From mboxrd@z Thu Jan  1 00:00:00 1970
From: Sargun Dhillon <sargun@sargun.me>
Subject: [PATCH net-next 0/3] eBPF Seccomp filters
Date: Tue, 13 Feb 2018 15:42:46 +0000
Message-ID: <20180213154244.GA3292@ircssh-2.c.rugged-nimbus-611.internal>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: ast@kernel.org, daniel@iogearbox.net,
        containers@lists.linux-foundation.org, keescook@chromium.org,
        luto@amacapital.net, wad@chromium.org
To: netdev@vger.kernel.org
Return-path: <netdev-owner@vger.kernel.org>
Received: from mail-io0-f193.google.com ([209.85.223.193]:42141 "EHLO
        mail-io0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S933672AbeBMPmt (ORCPT
        <rfc822;netdev@vger.kernel.org>); Tue, 13 Feb 2018 10:42:49 -0500
Received: by mail-io0-f193.google.com with SMTP id g14so15527109iob.9
        for <netdev@vger.kernel.org>; Tue, 13 Feb 2018 07:42:49 -0800 (PST)
Content-Disposition: inline
Sender: netdev-owner@vger.kernel.org
List-ID: <netdev.vger.kernel.org>

This patchset enables seccomp filters to be written in eBPF. Although,
this patchset doesn't introduce much of the functionality enabled by
eBPF, it lays the ground work for it.

It also introduces the capability to dump eBPF filters via the PTRACE
API in order to make it so that CHECKPOINT_RESTORE will be satisifed.
In the attached samples, there's an example of this. One can then use
BPF_OBJ_GET_INFO_BY_FD in order to get the actual code of the program,
and use that at reload time.

The primary reason for not adding maps support in this patchset is
to avoid introducing new complexities around PR_SET_NO_NEW_PRIVS.
If we have a map that the BPF program can read, it can potentially
"change" privileges after running. It seems like doing writes only
is safe, because it can be pure, and side effect free, and therefore
not negatively effect PR_SET_NO_NEW_PRIVS. Nonetheless, if we come
to an agreement, this can be in a follow-up patchset.


Sargun Dhillon (3):
  bpf, seccomp: Add eBPF filter capabilities
  seccomp, ptrace: Add a mechanism to retrieve attached eBPF seccomp
    filters
  bpf: Add eBPF seccomp sample programs

 arch/Kconfig                 |   7 ++
 include/linux/bpf_types.h    |   3 +
 include/linux/seccomp.h      |  12 +++
 include/uapi/linux/bpf.h     |   2 +
 include/uapi/linux/ptrace.h  |   5 +-
 include/uapi/linux/seccomp.h |  15 ++--
 kernel/bpf/syscall.c         |   1 +
 kernel/ptrace.c              |   3 +
 kernel/seccomp.c             | 185 ++++++++++++++++++++++++++++++++++++++-----
 samples/bpf/Makefile         |   9 +++
 samples/bpf/bpf_load.c       |   9 ++-
 samples/bpf/seccomp1_kern.c  |  17 ++++
 samples/bpf/seccomp1_user.c  |  34 ++++++++
 samples/bpf/seccomp2_kern.c  |  24 ++++++
 samples/bpf/seccomp2_user.c  |  66 +++++++++++++++
 15 files changed, 362 insertions(+), 30 deletions(-)
 create mode 100644 samples/bpf/seccomp1_kern.c
 create mode 100644 samples/bpf/seccomp1_user.c
 create mode 100644 samples/bpf/seccomp2_kern.c
 create mode 100644 samples/bpf/seccomp2_user.c

-- 
2.14.1