Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751072AbbHACAd (ORCPT <rfc822;w@1wt.eu>);
	Fri, 31 Jul 2015 22:00:33 -0400
Received: from mail-ig0-f175.google.com ([209.85.213.175]:34861 "EHLO
	mail-ig0-f175.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1750786AbbHACAb (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Fri, 31 Jul 2015 22:00:31 -0400
MIME-Version: 1.0
In-Reply-To: <CALCETrXfHg3SdRrfsUpRQp9MQzptJsfKJ2Wqn38_95DWrqXc7g@mail.gmail.com>
References: <CAGXxSxVD9OB3iUrWqR72Qc128SwwUjk6QCzxxdYt-EJQ-DeHnw@mail.gmail.com>
 <CALCETrXZnefEJwdsb5dPcR_i46BwJakxZLcShqghSCikH6nPbw@mail.gmail.com>
 <CAGXxSxXmVxdGqO5X7hcBPjKURL4FbBOXoSwq_phypgg=T9NixQ@mail.gmail.com> <CALCETrXfHg3SdRrfsUpRQp9MQzptJsfKJ2Wqn38_95DWrqXc7g@mail.gmail.com>
From: cee1 <fykcee1@gmail.com>
Date: Sat, 1 Aug 2015 10:00:11 +0800
Message-ID: <CAGXxSxVMRF1X=8fUr74SGSjEuvLFYHzGsWcv4wrG=9=CCfpPeg@mail.gmail.com>
Subject: Re: Revisit AF_BUS: is it a better way to implement KDBUS?
To: Andy Lutomirski <luto@amacapital.net>
Cc: LKML <linux-kernel@vger.kernel.org>, Greg KH <gregkh@linuxfoundation.org>,
        Lennart Poettering <lennart@poettering.net>,
        David Herrmann <dh.herrmann@gmail.com>,
        One Thousand Gnomes <gnomes@lxorguk.ukuu.org.uk>
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1691
Lines: 44

2015-08-01 5:15 GMT+08:00 Andy Lutomirski <luto@amacapital.net>:
> On Fri, Jul 31, 2015 at 9:25 AM, cee1 <fykcee1@gmail.com> wrote:
>> 2015-07-31 2:12 GMT+08:00 Andy Lutomirski <luto@amacapital.net>:
>>>
>>> I find myself wondering whether an in-kernel *bus* is a good idea at
>>> all.  Creating a bus that unprivileged programs are allowed to
>>> broadcast on (which is kind of the point) opens up big cans of worms.
>>
>> This can be solved in this AF_BUS like this:
>> * Becoming a bus master needs a proper CAP.
>> * Impose a bus endpoint to join multicast address "maddr1" first, if
>> it wants to send to multicast address "maddr2".
>>
>> The bus endpoint sends the request of joining maddr1, and the bus
>> master grants it with replying a cmsg(control message) and setting up
>> a proper eBPF.
>>
>> Next time, the bus endpoint sends to maddr2, the kernel will allow this if:
>> 1) maddr1 & maddr2 == maddr1
>> And 2) the eBPF allows it.
>>  (i.e. the same multicast match logic in this AF_BUS)
>>
>
> I don't understand.
>
> If the endpoint is unprivileged (i.e. random untrusted things can send
> multicast), then you have the scaling problem.  If the endpoint is
> privileged, then it's much less clear to me that this thing is useful.

That means an endpoint has to request the ability of sending to a
specific multicast address(aka join a multicast group), and it's up to
bus master whether grants it or not.



-- 
Regards,

- cee1
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/