From: Matt Bobrowski <mattbobrowski@google.com>
To: Alexei Starovoitov <alexei.starovoitov@gmail.com>
Cc: bpf <bpf@vger.kernel.org>, Alexei Starovoitov <ast@kernel.org>,
KP Singh <kpsingh@kernel.org>,
Andrii Nakryiko <andrii@kernel.org>, Jann Horn <jannh@google.com>,
Christian Brauner <brauner@kernel.org>,
Linux-Fsdevel <linux-fsdevel@vger.kernel.org>,
Jiri Olsa <jolsa@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Kumar Kartikeya Dwivedi <memxor@gmail.com>
Subject: Re: [PATCH v3 bpf-next 1/3] bpf: introduce new VFS based BPF kfuncs
Date: Sun, 28 Jul 2024 20:35:17 +0000 [thread overview]
Message-ID: <ZqarhaE7JgkkxASP@google.com> (raw)
In-Reply-To: <CAADnVQJdv9rjCHMzmE+W4AO3GgKjNjS_c06kC0iXe+itDstGZQ@mail.gmail.com>
On Fri, Jul 26, 2024 at 01:43:45PM -0700, Alexei Starovoitov wrote:
> On Fri, Jul 26, 2024 at 1:56 AM Matt Bobrowski <mattbobrowski@google.com> wrote:
> > +
> > +static int bpf_fs_kfuncs_filter(const struct bpf_prog *prog, u32 kfunc_id)
> > +{
> > + if (!btf_id_set8_contains(&bpf_fs_kfunc_set_ids, kfunc_id) ||
> > + prog->type == BPF_PROG_TYPE_LSM)
> > + return 0;
> > + return -EACCES;
> > +}
> > +
> > +static const struct btf_kfunc_id_set bpf_fs_kfunc_set = {
> > + .owner = THIS_MODULE,
> > + .set = &bpf_fs_kfunc_set_ids,
> > + .filter = bpf_fs_kfuncs_filter,
> > +};
> > +
> > +static int __init bpf_fs_kfuncs_init(void)
> > +{
> > + return register_btf_kfunc_id_set(BPF_PROG_TYPE_LSM, &bpf_fs_kfunc_set);
> > +}
>
> Aside from buf__sz <= 0 that Christian spotted
I'm going to fix this up in v2 of this patch, so don't worry about it.
> the bpf_fs_kfuncs_filter() is a watery water.
> It's doing a redundant check that is already covered by
>
> register_btf_kfunc_id_set(BPF_PROG_TYPE_LSM,...
>
> I'll remove it while applying.
As discussed, this filter is currently required as without it we
inadvertently allow tracing BPF programs to also use these BPF
kfuncs.
/M
next prev parent reply other threads:[~2024-07-28 20:35 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-26 8:56 [PATCH v3 bpf-next 0/3] introduce new VFS based BPF kfuncs Matt Bobrowski
2024-07-26 8:56 ` [PATCH v3 bpf-next 1/3] bpf: " Matt Bobrowski
2024-07-26 13:18 ` Christian Brauner
2024-07-26 20:31 ` Matt Bobrowski
2024-07-26 20:43 ` Alexei Starovoitov
2024-07-28 20:35 ` Matt Bobrowski [this message]
2024-07-26 21:25 ` Song Liu
2024-07-26 21:49 ` Matt Bobrowski
2024-07-26 22:48 ` Song Liu
2024-07-28 20:29 ` Matt Bobrowski
2024-07-29 10:56 ` Christian Brauner
2024-07-29 11:11 ` Matt Bobrowski
2024-07-26 23:52 ` Song Liu
2024-07-28 19:52 ` Matt Bobrowski
2024-07-26 8:56 ` [PATCH v3 bpf-next 2/3] selftests/bpf: add negative tests for " Matt Bobrowski
2024-07-26 23:38 ` Song Liu
2024-07-28 19:34 ` Matt Bobrowski
2024-07-26 8:56 ` [PATCH v3 bpf-next 3/3] selftests/bpf: add positive " Matt Bobrowski
2024-07-26 23:44 ` Song Liu
2024-07-26 13:22 ` [PATCH v3 bpf-next 0/3] introduce " Christian Brauner
2024-07-26 20:22 ` Matt Bobrowski
2024-07-26 20:35 ` Alexei Starovoitov
2024-07-30 7:37 ` Christian Brauner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZqarhaE7JgkkxASP@google.com \
--to=mattbobrowski@google.com \
--cc=alexei.starovoitov@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=brauner@kernel.org \
--cc=daniel@iogearbox.net \
--cc=jannh@google.com \
--cc=jolsa@kernel.org \
--cc=kpsingh@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=memxor@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.