From: Jesper Dangaard Brouer <brouer@redhat.com>
To: "Toke Høiland-Jørgensen" <toke@redhat.com>
Cc: David Ahern <dsahern@gmail.com>, David Ahern <dsahern@kernel.org>,
netdev@vger.kernel.org, davem@davemloft.net, kuba@kernel.org,
daniel@iogearbox.net, john.fastabend@gmail.com, ast@kernel.org,
kafai@fb.com, songliubraving@fb.com, yhs@fb.com, andriin@fb.com,
brouer@redhat.com
Subject: Re: [PATCH RFC bpf-next 0/4] bpf: Add support for XDP programs in DEVMAPs
Date: Mon, 25 May 2020 14:47:52 +0200 [thread overview]
Message-ID: <20200525144752.3e87f8cd@carbon> (raw)
In-Reply-To: <87v9kki523.fsf@toke.dk>
On Mon, 25 May 2020 14:15:32 +0200
Toke Høiland-Jørgensen <toke@redhat.com> wrote:
> David Ahern <dsahern@gmail.com> writes:
>
> > On 5/22/20 9:59 AM, Toke Høiland-Jørgensen wrote:
> >> David Ahern <dsahern@kernel.org> writes:
> >>
> >>> Implementation of Daniel's proposal for allowing DEVMAP entries to be
> >>> a device index, program id pair. Daniel suggested an fd to specify the
> >>> program, but that seems odd to me that you insert the value as an fd, but
> >>> read it back as an id since the fd can be closed.
> >>
> >> While I can be sympathetic to the argument that it seems odd, every
> >> other API uses FD for insert and returns ID, so why make it different
> >> here? Also, the choice has privilege implications, since the CAP_BPF
> >> series explicitly makes going from ID->FD a more privileged operation
> >> than just querying the ID.
Sorry, I don't follow.
Can someone explain why is inserting an ID is a privilege problem?
> >
> > I do not like the model where the kernel changes the value the user
> > pushed down.
>
> Yet it's what we do in every other interface where a user needs to
> supply a program, including in prog array maps. So let's not create a
> new inconsistent interface here...
I sympathize with Ahern on this. It seems very weird to insert/write
one value-type, but read another value-type.
--
Best regards,
Jesper Dangaard Brouer
MSc.CS, Principal Kernel Engineer at Red Hat
LinkedIn: http://www.linkedin.com/in/brouer
next prev parent reply other threads:[~2020-05-25 12:48 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-22 1:05 [PATCH RFC bpf-next 0/4] bpf: Add support for XDP programs in DEVMAPs David Ahern
2020-05-22 1:05 ` [PATCH RFC bpf-next 1/4] bpf: Handle 8-byte values in DEVMAP and DEVMAP_HASH David Ahern
2020-05-22 12:08 ` Jesper Dangaard Brouer
2020-05-22 16:04 ` Jesper Dangaard Brouer
2020-05-22 18:11 ` David Ahern
2020-05-22 1:05 ` [PATCH RFC bpf-next 2/4] bpf: Add support to attach bpf program to a devmap David Ahern
2020-05-22 16:02 ` Toke Høiland-Jørgensen
2020-05-22 17:45 ` David Ahern
2020-05-22 1:05 ` [PATCH RFC bpf-next 3/4] xdp: Add xdp_txq_info to xdp_buff David Ahern
2020-05-22 16:04 ` Toke Høiland-Jørgensen
2020-05-22 17:45 ` David Ahern
2020-05-22 1:05 ` [PATCH RFC bpf-next 4/4] bpftool: Add SEC name for xdp programs attached to device map David Ahern
2020-05-22 11:17 ` [PATCH RFC bpf-next 0/4] bpf: Add support for XDP programs in DEVMAPs Jesper Dangaard Brouer
2020-05-22 15:59 ` Toke Høiland-Jørgensen
2020-05-22 17:46 ` David Ahern
2020-05-25 12:15 ` Toke Høiland-Jørgensen
2020-05-25 12:47 ` Jesper Dangaard Brouer [this message]
2020-05-25 12:56 ` Toke Høiland-Jørgensen
2020-05-26 23:36 ` Daniel Borkmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200525144752.3e87f8cd@carbon \
--to=brouer@redhat.com \
--cc=andriin@fb.com \
--cc=ast@kernel.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=dsahern@gmail.com \
--cc=dsahern@kernel.org \
--cc=john.fastabend@gmail.com \
--cc=kafai@fb.com \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=songliubraving@fb.com \
--cc=toke@redhat.com \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.