lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 14 May 2020 10:02:00 +0200 From: Daniel Borkmann <daniel@...earbox.net> To: John Fastabend <john.fastabend@...il.com>, ast@...nel.org Cc: lmb@...udflare.com, bpf@...r.kernel.org, jakub@...udflare.com, netdev@...r.kernel.org Subject: Re: [bpf-next PATCH 2/3] bpf: sk_msg helpers for probe_* and *current_task* On 5/13/20 9:24 PM, John Fastabend wrote: > Often it is useful when applying policy to know something about the > task. If the administrator has CAP_SYS_ADMIN rights then they can > use kprobe + sk_msg and link the two programs together to accomplish > this. However, this is a bit clunky and also means we have to call > sk_msg program and kprobe program when we could just use a single > program and avoid passing metadata through sk_msg/skb, socket, etc. > > To accomplish this add probe_* helpers to sk_msg programs guarded > by a CAP_SYS_ADMIN check. New supported helpers are the following, > > BPF_FUNC_get_current_task > BPF_FUNC_current_task_under_cgroup > BPF_FUNC_probe_read_user > BPF_FUNC_probe_read_kernel > BPF_FUNC_probe_read > BPF_FUNC_probe_read_user_str > BPF_FUNC_probe_read_kernel_str > BPF_FUNC_probe_read_str Given the current discussion in the other thread with Linus et al, please don't add more users for BPF_FUNC_probe_read and BPF_FUNC_probe_read_str as I'm cooking up a patch to disable them on non-x86, and cleanups from Christoph would make them less efficient than the *_user/_kernel{,_str}() versions anyway, so lets only add the latter. Thanks, Daniel
Powered by blists - more mailing lists