Re: [PATCH bpf-next 1/4] bpf: unprivileged BPF access via /dev/bpf

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Greg KH <gregkh@linuxfoundation.org>
To: Song Liu <songliubraving@fb.com>
Cc: Daniel Borkmann <daniel@iogearbox.net>,
	Networking <netdev@vger.kernel.org>, bpf <bpf@vger.kernel.org>,
	Alexei Starovoitov <ast@kernel.org>,
	Kernel Team <Kernel-team@fb.com>,
	"jannh@google.com" <jannh@google.com>
Subject: Re: [PATCH bpf-next 1/4] bpf: unprivileged BPF access via /dev/bpf
Date: Fri, 28 Jun 2019 01:00:32 +0800	[thread overview]
Message-ID: <20190627170032.GA10304@kroah.com> (raw)
In-Reply-To: <48E35F58-0DAD-40BA-993F-8AB76587A93B@fb.com>

On Thu, Jun 27, 2019 at 04:51:20PM +0000, Song Liu wrote:
> 
> 
> > On Jun 27, 2019, at 9:37 AM, Greg KH <gregkh@linuxfoundation.org> wrote:
> > 
> > On Thu, Jun 27, 2019 at 01:00:03AM +0000, Song Liu wrote:
> >> 
> >> 
> >>> On Jun 26, 2019, at 5:08 PM, Greg KH <gregkh@linuxfoundation.org> wrote:
> >>> 
> >>> On Wed, Jun 26, 2019 at 03:17:47PM +0000, Song Liu wrote:
> >>>>>> +static struct miscdevice bpf_dev = {
> >>>>>> +	.minor		= MISC_DYNAMIC_MINOR,
> >>>>>> +	.name		= "bpf",
> >>>>>> +	.fops		= &bpf_chardev_ops,
> >>>>>> +	.mode		= 0440,
> >>>>>> +	.nodename	= "bpf",
> >>>>> 
> >>>>> Here's what kvm does:
> >>>>> 
> >>>>> static struct miscdevice kvm_dev = {
> >>>>>      KVM_MINOR,
> >>>>>      "kvm",
> >>>>>      &kvm_chardev_ops,
> >>>>> };
> >>> 
> >>> Ick, I thought we converted all of these to named initializers a long
> >>> time ago :)
> >>> 
> >>>>> Is there an actual reason that mode is not 0 by default in bpf case? Why
> >>>>> we need to define nodename?
> >>>> 
> >>>> Based on my understanding, mode of 0440 is what we want. If we leave it 
> >>>> as 0, it will use default value of 0600. I guess we can just set it to 
> >>>> 0440, as user space can change it later anyway. 
> >>> 
> >>> Don't rely on userspace changing it, set it to what you want the
> >>> permissions to be in the kernel here, otherwise you have to create a new
> >>> udev rule and get it merged into all of the distros.  Just do it right
> >>> the first time and there is no need for it.
> >>> 
> >>> What is wrong with 0600 for this?  Why 0440?
> >> 
> >> We would like root to own the device, and let users in a certain group 
> >> to be able to open it. So 0440 is what we need. 
> > 
> > But you are doing a "write" ioctl here, right?  So don't you really need
> 
> By "write", you meant that we are modifying a bit in task_struct, right?
> In that sense, we probably need 0220?

You need some sort of write permission to modify something in the kernel :)

> > And why again is this an ioctl instead of a syscall?  What is so magic
> > about the file descriptor here?
> 
> We want to control the permission of this operation via this device. 
> Users that can open the device would be able to run the ioctl. I think 
> syscall cannot achieve control like this, unless we introduce something 
> like CAP_BPF_ADMIN?

Ah, yeah, ick, no, don't go there...

And you can more easily "control" access to this device node from
containers as well.  Ok, that makes sense to me.

thanks,

greg k-h

next prev parent reply	other threads:[~2019-06-27 17:00 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-06-25 18:22 [PATCH bpf-next 0/4] sys_bpf() access control via /dev/bpf Song Liu
2019-06-25 18:23 ` [PATCH bpf-next 1/4] bpf: unprivileged BPF access " Song Liu
2019-06-26 13:32   ` Daniel Borkmann
2019-06-26 15:17     ` Song Liu
2019-06-27  0:08       ` Greg KH
2019-06-27  1:00         ` Song Liu
2019-06-27 16:37           ` Greg KH
2019-06-27 16:51             ` Song Liu
2019-06-27 17:00               ` Greg KH [this message]
2019-06-26 13:45   ` Lorenz Bauer
2019-06-26 15:19     ` Song Liu
2019-06-26 15:26       ` Lorenz Bauer
2019-06-26 16:10         ` Song Liu
2019-06-25 18:23 ` [PATCH bpf-next 2/4] bpf: sync tools/include/uapi/linux/bpf.h Song Liu
2019-06-25 18:23 ` [PATCH bpf-next 3/4] libbpf: add libbpf_[get|put]_bpf_permission() Song Liu
2019-06-25 18:23 ` [PATCH bpf-next 4/4] bpftool: use libbpf_[get|put]_bpf_permission() Song Liu
2019-06-25 20:51 ` [PATCH bpf-next 0/4] sys_bpf() access control via /dev/bpf Stanislav Fomichev
2019-06-25 21:00   ` Alexei Starovoitov
2019-06-25 21:19     ` Stanislav Fomichev
2019-06-25 22:47       ` Alexei Starovoitov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190627170032.GA10304@kroah.com \
    --to=gregkh@linuxfoundation.org \
    --cc=Kernel-team@fb.com \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=jannh@google.com \
    --cc=netdev@vger.kernel.org \
    --cc=songliubraving@fb.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.