| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <45259b64-8db9-7cd8-e4f4-0b00b5370d3b@fb.com>
Date: Tue, 3 Sep 2019 20:36:49 +0000
From: Yonghong Song <yhs@...com>
To: Carlos Antonio Neira Bustos <cneirabustos@...il.com>
CC: "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
Eric Biederman <ebiederm@...ssion.com>,
"brouer@...hat.com" <brouer@...hat.com>,
"bpf@...r.kernel.org" <bpf@...r.kernel.org>
Subject: Re: [PATCH bpf-next V9 1/3] bpf: new helper to obtain namespace data
from current task
On 9/3/19 11:45 AM, Carlos Antonio Neira Bustos wrote:
> Hi Yonghong,
>
>>> Yes, the samples/bpf test case can be removed.
>>> Could you create a selftest with tracpoint net/netif_receive_skb, which
>>> also uses the proposed helper? net/netif_receive_skb will happen in
>>> interrupt context and it should catch the issue as well if
>>> filename_lookup still get called in interrupt context.
>>
> For this one scenario I just created another selftest with the only difference
> that the tracepoint is /net/netif_receive_skb so this fails with -EPERM.
> Is that enough?.
This should be fine.
>
> I have made this comment on include/uapi/linux/bpf.h, maybe is too terse?
>
> struct bpf_pidns_info {
> __u32 dev; /* dev_t from /proc/self/ns/pid inode */
> __u32 nsid;
> __u32 tgid;
> __u32 pid;
> };
Let us keep the above for now. I may have further comments based on
your test code which uses "dev".
>
> I'm only missing clearing out those questions to be ready to submit v11 of this patch.
Please go ahead to submit the new version.
Thanks.
Powered by blists - more mailing lists