lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 31 Mar 2017 11:37:16 +0800 From: "Wangnan (F)" <wangnan0@...wei.com> To: Alexei Starovoitov <ast@...com>, "David S . Miller" <davem@...emloft.net> CC: Daniel Borkmann <daniel@...earbox.net>, Martin KaFai Lau <kafai@...com>, <netdev@...r.kernel.org>, <kernel-team@...com> Subject: Re: [PATCH net-next 1/6] bpf: introduce BPF_PROG_TEST_RUN command On 2017/3/31 11:24, Alexei Starovoitov wrote: > On 3/30/17 8:12 PM, Wangnan (F) wrote: >> >> >> On 2017/3/31 10:57, Alexei Starovoitov wrote: >>> On 3/30/17 7:53 PM, Wangnan (F) wrote: >>>> I suggest using a CONFIG option to enable/disable code in >>>> test_run.o to reduce attack plane. >>> >>> attack plane? what attack do you see and how config helps? >>> >> >> I think all testing features are not required to be compiled >> for a production system. A feature which should never be used >> looks dangerous to me. > > It is required on production system, since xdp testing and > xdp production has to use the same kernel. We cannot > keep rebooting the server back and forth to test and then to run. > It's not testing the kernel features, it's testing bpf programs > which are technically user space components. > Okay. Now I understand it is a production feature. Thank you.
Powered by blists - more mailing lists