From: Greg KH <gregkh@linuxfoundation.org>
To: Andrii Nakryiko <andrii.nakryiko@gmail.com>
Cc: Song Liu <songliubraving@fb.com>,
Networking <netdev@vger.kernel.org>, bpf <bpf@vger.kernel.org>,
Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Kernel Team <kernel-team@fb.com>,
Lorenz Bauer <lmb@cloudflare.com>, Jann Horn <jannh@google.com>
Subject: Re: [PATCH v2 bpf-next 1/4] bpf: unprivileged BPF access via /dev/bpf
Date: Wed, 3 Jul 2019 09:28:30 +0200 [thread overview]
Message-ID: <20190703072830.GE3033@kroah.com> (raw)
In-Reply-To: <CAEf4Bzb4ASMSNR0h+xgQHKEPryCtQnqFxtLnPvKuT4ME0eoe1Q@mail.gmail.com>
On Tue, Jul 02, 2019 at 12:22:56PM -0700, Andrii Nakryiko wrote:
> On Thu, Jun 27, 2019 at 1:20 PM Song Liu <songliubraving@fb.com> wrote:
> >
> > This patch introduce unprivileged BPF access. The access control is
> > achieved via device /dev/bpf. Users with write access to /dev/bpf are able
> > to call sys_bpf().
> >
> > Two ioctl command are added to /dev/bpf:
> >
> > The two commands enable/disable permission to call sys_bpf() for current
> > task. This permission is noted by bpf_permitted in task_struct. This
> > permission is inherited during clone(CLONE_THREAD).
> >
> > Helper function bpf_capable() is added to check whether the task has got
> > permission via /dev/bpf.
> >
> > Signed-off-by: Song Liu <songliubraving@fb.com>
> > ---
> > Documentation/ioctl/ioctl-number.txt | 1 +
> > include/linux/bpf.h | 11 +++++
> > include/linux/sched.h | 3 ++
> > include/uapi/linux/bpf.h | 6 +++
> > kernel/bpf/arraymap.c | 2 +-
> > kernel/bpf/cgroup.c | 2 +-
> > kernel/bpf/core.c | 4 +-
> > kernel/bpf/cpumap.c | 2 +-
> > kernel/bpf/devmap.c | 2 +-
> > kernel/bpf/hashtab.c | 4 +-
> > kernel/bpf/lpm_trie.c | 2 +-
> > kernel/bpf/offload.c | 2 +-
> > kernel/bpf/queue_stack_maps.c | 2 +-
> > kernel/bpf/reuseport_array.c | 2 +-
> > kernel/bpf/stackmap.c | 2 +-
> > kernel/bpf/syscall.c | 71 +++++++++++++++++++++-------
> > kernel/bpf/verifier.c | 2 +-
> > kernel/bpf/xskmap.c | 2 +-
> > kernel/fork.c | 5 ++
> > net/core/filter.c | 6 +--
> > 20 files changed, 99 insertions(+), 34 deletions(-)
> >
> > diff --git a/Documentation/ioctl/ioctl-number.txt b/Documentation/ioctl/ioctl-number.txt
> > index c9558146ac58..19998b99d603 100644
> > --- a/Documentation/ioctl/ioctl-number.txt
> > +++ b/Documentation/ioctl/ioctl-number.txt
> > @@ -327,6 +327,7 @@ Code Seq#(hex) Include File Comments
> > 0xB4 00-0F linux/gpio.h <mailto:linux-gpio@vger.kernel.org>
> > 0xB5 00-0F uapi/linux/rpmsg.h <mailto:linux-remoteproc@vger.kernel.org>
> > 0xB6 all linux/fpga-dfl.h
> > +0xBP 01-02 uapi/linux/bpf.h <mailto:bpf@vger.kernel.org>
>
> should this be 0xBF?
Why? It can be whatever the developer wants :)
thanks,
greg k-h
next prev parent reply other threads:[~2019-07-03 7:28 UTC|newest]
Thread overview: 94+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-27 20:19 [PATCH v2 bpf-next 0/4] sys_bpf() access control via /dev/bpf Song Liu
2019-06-27 20:19 ` [PATCH v2 bpf-next 1/4] bpf: unprivileged BPF access " Song Liu
2019-06-27 23:40 ` Andy Lutomirski
2019-06-27 23:42 ` Andy Lutomirski
2019-06-28 10:28 ` Christian Brauner
2019-06-28 9:05 ` Lorenz Bauer
2019-06-28 19:04 ` Song Liu
2019-06-30 0:12 ` Andy Lutomirski
2019-07-01 9:03 ` Song Liu
2019-07-02 1:59 ` Andy Lutomirski
2019-07-02 18:24 ` Kees Cook
2019-07-02 21:32 ` Andy Lutomirski
2019-07-02 23:48 ` Song Liu
2019-07-22 20:53 ` Song Liu
2019-07-23 10:45 ` Lorenz Bauer
2019-07-23 15:11 ` Andy Lutomirski
2019-07-23 22:56 ` Song Liu
2019-07-24 1:40 ` Andy Lutomirski
2019-07-24 6:30 ` Song Liu
2019-07-27 18:20 ` Song Liu
2019-07-30 5:07 ` Song Liu
2019-07-30 20:24 ` Andy Lutomirski
2019-07-31 8:10 ` Song Liu
2019-07-31 19:09 ` Andy Lutomirski
2019-08-02 7:21 ` Song Liu
2019-08-04 22:16 ` Andy Lutomirski
2019-08-05 0:08 ` Andy Lutomirski
2019-08-05 5:47 ` Andy Lutomirski
2019-08-05 7:36 ` Song Liu
2019-08-05 17:23 ` Andy Lutomirski
2019-08-05 19:21 ` Alexei Starovoitov
2019-08-05 21:25 ` Andy Lutomirski
2019-08-05 22:21 ` Andy Lutomirski
2019-08-06 1:11 ` Alexei Starovoitov
2019-08-07 5:24 ` Andy Lutomirski
2019-08-07 9:03 ` Lorenz Bauer
2019-08-07 13:52 ` Andy Lutomirski
2019-08-13 21:58 ` Alexei Starovoitov
2019-08-13 22:26 ` Daniel Colascione
2019-08-13 23:24 ` Andy Lutomirski
2019-08-13 23:06 ` Andy Lutomirski
2019-08-14 0:57 ` Alexei Starovoitov
2019-08-14 17:51 ` Andy Lutomirski
2019-08-14 22:05 ` Alexei Starovoitov
2019-08-14 22:30 ` Andy Lutomirski
2019-08-14 23:33 ` Alexei Starovoitov
2019-08-14 23:59 ` Andy Lutomirski
2019-08-15 0:36 ` Alexei Starovoitov
2019-08-15 11:24 ` Jordan Glover
2019-08-15 17:28 ` Alexei Starovoitov
2019-08-15 18:36 ` Andy Lutomirski
2019-08-15 23:08 ` Alexei Starovoitov
2019-08-16 9:34 ` Jordan Glover
2019-08-16 9:59 ` Thomas Gleixner
2019-08-16 11:33 ` Jordan Glover
2019-08-16 19:52 ` Alexei Starovoitov
2019-08-16 20:28 ` Thomas Gleixner
2019-08-17 15:02 ` Alexei Starovoitov
2019-08-17 15:44 ` Andy Lutomirski
2019-08-17 15:44 ` Andy Lutomirski
2019-08-19 9:15 ` Thomas Gleixner
2019-08-19 17:27 ` Alexei Starovoitov
2019-08-19 17:38 ` Andy Lutomirski
2019-08-19 17:38 ` Andy Lutomirski
2019-08-15 18:43 ` Jordan Glover
2019-08-15 19:46 ` Kees Cook
2019-08-15 23:46 ` Alexei Starovoitov
2019-08-16 0:54 ` Andy Lutomirski
2019-08-16 5:56 ` Song Liu
2019-08-16 21:45 ` Alexei Starovoitov
2019-08-16 22:22 ` Christian Brauner
2019-08-17 15:08 ` Alexei Starovoitov
2019-08-17 15:16 ` Christian Brauner
2019-08-17 15:36 ` Alexei Starovoitov
2019-08-17 15:42 ` Christian Brauner
2019-08-22 14:17 ` Daniel Borkmann
2019-08-22 15:16 ` Andy Lutomirski
2019-08-22 15:17 ` RFC: very rough draft of a bpf permission model Andy Lutomirski
2019-08-22 23:26 ` Alexei Starovoitov
2019-08-23 23:09 ` Andy Lutomirski
2019-08-26 22:36 ` Alexei Starovoitov
2019-08-27 0:05 ` Andy Lutomirski
2019-08-27 0:34 ` Alexei Starovoitov
2019-08-22 22:48 ` [PATCH v2 bpf-next 1/4] bpf: unprivileged BPF access via /dev/bpf Alexei Starovoitov
2019-07-30 20:20 ` Andy Lutomirski
2019-07-31 7:44 ` Song Liu
2019-06-28 9:01 ` Lorenz Bauer
2019-06-28 19:10 ` Song Liu
2019-07-01 9:34 ` Lorenz Bauer
2019-07-02 19:22 ` Andrii Nakryiko
2019-07-03 7:28 ` Greg KH [this message]
2019-06-27 20:19 ` [PATCH v2 bpf-next 2/4] bpf: sync tools/include/uapi/linux/bpf.h Song Liu
2019-06-27 20:19 ` [PATCH v2 bpf-next 3/4] libbpf: add libbpf_[enable|disable]_sys_bpf() Song Liu
2019-06-27 20:19 ` [PATCH v2 bpf-next 4/4] bpftool: use libbpf_[enable|disable]_sys_bpf() Song Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190703072830.GE3033@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=andrii.nakryiko@gmail.com \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=jannh@google.com \
--cc=kernel-team@fb.com \
--cc=lmb@cloudflare.com \
--cc=netdev@vger.kernel.org \
--cc=songliubraving@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.