From: Steven Rostedt <rostedt@goodmis.org>
To: Alexei Starovoitov <alexei.starovoitov@gmail.com>
Cc: Kees Cook <keescook@chromium.org>,
Andy Lutomirski <luto@amacapital.net>,
Andy Lutomirski <luto@kernel.org>,
Alexei Starovoitov <ast@kernel.org>,
LSM List <linux-security-module@vger.kernel.org>,
James Morris <jmorris@namei.org>, Jann Horn <jannh@google.com>,
Peter Zijlstra <peterz@infradead.org>,
Masami Hiramatsu <mhiramat@kernel.org>,
"David S. Miller" <davem@davemloft.net>,
Daniel Borkmann <daniel@iogearbox.net>,
Network Development <netdev@vger.kernel.org>,
bpf <bpf@vger.kernel.org>, kernel-team <kernel-team@fb.com>,
Linux API <linux-api@vger.kernel.org>
Subject: Re: [PATCH bpf-next] bpf, capabilities: introduce CAP_BPF
Date: Tue, 1 Oct 2019 18:10:52 -0400 [thread overview]
Message-ID: <20191001181052.43c9fabb@gandalf.local.home> (raw)
In-Reply-To: <20191001012226.vwpe56won5r7gbrz@ast-mbp.dhcp.thefacebook.com>
On Mon, 30 Sep 2019 18:22:28 -0700
Alexei Starovoitov <alexei.starovoitov@gmail.com> wrote:
> tracefs is a file system, so clearly file based acls are much better fit
> for all tracefs operations.
> But that is not the case for ftrace overall.
> bpf_trace_printk() calls trace_printk() that dumps into trace pipe.
> Technically it's ftrace operation, but it cannot be controlled by tracefs
> and by file permissions. That's the motivation to guard bpf_trace_printk()
> usage from bpf program with CAP_TRACING.
BTW, I'd rather have bpf use an event that records a string than using
trace printk itself.
Perhaps something like "bpf_print" event? That could be defined like:
TRACE_EVENT(bpf_print,
TP_PROTO(const char *msg),
TP_ARGS(msg),
TP_STRUCT__entry(
__string(msg, msg)
),
TP_fast_assign(
__assign_str(msg, msg)
),
TP_printk("msg=%s", __get_str(msg))
);
And then you can just format the string from the bpf_trace_printk()
into msg, and then have:
trace_bpf_print(msg);
The user could then just enable the trace event from the file system. I
could also work on making instances work like /tmp does (with the
sticky bit) in creation. That way people with write access to the
instances directory, can make their own buffers that they can use (and
others can't access).
>
> Both 'trace' and 'trace_pipe' have quirky side effects.
> Like opening 'trace' file will make all parallel trace_printk() to be ignored.
> While reading 'trace_pipe' file will clear it.
> The point that traditional 'read' and 'write' ACLs don't map as-is
> to tracefs, so I would be careful categorizing things into
> confidentiality vs integrity only based on access type.
What exactly is the bpf_trace_printk() used for? I may have other ideas
that can help.
-- Steve
next prev parent reply other threads:[~2019-10-01 22:10 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20190827205213.456318-1-ast@kernel.org>
2019-08-27 23:01 ` [PATCH bpf-next] bpf, capabilities: introduce CAP_BPF Andy Lutomirski
2019-08-27 23:21 ` Steven Rostedt
2019-08-27 23:34 ` Andy Lutomirski
2019-08-28 0:44 ` Steven Rostedt
2019-08-28 1:12 ` Andy Lutomirski
2019-08-28 2:22 ` Steven Rostedt
2019-08-28 0:38 ` Alexei Starovoitov
2019-08-28 3:30 ` Masami Hiramatsu
2019-08-28 4:47 ` Alexei Starovoitov
2019-08-28 0:34 ` Alexei Starovoitov
2019-08-28 0:55 ` Andy Lutomirski
2019-08-28 2:00 ` Andy Lutomirski
2019-08-28 4:49 ` Alexei Starovoitov
2019-08-28 6:20 ` Andy Lutomirski
2019-08-28 23:38 ` Alexei Starovoitov
2019-08-29 0:58 ` Andy Lutomirski
2019-08-28 4:43 ` Alexei Starovoitov
2019-08-28 6:12 ` Andy Lutomirski
2019-08-28 22:55 ` Alexei Starovoitov
2019-08-29 0:45 ` Andy Lutomirski
2019-08-29 0:53 ` Andy Lutomirski
2019-08-29 4:07 ` Alexei Starovoitov
2019-09-28 23:37 ` Steven Rostedt
2019-09-30 18:31 ` Kees Cook
2019-10-01 1:22 ` Alexei Starovoitov
2019-10-01 22:10 ` Steven Rostedt [this message]
2019-10-01 22:18 ` Alexei Starovoitov
2019-10-01 22:47 ` Steven Rostedt
2019-10-02 17:18 ` Alexei Starovoitov
2019-10-02 23:00 ` Steven Rostedt
2019-10-03 16:18 ` trace_printk issue. Was: " Alexei Starovoitov
2019-10-03 16:41 ` Steven Rostedt
2019-10-04 19:56 ` Alexei Starovoitov
2019-10-03 6:12 ` Masami Hiramatsu
2019-10-03 16:20 ` Alexei Starovoitov
2019-08-28 7:14 ` Peter Zijlstra
2019-08-28 22:08 ` Alexei Starovoitov
2019-08-29 13:34 ` Steven Rostedt
2019-08-29 15:43 ` Andy Lutomirski
2019-08-29 17:23 ` Alexei Starovoitov
2019-08-29 17:36 ` Andy Lutomirski
2019-08-29 17:49 ` Steven Rostedt
2019-08-29 17:19 ` Alexei Starovoitov
2019-08-29 17:47 ` Steven Rostedt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191001181052.43c9fabb@gandalf.local.home \
--to=rostedt@goodmis.org \
--cc=alexei.starovoitov@gmail.com \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=jannh@google.com \
--cc=jmorris@namei.org \
--cc=keescook@chromium.org \
--cc=kernel-team@fb.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=luto@kernel.org \
--cc=mhiramat@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=peterz@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).