From: Kees Cook <keescook@chromium.org>
To: Hengqi Chen <hengqi.chen@gmail.com>
Cc: linux-kernel@vger.kernel.org, bpf@vger.kernel.org,
ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org,
luto@amacapital.net, wad@chromium.org, alexyonghe@tencent.com
Subject: Re: [PATCH 2/4] seccomp, bpf: Introduce SECCOMP_LOAD_FILTER operation
Date: Tue, 10 Oct 2023 17:24:47 -0700 [thread overview]
Message-ID: <202310101722.B6D6E6CEC@keescook> (raw)
In-Reply-To: <20231009124046.74710-3-hengqi.chen@gmail.com>
On Mon, Oct 09, 2023 at 12:40:44PM +0000, Hengqi Chen wrote:
> This patch adds a new operation named SECCOMP_LOAD_FILTER.
> It accepts the same arguments as SECCOMP_SET_MODE_FILTER
> but only performs the loading process. If succeed, return a
> new fd associated with the JITed BPF program (the filter).
> The filter can then be pinned to bpffs using the returned
> fd and reused for different processes. To distinguish the
> filter from other BPF progs, BPF_PROG_TYPE_SECCOMP is added.
>
> Signed-off-by: Hengqi Chen <hengqi.chen@gmail.com>
This part looks okay, I think. I need to spend some more time looking at
the BPF side. I want to make sure it is only possible to build a
BPF_PROG_TYPE_SECCOMP prog by going through seccomp. I want to make sure
we can never side-load some kind of unexpected program into seccomp,
etc. Since BPF_PROG_TYPE_SECCOMP is part of UAPI, is this controllable
through the bpf() syscall?
One thought I had, though, is I wonder if flags are needed to be
included with the fd? I'll ponder this a bit more...
--
Kees Cook
next prev parent reply other threads:[~2023-10-11 0:31 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-09 12:40 [PATCH 0/4] seccomp: Make seccomp filter reusable Hengqi Chen
2023-10-09 12:40 ` [PATCH 1/4] seccomp: Refactor filter copy/create for reuse Hengqi Chen
2023-10-11 0:14 ` Kees Cook
2023-10-09 12:40 ` [PATCH 2/4] seccomp, bpf: Introduce SECCOMP_LOAD_FILTER operation Hengqi Chen
2023-10-11 0:24 ` Kees Cook [this message]
2023-10-12 1:48 ` Hengqi Chen
2023-10-11 7:16 ` kernel test robot
2023-10-11 9:15 ` kernel test robot
2023-10-09 12:40 ` [PATCH 3/4] seccomp: Introduce SECCOMP_ATTACH_FILTER operation Hengqi Chen
2023-10-11 0:22 ` Kees Cook
2023-10-12 1:49 ` Hengqi Chen
2023-10-09 12:40 ` [PATCH 4/4] selftests/seccomp: Test SECCOMP_LOAD_FILTER and SECCOMP_ATTACH_FILTER Hengqi Chen
2023-10-11 0:26 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202310101722.B6D6E6CEC@keescook \
--to=keescook@chromium.org \
--cc=alexyonghe@tencent.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=hengqi.chen@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=wad@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox