Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755097AbcLTF0q (ORCPT ); Tue, 20 Dec 2016 00:26:46 -0500 Received: from mail-ua0-f180.google.com ([209.85.217.180]:34554 "EHLO mail-ua0-f180.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754677AbcLTF0o (ORCPT ); Tue, 20 Dec 2016 00:26:44 -0500 MIME-Version: 1.0 In-Reply-To: <20161220045155.GC86803@ast-mbp.thefacebook.com> References: <20161219205631.GA31242@ast-mbp.thefacebook.com> <20161220000254.GA58895@ast-mbp.thefacebook.com> <20161219.203422.500916400463091702.davem@davemloft.net> <20161220045155.GC86803@ast-mbp.thefacebook.com> From: Andy Lutomirski Date: Mon, 19 Dec 2016 21:26:22 -0800 Message-ID: Subject: Re: Potential issues (security and otherwise) with the current cgroup-bpf API To: Alexei Starovoitov Cc: David Miller , Andrew Lutomirski , Daniel Mack , =?UTF-8?B?TWlja2HDq2wgU2FsYcO8bg==?= , Kees Cook , Jann Horn , Tejun Heo , David Ahern , Thomas Graf , Michael Kerrisk , Peter Zijlstra , Linux API , "linux-kernel@vger.kernel.org" , Network Development Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 685 Lines: 16 On Mon, Dec 19, 2016 at 8:51 PM, Alexei Starovoitov wrote: > On Mon, Dec 19, 2016 at 05:40:53PM -0800, Andy Lutomirski wrote: >> >> By the way, even if Alexei is right, the BPF_PROG_DETACH API doesn't >> even take a reference to a BPF program as an argument. What is it >> supposed to do if this mechanism ever gets extended? > > we just add another field to that anonymous union just like > we did for other commands and everything is backwards compatible. > It's the basics of bpf syscall that we've been relying on for some > time now and it worked just fine. And what happens if you don't specify that member and two programs are attached? --Andy