lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20190703072830.GE3033@kroah.com>
Date:   Wed, 3 Jul 2019 09:28:30 +0200
From:   Greg KH <gregkh@...uxfoundation.org>
To:     Andrii Nakryiko <andrii.nakryiko@...il.com>
Cc:     Song Liu <songliubraving@...com>,
        Networking <netdev@...r.kernel.org>, bpf <bpf@...r.kernel.org>,
        Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        Kernel Team <kernel-team@...com>,
        Lorenz Bauer <lmb@...udflare.com>, Jann Horn <jannh@...gle.com>
Subject: Re: [PATCH v2 bpf-next 1/4] bpf: unprivileged BPF access via /dev/bpf

On Tue, Jul 02, 2019 at 12:22:56PM -0700, Andrii Nakryiko wrote:
> On Thu, Jun 27, 2019 at 1:20 PM Song Liu <songliubraving@...com> wrote:
> >
> > This patch introduce unprivileged BPF access. The access control is
> > achieved via device /dev/bpf. Users with write access to /dev/bpf are able
> > to call sys_bpf().
> >
> > Two ioctl command are added to /dev/bpf:
> >
> > The two commands enable/disable permission to call sys_bpf() for current
> > task. This permission is noted by bpf_permitted in task_struct. This
> > permission is inherited during clone(CLONE_THREAD).
> >
> > Helper function bpf_capable() is added to check whether the task has got
> > permission via /dev/bpf.
> >
> > Signed-off-by: Song Liu <songliubraving@...com>
> > ---
> >  Documentation/ioctl/ioctl-number.txt |  1 +
> >  include/linux/bpf.h                  | 11 +++++
> >  include/linux/sched.h                |  3 ++
> >  include/uapi/linux/bpf.h             |  6 +++
> >  kernel/bpf/arraymap.c                |  2 +-
> >  kernel/bpf/cgroup.c                  |  2 +-
> >  kernel/bpf/core.c                    |  4 +-
> >  kernel/bpf/cpumap.c                  |  2 +-
> >  kernel/bpf/devmap.c                  |  2 +-
> >  kernel/bpf/hashtab.c                 |  4 +-
> >  kernel/bpf/lpm_trie.c                |  2 +-
> >  kernel/bpf/offload.c                 |  2 +-
> >  kernel/bpf/queue_stack_maps.c        |  2 +-
> >  kernel/bpf/reuseport_array.c         |  2 +-
> >  kernel/bpf/stackmap.c                |  2 +-
> >  kernel/bpf/syscall.c                 | 71 +++++++++++++++++++++-------
> >  kernel/bpf/verifier.c                |  2 +-
> >  kernel/bpf/xskmap.c                  |  2 +-
> >  kernel/fork.c                        |  5 ++
> >  net/core/filter.c                    |  6 +--
> >  20 files changed, 99 insertions(+), 34 deletions(-)
> >
> > diff --git a/Documentation/ioctl/ioctl-number.txt b/Documentation/ioctl/ioctl-number.txt
> > index c9558146ac58..19998b99d603 100644
> > --- a/Documentation/ioctl/ioctl-number.txt
> > +++ b/Documentation/ioctl/ioctl-number.txt
> > @@ -327,6 +327,7 @@ Code  Seq#(hex)     Include File            Comments
> >  0xB4   00-0F   linux/gpio.h            <mailto:linux-gpio@...r.kernel.org>
> >  0xB5   00-0F   uapi/linux/rpmsg.h      <mailto:linux-remoteproc@...r.kernel.org>
> >  0xB6   all     linux/fpga-dfl.h
> > +0xBP   01-02   uapi/linux/bpf.h        <mailto:bpf@...r.kernel.org>
> 
> should this be 0xBF?

Why?  It can be whatever the developer wants :)

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ