Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751447AbaF1FzU (ORCPT ); Sat, 28 Jun 2014 01:55:20 -0400 Received: from mail-wi0-f180.google.com ([209.85.212.180]:48843 "EHLO mail-wi0-f180.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751063AbaF1FzR (ORCPT ); Sat, 28 Jun 2014 01:55:17 -0400 MIME-Version: 1.0 In-Reply-To: References: <1403913966-4927-1-git-send-email-ast@plumgrid.com> <1403913966-4927-4-git-send-email-ast@plumgrid.com> Date: Fri, 27 Jun 2014 22:55:15 -0700 Message-ID: Subject: Re: [PATCH RFC net-next 03/14] bpf: introduce syscall(BPF, ...) and BPF maps From: Alexei Starovoitov To: Andy Lutomirski Cc: "David S. Miller" , Ingo Molnar , Linus Torvalds , Steven Rostedt , Daniel Borkmann , Chema Gonzalez , Eric Dumazet , Peter Zijlstra , Arnaldo Carvalho de Melo , Jiri Olsa , Thomas Gleixner , "H. Peter Anvin" , Andrew Morton , Kees Cook , Linux API , Network Development , "linux-kernel@vger.kernel.org" Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jun 27, 2014 at 5:16 PM, Andy Lutomirski wrote: > On Fri, Jun 27, 2014 at 5:05 PM, Alexei Starovoitov wrote: >> BPF syscall is a demux for different BPF releated commands. >> >> 'maps' is a generic storage of different types for sharing data between kernel >> and userspace. >> >> The maps can be created/deleted from user space via BPF syscall: >> - create a map with given id, type and attributes >> map_id = bpf_map_create(int map_id, map_type, struct nlattr *attr, int len) >> returns positive map id or negative error >> >> - delete map with given map id >> err = bpf_map_delete(int map_id) >> returns zero or negative error > > What's the scope of "id"? How is it secured? the map and program id space is global and it's cap_sys_admin only. There is no pressing need to do it with per-user limits. So the whole thing is root only for now. Since I got your attention please review the most interesting verifier bits (patch 08/14) ;) -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/