lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 4 Sep 2015 13:17:47 -0700 From: Alexei Starovoitov <alexei.starovoitov@...il.com> To: Tycho Andersen <tycho.andersen@...onical.com> Cc: Kees Cook <keescook@...omium.org>, Alexei Starovoitov <ast@...nel.org>, Will Drewry <wad@...omium.org>, Oleg Nesterov <oleg@...hat.com>, Andy Lutomirski <luto@...capital.net>, Pavel Emelyanov <xemul@...allels.com>, "Serge E. Hallyn" <serge.hallyn@...ntu.com>, Daniel Borkmann <daniel@...earbox.net>, linux-kernel@...r.kernel.org, netdev@...r.kernel.org Subject: Re: [PATCH 1/6] ebpf: add a seccomp program type On Fri, Sep 04, 2015 at 10:04:19AM -0600, Tycho Andersen wrote: > seccomp uses eBPF as its underlying storage and execution format, and eBPF > has features that seccomp would like to make use of in the future. This > patch adds a formal seccomp type to the eBPF verifier. > > The current implementation of the seccomp eBPF type is very limited, and > doesn't support some interesting features (notably, maps) of eBPF. However, > the primary motivation for this patchset is to enable checkpoint/restore > for seccomp filters later in the series, to this limited feature set is ok > for now. yes. good compromise to start. > +static const struct bpf_func_proto * > +seccomp_func_proto(enum bpf_func_id func_id) > +{ > + /* Right now seccomp eBPF loading doesn't support maps; seccomp filters > + * are considered to be read-only after they're installed, so map fds > + * probably need to be invalidated when a seccomp filter with maps is > + * installed. Just disabling bpf_map_lookup/update() helpers (the way you did here) is enough. The prorgram can still have references to maps, but since they won't be accessed it's safe. > + * > + * The rest of these might be reasonable to call from seccomp, so we > + * export them. > + */ > + switch (func_id) { > + case BPF_FUNC_ktime_get_ns: > + return &bpf_ktime_get_ns_proto; > + case BPF_FUNC_trace_printk: > + return bpf_get_trace_printk_proto(); > + case BPF_FUNC_get_prandom_u32: > + return &bpf_get_prandom_u32_proto; > + case BPF_FUNC_get_smp_processor_id: > + return &bpf_get_smp_processor_id_proto; > + case BPF_FUNC_tail_call: > + return &bpf_tail_call_proto; > + case BPF_FUNC_get_current_pid_tgid: > + return &bpf_get_current_pid_tgid_proto; > + case BPF_FUNC_get_current_uid_gid: > + return &bpf_get_current_uid_gid_proto; > + case BPF_FUNC_get_current_comm: > + return &bpf_get_current_comm_proto; the list looks good to start with. > > +static u32 seccomp_convert_ctx_access(enum bpf_access_type type, int dst_reg, > + int src_reg, int ctx_off, > + struct bpf_insn *insn_buf) > +{ > + struct bpf_insn *insn = insn_buf; > + > + switch (ctx_off) { > + case offsetof(struct seccomp_data, nr): the conversion of seccomp_data fields is unnecessary. We're doing conversion for sk_buff, because sk_buff and __sk_buff aree two different structures. __sk_buff is user ABI with its own fields that losely correspond to in-kernel struct sk_buff. seccomp_data is already part of user ABI, so it's ok to access as-is. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists