provide dummy functions for those APIs, >>> but it's better to clarify which API we can use with which kconfig) >> >> Well, currently all possible map types (hash table, array map) that >> would actually call into bpf_register_map_type() are only built when >> CONFIG_BPF_SYSCALL is enabled (see kernel/bpf/Makefile). I don't think >> new map additions should be added that are not under kernel/bpf/ and/or >> enabled outside the CONFIG_BPF_SYSCALL, as it should be considered >> part of the eBPF core code. >> >> The difference here (this patch) is simply that we don't want users to >> build ifdef spaghetti constructs in user code, so the API that is >> actually used by eBPF _users_ is being properly ifdef'ed in the headers. >> >> So, I don't think this is a big problem, but we could move these bits >> under the ifdef CONFIG_BPF_SYSCALL w/o providing a dummy in the else part. >> I can do that outside of the scope of this set. > > Or, maybe we'd better move them into new include/linux/bpf_prog.h which > includes basic include/linux/bpf.h. Then, user can include the bpf_prog.h > instead of bpf.h. Also, we can check CONFIG_BPF_SYSCAL=y at the top of > bpf_prog.h. This makes things clearer :) I'm preferring the 1st variant, though. We have currently two native eBPF users, that is, socket filters and tc's cls_bpf (queued in net-next) and looking at the code/API usage, it's really not that hard, where it would justify to move this to an extra header file, really. I'm cooking a patch for net-next right now with the first variant (which is on top of this patch that resides in net-next as-is as well). Thanks, Daniel -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists