lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 25 May 2020 14:15:32 +0200 From: Toke Høiland-Jørgensen <toke@...hat.com> To: David Ahern <dsahern@...il.com>, David Ahern <dsahern@...nel.org>, netdev@...r.kernel.org Cc: davem@...emloft.net, kuba@...nel.org, brouer@...hat.com, daniel@...earbox.net, john.fastabend@...il.com, ast@...nel.org, kafai@...com, songliubraving@...com, yhs@...com, andriin@...com Subject: Re: [PATCH RFC bpf-next 0/4] bpf: Add support for XDP programs in DEVMAPs David Ahern <dsahern@...il.com> writes: > On 5/22/20 9:59 AM, Toke Høiland-Jørgensen wrote: >> David Ahern <dsahern@...nel.org> writes: >> >>> Implementation of Daniel's proposal for allowing DEVMAP entries to be >>> a device index, program id pair. Daniel suggested an fd to specify the >>> program, but that seems odd to me that you insert the value as an fd, but >>> read it back as an id since the fd can be closed. >> >> While I can be sympathetic to the argument that it seems odd, every >> other API uses FD for insert and returns ID, so why make it different >> here? Also, the choice has privilege implications, since the CAP_BPF >> series explicitly makes going from ID->FD a more privileged operation >> than just querying the ID. >> > > I do not like the model where the kernel changes the value the user > pushed down. Yet it's what we do in every other interface where a user needs to supply a program, including in prog array maps. So let's not create a new inconsistent interface here... -Toke
Powered by blists - more mailing lists