From: Greg KH <gregkh@linuxfoundation•org>
To: Song Liu <songliubraving@fb•com>
Cc: Daniel Borkmann <daniel@iogearbox•net>,
Networking <netdev@vger•kernel.org>, bpf <bpf@vger•kernel.org>,
Alexei Starovoitov <ast@kernel•org>,
Kernel Team <Kernel-team@fb•com>,
"jannh@google•com" <jannh@google•com>
Subject: Re: [PATCH bpf-next 1/4] bpf: unprivileged BPF access via /dev/bpf
Date: Fri, 28 Jun 2019 01:00:32 +0800 [thread overview]
Message-ID: <20190627170032.GA10304@kroah.com> (raw)
In-Reply-To: <48E35F58-0DAD-40BA-993F-8AB76587A93B@fb.com>
On Thu, Jun 27, 2019 at 04:51:20PM +0000, Song Liu wrote:
>
>
> > On Jun 27, 2019, at 9:37 AM, Greg KH <gregkh@linuxfoundation•org> wrote:
> >
> > On Thu, Jun 27, 2019 at 01:00:03AM +0000, Song Liu wrote:
> >>
> >>
> >>> On Jun 26, 2019, at 5:08 PM, Greg KH <gregkh@linuxfoundation•org> wrote:
> >>>
> >>> On Wed, Jun 26, 2019 at 03:17:47PM +0000, Song Liu wrote:
> >>>>>> +static struct miscdevice bpf_dev = {
> >>>>>> + .minor = MISC_DYNAMIC_MINOR,
> >>>>>> + .name = "bpf",
> >>>>>> + .fops = &bpf_chardev_ops,
> >>>>>> + .mode = 0440,
> >>>>>> + .nodename = "bpf",
> >>>>>
> >>>>> Here's what kvm does:
> >>>>>
> >>>>> static struct miscdevice kvm_dev = {
> >>>>> KVM_MINOR,
> >>>>> "kvm",
> >>>>> &kvm_chardev_ops,
> >>>>> };
> >>>
> >>> Ick, I thought we converted all of these to named initializers a long
> >>> time ago :)
> >>>
> >>>>> Is there an actual reason that mode is not 0 by default in bpf case? Why
> >>>>> we need to define nodename?
> >>>>
> >>>> Based on my understanding, mode of 0440 is what we want. If we leave it
> >>>> as 0, it will use default value of 0600. I guess we can just set it to
> >>>> 0440, as user space can change it later anyway.
> >>>
> >>> Don't rely on userspace changing it, set it to what you want the
> >>> permissions to be in the kernel here, otherwise you have to create a new
> >>> udev rule and get it merged into all of the distros. Just do it right
> >>> the first time and there is no need for it.
> >>>
> >>> What is wrong with 0600 for this? Why 0440?
> >>
> >> We would like root to own the device, and let users in a certain group
> >> to be able to open it. So 0440 is what we need.
> >
> > But you are doing a "write" ioctl here, right? So don't you really need
>
> By "write", you meant that we are modifying a bit in task_struct, right?
> In that sense, we probably need 0220?
You need some sort of write permission to modify something in the kernel :)
> > And why again is this an ioctl instead of a syscall? What is so magic
> > about the file descriptor here?
>
> We want to control the permission of this operation via this device.
> Users that can open the device would be able to run the ioctl. I think
> syscall cannot achieve control like this, unless we introduce something
> like CAP_BPF_ADMIN?
Ah, yeah, ick, no, don't go there...
And you can more easily "control" access to this device node from
containers as well. Ok, that makes sense to me.
thanks,
greg k-h
next prev parent reply other threads:[~2019-06-27 17:00 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-25 18:22 [PATCH bpf-next 0/4] sys_bpf() access control via /dev/bpf Song Liu
2019-06-25 18:23 ` [PATCH bpf-next 1/4] bpf: unprivileged BPF access " Song Liu
2019-06-26 13:32 ` Daniel Borkmann
2019-06-26 15:17 ` Song Liu
2019-06-27 0:08 ` Greg KH
2019-06-27 1:00 ` Song Liu
2019-06-27 16:37 ` Greg KH
2019-06-27 16:51 ` Song Liu
2019-06-27 17:00 ` Greg KH [this message]
2019-06-26 13:45 ` Lorenz Bauer
2019-06-26 15:19 ` Song Liu
2019-06-26 15:26 ` Lorenz Bauer
2019-06-26 16:10 ` Song Liu
2019-06-25 18:23 ` [PATCH bpf-next 2/4] bpf: sync tools/include/uapi/linux/bpf.h Song Liu
2019-06-25 18:23 ` [PATCH bpf-next 3/4] libbpf: add libbpf_[get|put]_bpf_permission() Song Liu
2019-06-25 18:23 ` [PATCH bpf-next 4/4] bpftool: use libbpf_[get|put]_bpf_permission() Song Liu
2019-06-25 20:51 ` [PATCH bpf-next 0/4] sys_bpf() access control via /dev/bpf Stanislav Fomichev
2019-06-25 21:00 ` Alexei Starovoitov
2019-06-25 21:19 ` Stanislav Fomichev
2019-06-25 22:47 ` Alexei Starovoitov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190627170032.GA10304@kroah.com \
--to=gregkh@linuxfoundation$(echo .)org \
--cc=Kernel-team@fb$(echo .)com \
--cc=ast@kernel$(echo .)org \
--cc=bpf@vger$(echo .)kernel.org \
--cc=daniel@iogearbox$(echo .)net \
--cc=jannh@google$(echo .)com \
--cc=netdev@vger$(echo .)kernel.org \
--cc=songliubraving@fb$(echo .)com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox