lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20160827000325.GA29480@ast-mbp.thefacebook.com> Date: Fri, 26 Aug 2016 17:03:27 -0700 From: Alexei Starovoitov <alexei.starovoitov@...il.com> To: Daniel Mack <daniel@...que.org> Cc: htejun@...com, daniel@...earbox.net, ast@...com, davem@...emloft.net, kafai@...com, fw@...len.de, pablo@...filter.org, harald@...hat.com, netdev@...r.kernel.org, sargun@...gun.me Subject: Re: [PATCH v3 2/6] cgroup: add support for eBPF programs On Fri, Aug 26, 2016 at 09:58:48PM +0200, Daniel Mack wrote: > This patch adds two sets of eBPF program pointers to struct cgroup. > One for such that are directly pinned to a cgroup, and one for such > that are effective for it. > > To illustrate the logic behind that, assume the following example > cgroup hierarchy. > > A - B - C > \ D - E > > If only B has a program attached, it will be effective for B, C, D > and E. If D then attaches a program itself, that will be effective for > both D and E, and the program in B will only affect B and C. Only one > program of a given type is effective for a cgroup. > > Attaching and detaching programs will be done through the bpf(2) > syscall. For now, ingress and egress inet socket filtering are the > only supported use-cases. > > Signed-off-by: Daniel Mack <daniel@...que.org> ... > + css_for_each_descendant_pre(pos, &cgrp->self) { > + struct cgroup *desc = container_of(pos, struct cgroup, self); > + > + /* skip the subtree if the descendant has its own program */ > + if (desc->bpf.prog[type] && desc != cgrp) is desc != cgrp really needed? I thought css_for_each_descendant_pre() shouldn't walk itself or I'm missing how it works. > + pos = css_rightmost_descendant(pos); > + else > + rcu_assign_pointer(desc->bpf.effective[type], > + effective); > + } > +} > +
Powered by blists - more mailing lists