| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 2 Mar 2015 09:35:01 -0800
From: Alexei Starovoitov <ast@...mgrid.com>
To: Daniel Borkmann <daniel@...earbox.net>
Cc: "David S. Miller" <davem@...emloft.net>,
Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>,
Network Development <netdev@...r.kernel.org>
Subject: Re: [PATCH net-next] ebpf: move CONFIG_BPF_SYSCALL-only function declarations
On Mon, Mar 2, 2015 at 6:21 AM, Daniel Borkmann <daniel@...earbox.net> wrote:
> Masami noted that it would be better to hide the remaining CONFIG_BPF_SYSCALL-only
> function declarations within the BPF header ifdef, w/o else path dummy alternatives
> since these functions are not supposed to have a user outside of CONFIG_BPF_SYSCALL.
So far we didn't have anyone trying to add new map types
outside of kernel/bpf/, so this patch is a defensive move.
Such potential future abuser will get compile error for
missing bpf_register_map_type() instead of linker error for the same.
Not sure that's really needed.
Also bpf_map_put() and bpf_map_get() are only used
by bpf syscall and verifier. imo moving them under ifdef is overkill.
I think ifdef should only be used for function that have
real and dummy bodies.
Today we have three:
bpf_register_prog_type(), bpf_prog_get() and bpf_prog_put()
and that makes sense.
Hiding *map*() functions seems unnecessary.
I think linker error is good enough.
> Suggested-by: Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>
> Reference: http://article.gmane.org/gmane.linux.kernel.api/8658
> Signed-off-by: Daniel Borkmann <daniel@...earbox.net>
> ---
> include/linux/bpf.h | 18 +++++++++---------
> 1 file changed, 9 insertions(+), 9 deletions(-)
>
> diff --git a/include/linux/bpf.h b/include/linux/bpf.h
> index a1a7ff2..a884f5a 100644
> --- a/include/linux/bpf.h
> +++ b/include/linux/bpf.h
> @@ -42,10 +42,6 @@ struct bpf_map_type_list {
> enum bpf_map_type type;
> };
>
> -void bpf_register_map_type(struct bpf_map_type_list *tl);
> -void bpf_map_put(struct bpf_map *map);
> -struct bpf_map *bpf_map_get(struct fd f);
> -
> /* function argument constraints */
> enum bpf_arg_type {
> ARG_ANYTHING = 0, /* any argument is ok */
> @@ -126,9 +122,16 @@ struct bpf_prog_aux {
>
> #ifdef CONFIG_BPF_SYSCALL
> void bpf_register_prog_type(struct bpf_prog_type_list *tl);
> +void bpf_register_map_type(struct bpf_map_type_list *tl);
>
> -void bpf_prog_put(struct bpf_prog *prog);
> struct bpf_prog *bpf_prog_get(u32 ufd);
> +void bpf_prog_put(struct bpf_prog *prog);
> +
> +struct bpf_map *bpf_map_get(struct fd f);
> +void bpf_map_put(struct bpf_map *map);
> +
> +/* verify correctness of eBPF program */
> +int bpf_check(struct bpf_prog *fp, union bpf_attr *attr);
> #else
> static inline void bpf_register_prog_type(struct bpf_prog_type_list *tl)
> {
> @@ -142,10 +145,7 @@ static inline struct bpf_prog *bpf_prog_get(u32 ufd)
> static inline void bpf_prog_put(struct bpf_prog *prog)
> {
> }
> -#endif
> -
> -/* verify correctness of eBPF program */
> -int bpf_check(struct bpf_prog *fp, union bpf_attr *attr);
> +#endif /* CONFIG_BPF_SYSCALL */
>
> /* verifier prototypes for helper functions called from eBPF programs */
> extern const struct bpf_func_proto bpf_map_lookup_elem_proto;
> --
> 1.9.3
>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists