Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752127AbdLBStH (ORCPT <rfc822;w@1wt.eu>);
        Sat, 2 Dec 2017 13:49:07 -0500
Received: from zeniv.linux.org.uk ([195.92.253.2]:43454 "EHLO
        ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751806AbdLBStF (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 2 Dec 2017 13:49:05 -0500
Date: Sat, 2 Dec 2017 18:48:50 +0000
From: Al Viro <viro@ZenIV.linux.org.uk>
To: Daniel Borkmann <daniel@iogearbox.net>
Cc: Kees Cook <keescook@chromium.org>,
        Shmulik Ladkani <shmulik.ladkani@gmail.com>,
        Willem de Bruijn <willemb@google.com>,
        Pablo Neira Ayuso <pablo@netfilter.org>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        David Miller <davem@davemloft.net>,
        LKML <linux-kernel@vger.kernel.org>,
        Network Development <netdev@vger.kernel.org>,
        Christoph Hellwig <hch@infradead.org>,
        Thomas Garnier <thgarnie@google.com>, Jann Horn <jannh@google.com>
Subject: Re: netfilter: xt_bpf: Fix XT_BPF_MODE_FD_PINNED mode of
 'xt_bpf_info_v1'
Message-ID: <20171202184850.GQ21978@ZenIV.linux.org.uk>
References: <CAGXu5j+ZCJ8rRK=DAKaeuNmGzVY7xo1o9uJyWPEijmg9gw4fKA@mail.gmail.com>
 <20171201013304.GM21978@ZenIV.linux.org.uk>
 <20171201034859.GN21978@ZenIV.linux.org.uk>
 <20171201045439.GO21978@ZenIV.linux.org.uk>
 <20171201173941.GP21978@ZenIV.linux.org.uk>
 <7bbe72a8-dbbe-3343-765d-cc53eb40e0cd@iogearbox.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <7bbe72a8-dbbe-3343-765d-cc53eb40e0cd@iogearbox.net>
User-Agent: Mutt/1.9.0 (2017-09-02)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 903
Lines: 20

On Fri, Dec 01, 2017 at 09:47:00PM +0100, Daniel Borkmann wrote:

> > Might want to replace security_path_mknod() with something saner, while we are
> > at it.
> > 
> > Objections?
> 
> No, thanks for looking into this, and sorry for this fugly hack! :( Not
> that this doesn't make it any better, but I think back then I took it
> over from mqueue implementation ... should have known better and looking
> into making this generic instead, sigh. The above looks good to me, so
> no objections from my side and thanks for working on it!
> 
> > PS: mqueue.c would also benefit from such primitive - do_create() there would
> > simply pass attr as callback's argument into vfs_mkobj(), with callback being
> > the guts of mqueue_create()...

OK...  See vfs.git#untested.mkobj; it really needs testing, though - mq_open(2)
passes LTP tests, but that's not saying much, and BPF side is completely
untested.