lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20131205103840.GA20283@gmail.com>
Date:	Thu, 5 Dec 2013 11:38:40 +0100
From:	Ingo Molnar <mingo@...nel.org>
To:	Alexei Starovoitov <ast@...mgrid.com>
Cc:	Steven Rostedt <rostedt@...dmis.org>,
	Peter Zijlstra <a.p.zijlstra@...llo.nl>,
	"H. Peter Anvin" <hpa@...or.com>,
	Thomas Gleixner <tglx@...utronix.de>,
	Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>,
	Tom Zanussi <tom.zanussi@...ux.intel.com>,
	Jovi Zhangwei <jovi.zhangwei@...il.com>,
	Eric Dumazet <edumazet@...gle.com>,
	linux-kernel@...r.kernel.org,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Frédéric Weisbecker <fweisbec@...il.com>,
	Arnaldo Carvalho de Melo <acme@...radead.org>,
	Tom Zanussi <tzanussi@...il.com>,
	Pekka Enberg <penberg@....fi>,
	"David S. Miller" <davem@...emloft.net>,
	Arjan van de Ven <arjan@...radead.org>,
	Christoph Hellwig <hch@...radead.org>
Subject: Re: [RFC PATCH tip 0/5] tracing filters with BPF


* Alexei Starovoitov <ast@...mgrid.com> wrote:

> > I mean more than that, I mean the licensing of BFP filters a user 
> > can find on his own system's kernel should be very clear: by the 
> > act of loading a BFP script into the kernel the user doing the 
> > 'upload' gives permission for it to be redistributed on 
> > kernel-compatible license terms.
> >
> > The easiest way to achieve that is to make sure that all loaded 
> > BFP scripts are 'registered' and are dumpable, viewable and 
> > reusable. That's good for debugging and it's good for 
> > transparency.
> >
> > This means a minimal BFP decoder will have to be in the kernel as 
> > well, but that's OK, we actually have several x86 instruction 
> > decoder in the kernel already, so there's no complexity threshold.
> 
> sure. there is pr_info_bpf_insn() in bpf_run.c that dumps bpf insn in
> human readable format.
> I'll hook it up to trace_seq, so that "cat
> /sys/kernel/debug/.../filter" will dump it.
> 
> Also I'm thinking to add 'license_string' section to bpf binary format
> and call license_is_gpl_compatible() on it during load.
> If false, then just reject it…. not even messing with taint flags...
> That would be way stronger indication of bpf licensing terms than what
> we have for .ko

But will BFP tools generate such gpl-compatible license tags by 
default? If yes then this might work, combined with the facility 
below. If not then it's just a nuisance to users.

Also, 'tainting' is a non-issue here, as we don't want the kernel to 
load license-incompatible scripts at all. This should be made clear in 
the design of the facility and the tooling itself.

> >> wow. I guess if the whole thing takes off, we would need an 
> >> in-kernel directory to store upstreamed bpf filters as well :)
> >
> > I see no reason why not, but more importantly all currently loaded 
> > BFP scripts should be dumpable, displayable and reusable in a 
> > kernel license compatible fashion.
> 
> ok. will add global bpf list as well (was hesitating to do something 
> like this because of central lock)

A lock + list is no big issue here I think, we do such central lookup 
locks all the time. If it ever becomes measurable it can be made 
scalable via numerous techniques.

> and something in debugfs that dumps bodies of all currently loaded 
> filters.
> 
> Will that solve the concern?

My concern would be solved by adding a facility to always be able to 
dump source code as well, i.e. trivially transform it to C or so, so 
that people can review it - or just edit it on the fly, recompile and 
reinsert? Most BFP scripts ought to be pretty simple.

(For example the most common way to load OpenGL shaders is to load the 
GLSL source code and that source code can be queried after insertion 
as well, so this is not an unusual model for small plugin-alike 
scriptlets.)

Thanks,

	Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ