| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1508309791.2674.1.camel@sipsolutions.net>
Date: Wed, 18 Oct 2017 08:56:31 +0200
From: Johannes Berg <johannes@...solutions.net>
To: Alexei Starovoitov <alexei.starovoitov@...il.com>
Cc: netdev <netdev@...r.kernel.org>,
Daniel Borkmann <daniel@...earbox.net>,
linux-wireless <linux-wireless@...r.kernel.org>
Subject: Re: using verifier to ensure a BPF program uses certain metadata?
Hi Alexei,
> > https://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next
> > .git/log/?h=bpf
>
> bpf bits looks pretty straightforward.
Thanks for looking at this!
> attach looks fine too. I'm assuming there is some rtnl or other lock,
> so multiple assigns cannot race?
Yes.
> It's missing query interface though.
> Please add support to return prog_id.
Good point, this is about half a year old, so ... :)
[...]
> > Now, I realize that people could trivially just work around this in
> > their program if they wanted, but I think most will take the
> > reminder
> > and just implement
> >
> > if (ctx->is_data_ethernet)
> > return DROP_FRAME;
> >
> > instead, since mostly data frames will not be very relevant to
> > them.
> >
> > What do you think?
>
> sounds fine and considering new verifier ops after Jakub refactoring
> a check that is_data_ethernet was accessed would fit nicely.
> Without void** hack.
Ok, thanks! I'll have to check what Jakub is doing there, do you have a
pointer to that refactoring?
johannes
Powered by blists - more mailing lists