| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 25 Aug 2016 15:37:37 -0400
From: Tejun Heo <htejun@...com>
To: Sargun Dhillon <sargun@...gun.me>
CC: Daniel Mack <daniel@...que.org>, <daniel@...earbox.net>,
<ast@...com>, <davem@...emloft.net>, <kafai@...com>,
<fw@...len.de>, <pablo@...filter.org>, <harald@...hat.com>,
<netdev@...r.kernel.org>
Subject: Re: [RFC PATCH 4/5] net: filter: run cgroup eBPF programs
Hello, Sargun.
On Sun, Aug 21, 2016 at 01:14:22PM -0700, Sargun Dhillon wrote:
> So, casually looking at this patch, it looks like you're relying on
> sock_cgroup_data, which only points to the default hierarchy. If someone uses
> net_prio or net_classid, cgroup_sk_alloc_disable is called, and this wont work
> anymore.
The requirement there comes from network side. In short, davem
(rightfuly) doesn't want further proliferation of cgroup association
fields in struct sock. It makes sense for network control too as it's
schizophrenic to have different associations depending on the specific
controller. Also, the v2 requirement shouldn't really get in the way
as it can be mounted as just another hierarchy along with other v1
hierarchies.
> Any ideas on how to work around that? Does it make sense to add another pointer
> to sock_cgroup_data, or at least a warning when allocation is disabled?
cgroup already warns when the association gets disabled due to usage
of netcls and netprio. We probably want to update the warning message
to include bpf too.
Thanks.
--
tejun
Powered by blists - more mailing lists