lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAPhsuW5DP1x_wyzT1aYjpj3hxUs4uB8vdK9iEp=+i46QLotiOg@mail.gmail.com>
Date: Thu, 29 May 2025 14:07:31 -0700
From: Song Liu <song@...nel.org>
To: Al Viro <viro@...iv.linux.org.uk>
Cc: Jan Kara <jack@...e.cz>, bpf@...r.kernel.org, linux-fsdevel@...r.kernel.org, 
	linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, 
	kernel-team@...a.com, andrii@...nel.org, eddyz87@...il.com, ast@...nel.org, 
	daniel@...earbox.net, martin.lau@...ux.dev, brauner@...nel.org, 
	kpsingh@...nel.org, mattbobrowski@...gle.com, amir73il@...il.com, 
	repnop@...gle.com, jlayton@...nel.org, josef@...icpanda.com, mic@...ikod.net, 
	gnoack@...gle.com
Subject: Re: [PATCH bpf-next 3/4] bpf: Introduce path iterator

On Thu, May 29, 2025 at 1:15 PM Al Viro <viro@...iv.linux.org.uk> wrote:
>
> On Thu, May 29, 2025 at 12:46:00PM -0700, Song Liu wrote:
>
> > > Basically, you are creating a spot we will need to watch very carefully
> > > from now on.  And the rationale appears to include "so that we could
> > > expose that to random out-of-tree code that decided to call itself LSM",
> > > so pardon me for being rather suspicious about the details.
> >
> > No matter what we call them, these use cases exist, out-of-tree or
> > in-tree, as BPF programs or kernel modules. We are learning from
> > Landlock here, simply because it is probably the best way to achieve
> > this.
>
> If out-of-tree code breaks from something we do kernel-side, it's the
> problem of that out-of-tree code.  You are asking for a considerable
> buy-in, without even bothering to spell out what it is that we are
> supposed to care about supporting.
>
> If you want cooperation, explain what is needed, and do it first, so that
> there's no goalpost shifting afterwards.

We have made it very clear what is needed now: an iterator that iterates
towards the root. This has been discussed in LPC [1] and
LSF/MM/BPF [2].

We don't know what might be needed in the future. That's why nothing
is shared. If the problem is that this code looks extendible, we sure can
remove it for now. But we cannot promise there will never be use cases
that could benefit from a slightly different path iterator. Either way, if we
are adding/changing anything to the path iterator, you will always be
CC'ed. You are always welcome to NAK anything if there is real issue
with the code being developed.

Thanks,
Song


[1] https://lpc.events/event/18/contributions/1940/
[2] https://lwn.net/Articles/1018493/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ