From mboxrd@z Thu Jan  1 00:00:00 1970
From: David Miller <davem@davemloft.net>
Subject: Re: kasan for bpf
Date: Sat, 23 Dec 2017 11:03:56 -0500 (EST)
Message-ID: <20171223.110356.169739765604909704.davem@davemloft.net>
References: <20171223022617.GO2971@decadent.org.uk>
        <20171223043155.biljcns7iwe7n633@ast-mbp>
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Cc: jannh@google.com, netdev@vger.kernel.org, daniel@iogearbox.net,
        ben@decadent.org.uk, linux-kernel@vger.kernel.org,
        kernel-team@fb.com
To: alexei.starovoitov@gmail.com
Return-path: <linux-kernel-owner@vger.kernel.org>
In-Reply-To: <20171223043155.biljcns7iwe7n633@ast-mbp>
Sender: linux-kernel-owner@vger.kernel.org
List-Id: netdev.vger.kernel.org

From: Alexei Starovoitov <alexei.starovoitov@gmail.com>
Date: Fri, 22 Dec 2017 20:31:56 -0800

> Thoughts?

Even though you propose it as the opposite, it sounds like a crutch
for the verifier.

If we strictly control objects that the eBPF program can access,
verifier ensures this, and all other objects go through helpers,
then I cannot see what kasan for bpf can buy us.

To me it tells the world "yes, verifier and carefully designed helpers
are insufficient" and that's not the message I have been giving to
rooms full of hundreds of people listening to my xdp/bpf
presentations.