lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 19 Nov 2015 19:30:41 -0800
From:	Alexei Starovoitov <alexei.starovoitov@...il.com>
To:	Hannes Frederic Sowa <hannes@...essinduktion.org>
Cc:	Daniel Borkmann <daniel@...earbox.net>, davem@...emloft.net,
	netdev@...r.kernel.org
Subject: Re: [PATCH net-next] bpf: add show_fdinfo handler for maps

On Thu, Nov 19, 2015 at 09:12:30PM +0100, Hannes Frederic Sowa wrote:
> On Thu, Nov 19, 2015, at 19:32, Alexei Starovoitov wrote:
> > On Thu, Nov 19, 2015 at 07:19:24PM +0100, Hannes Frederic Sowa wrote:
> > > On Thu, Nov 19, 2015, at 11:56, Daniel Borkmann wrote:
> > > > Add a handler for show_fdinfo() to be used by the anon-inodes
> > > > backend for eBPF maps, and dump the map specification there. Not
> > > > only useful for admins, but also it provides a minimal way to
> > > > compare specs from ELF vs pinned object.
> > > > 
> > > > Signed-off-by: Daniel Borkmann <daniel@...earbox.net>
> > > 
> > > Acked-by: Hannes Frederic Sowa <hannes@...essinduktion.org>
> > > 
> > > Does it make sense to include bpf_htab->count in case of a hashmap?
> > 
> > no. user space should not rely on such things. It can only be misused.
> 
> Sorry, I don't get it. How can it be misused? As an admin it would
> certainly be interesting to know the pressure on the map? Do you expect
> kmsg messages from the eBPF program?

If user space can be see both 'count' and 'max_entries', it can be very
tempting to start assuming 'full' and 'empty' state of the map which will
lead to race conditions and bad design.
bpf programs and maps are inherently multi-thread and concurrent.
If userapp wants to do the counting of elements it needs to do so on its own
and shoot itself in the foot eventually.
For the same reason I don't want to see BPF_MAP_GET_COUNT command.

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists