lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 1 Nov 2017 11:20:33 -0400
From:   Roman Gushchin <guro@...com>
To:     <netdev@...r.kernel.org>
CC:     Tejun Heo <tj@...nel.org>, Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        <linux-kernel@...r.kernel.org>, Roman Gushchin <guro@...com>
Subject: [PATCH net-next 0/4] eBPF-based device cgroup controller

This patchset introduces an eBPF-based device controller for cgroup v2.

Patch (1) is a preparational work required to share some code with
  the existing device controller implementation.
Patch (2) is the main patch, which introduces a new bpf prog type
  and all necessary infrastructure.
Patch (3) moves cgroup_helpers.c/h to use them by patch (4).
Patch (4) implements an example of eBPF program which controls access
  to device files and corresponding userspace test.

Roman Gushchin (4):
  device_cgroup: prepare code for bpf-based device controller
  bpf, cgroup: implement eBPF-based device controller for cgroup v2
  bpf: move cgroup_helpers from samples/bpf/ to
    tools/testing/selftesting/bpf/
  selftests/bpf: add a test for device cgroup controller

 include/linux/bpf-cgroup.h                         | 15 ++++
 include/linux/bpf_types.h                          |  3 +
 include/linux/device_cgroup.h                      | 67 +++++++++++++++-
 include/uapi/linux/bpf.h                           | 15 ++++
 kernel/bpf/cgroup.c                                | 67 ++++++++++++++++
 kernel/bpf/syscall.c                               |  7 ++
 kernel/bpf/verifier.c                              |  1 +
 samples/bpf/Makefile                               |  5 +-
 security/device_cgroup.c                           | 47 +----------
 tools/include/uapi/linux/bpf.h                     | 15 ++++
 tools/testing/selftests/bpf/Makefile               |  6 +-
 .../testing/selftests}/bpf/cgroup_helpers.c        |  0
 .../testing/selftests}/bpf/cgroup_helpers.h        |  0
 tools/testing/selftests/bpf/dev_cgroup.c           | 60 ++++++++++++++
 tools/testing/selftests/bpf/test_dev_cgroup.c      | 93 ++++++++++++++++++++++
 15 files changed, 347 insertions(+), 54 deletions(-)
 rename {samples => tools/testing/selftests}/bpf/cgroup_helpers.c (100%)
 rename {samples => tools/testing/selftests}/bpf/cgroup_helpers.h (100%)
 create mode 100644 tools/testing/selftests/bpf/dev_cgroup.c
 create mode 100644 tools/testing/selftests/bpf/test_dev_cgroup.c

-- 
2.13.6

Powered by blists - more mailing lists