| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <88553967-9af2-1fb6-e98c-14113739c345@iogearbox.net> Date: Fri, 28 Sep 2018 14:16:43 +0200 From: Daniel Borkmann <daniel@...earbox.net> To: Roman Gushchin <guro@...com>, Yonghong Song <yhs@...com> Cc: ast@...com, netdev@...r.kernel.org, kernel-team@...com Subject: Re: [PATCH bpf-next] bpf: permit CGROUP_DEVICE programs accessing helper bpf_get_current_cgroup_id() On 09/28/2018 11:53 AM, Roman Gushchin wrote: > On Thu, Sep 27, 2018 at 02:37:30PM -0700, Yonghong Song wrote: >> Currently, helper bpf_get_current_cgroup_id() is not permitted >> for CGROUP_DEVICE type of programs. If the helper is used >> in such cases, the verifier will log the following error: >> >> 0: (bf) r6 = r1 >> 1: (69) r7 = *(u16 *)(r6 +0) >> 2: (85) call bpf_get_current_cgroup_id#80 >> unknown func bpf_get_current_cgroup_id#80 >> >> The bpf_get_current_cgroup_id() is useful for CGROUP_DEVICE >> type of programs in order to customize action based on cgroup id. >> This patch added such a support. >> >> Cc: Roman Gushchin <guro@...com> >> Signed-off-by: Yonghong Song <yhs@...com> > > Acked-by: Roman Gushchin <guro@...com> Applied to bpf-next, thanks!
Powered by blists - more mailing lists