Received: by 10.192.165.148 with SMTP id m20csp506543imm;
        Fri, 27 Apr 2018 02:50:38 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZp/411p8JAuF9fTJAJacbbxkswSCcKsIZSM44VctRs78O2JHtwJ5E/nTHe4L/PSsjMxG0CB
X-Received: by 2002:a63:a60a:: with SMTP id t10-v6mr1546707pge.357.1524822638164;
        Fri, 27 Apr 2018 02:50:38 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1524822638; cv=none;
        d=google.com; s=arc-20160816;
        b=ohRozqsAedYfIWPRb3UV5JXTVOvG+b10q1u855odyQyU0Gk2+KGnZ7INOWKYfF4iBf
         YpwZ8QNNmbchx+Kooxjz5LDOKVTSWufM087A/vveo3VbyplaMVgF0tc+ROVmweGVu7KT
         h/BAvpNE3lXddH8zXVnXAr7HTvgkBeLkla+Z9levzcgww+o6frrof42AiMVUogAgU8XD
         +sDxx3MsWCcmLl8UG1lr/FJuCdaCbVSZx1YUohN6LsNSF7Gx3rbKCQ5BloSd/c5l25jl
         N51n06hzX1t6gntTu2G9gs8UhF9aGAukIPAissuJkFr+nfSw5dWykWtbjekVPtU4BtAK
         1NBg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:dkim-signature:arc-authentication-results;
        bh=fGMPJXMGnQAeLhPI2NgbT6R5rRhgPpDyQfB9U6Jxtw0=;
        b=Kw/+IKI7+DtAS5vqwIygPn+kV6R7w2Xkf4Bm2BrQuXpA+XlCVuE/w872Ej1H36p/Pe
         ReocZWRmr6OoOVz5AXclBNDDiQdwSKRusAnwhA+YaNYHjm5GrLCtlLZ8NKfoJcNRd1qp
         AmmJ5qQpskwhaOg6CvBfwJ0QQKUrVwr5bTXc1BA6b/eSbZkHznepVKgysi7Hdhygdw0q
         G5PRO4lQBWLnrfab7gURjvqU7Rk4/8vtN1pO5w6hLdzUhOiH7e3/uh2Yx43c096ez96N
         VWhXdCv3+eFKH6eeRN1Qmjk6sUxQy12btzTqrar5jKl3xTipV6NIvhIdi6ENyxvXhDoa
         1OGA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linaro.org header.s=google header.b=h33XKY7z;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id b6-v6si909755pgc.166.2018.04.27.02.50.23;
        Fri, 27 Apr 2018 02:50:38 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linaro.org header.s=google header.b=h33XKY7z;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S932499AbeD0JtT (ORCPT <rfc822;peterpeng024@gmail.com>
        + 99 others); Fri, 27 Apr 2018 05:49:19 -0400
Received: from mail-pg0-f65.google.com ([74.125.83.65]:37872 "EHLO
        mail-pg0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1757361AbeD0JtR (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 27 Apr 2018 05:49:17 -0400
Received: by mail-pg0-f65.google.com with SMTP id a13-v6so1172875pgu.4
        for <linux-kernel@vger.kernel.org>; Fri, 27 Apr 2018 02:49:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linaro.org; s=google;
        h=date:from:to:cc:subject:message-id:references:mime-version
         :content-disposition:in-reply-to:user-agent;
        bh=fGMPJXMGnQAeLhPI2NgbT6R5rRhgPpDyQfB9U6Jxtw0=;
        b=h33XKY7zk4Pg7YxBAZczArpdqk5mvwI1xPbl18pGxfGDn3cMDeC+xKzjLIMljgY2La
         bVkuS1Ny0slr6GdBfkBIXw3DKvasTlqNMRAs8YRalpF1k67AOyklVNv16NNnJJT5ynXR
         cKWTOePA7il0j3ha5//wtcAZMSvjUk+X+wFuY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:references
         :mime-version:content-disposition:in-reply-to:user-agent;
        bh=fGMPJXMGnQAeLhPI2NgbT6R5rRhgPpDyQfB9U6Jxtw0=;
        b=d7kwehzf6yrzuIcZncrNZOwO5hAUMLOqGquOrfSmkbuh5olgsr2uMwt7uMfxVGWfxm
         NYL+JNYFpyJAZwL5Tid71LUqCZYi64uJRrkgi2K0RCatMCewUQ4nXZrHi9FjNKBAnz8R
         OYLJNByT800zUCEeeZzQn0PDCkC+Ih6Z5q2D+6fLo0gR9uvufGv+E9LdkP+u+QEfTMj1
         D/1Wn/Qr/0FD1hbhFwQ75D4BZvS6ORDoRFfORL2YpJco9/vDj4bKwcIlxw7GUU6G7NHv
         QSvL1tSKVZJaOWMpbRSg8L2zsTbUSc5XY+F+uL4Oi1k0ThzJH4VKUzpkGI2lxWiHHtNl
         gt5A==
X-Gm-Message-State: ALQs6tBxnJvmDS4/evHj6XBpqEKy61sNYEcph1EKYkUxmgYWl91rE8XF
        NBFfF9CzEySEWrM/L7kD9rEGmg==
X-Received: by 2002:a17:902:6549:: with SMTP id d9-v6mr1680271pln.196.1524822556961;
        Fri, 27 Apr 2018 02:49:16 -0700 (PDT)
Received: from leoy-ThinkPad-X240s (li1168-94.members.linode.com. [45.79.69.94])
        by smtp.gmail.com with ESMTPSA id f22sm2948723pff.146.2018.04.27.02.49.13
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 27 Apr 2018 02:49:15 -0700 (PDT)
Date:   Fri, 27 Apr 2018 17:49:10 +0800
From:   Leo Yan <leo.yan@linaro.org>
To:     Daniel Borkmann <daniel@iogearbox.net>
Cc:     Alexei Starovoitov <ast@kernel.org>,
        "David S. Miller" <davem@davemloft.net>,
        Jonathan Corbet <corbet@lwn.net>, netdev@vger.kernel.org,
        linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org
Subject: Re: [PATCH bpf-next] bpf, doc: Update bpf_jit_enable limitation for
 CONFIG_BPF_JIT_ALWAYS_ON
Message-ID: <20180427094910.GA31015@leoy-ThinkPad-X240s>
References: <1524709611-29437-1-git-send-email-leo.yan@linaro.org>
 <275e03a2-b74e-8f60-4ffe-26c9a79fae9d@iogearbox.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <275e03a2-b74e-8f60-4ffe-26c9a79fae9d@iogearbox.net>
User-Agent: Mutt/1.5.24 (2015-08-30)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, Apr 27, 2018 at 11:44:44AM +0200, Daniel Borkmann wrote:
> On 04/26/2018 04:26 AM, Leo Yan wrote:
> > When CONFIG_BPF_JIT_ALWAYS_ON is enabled, kernel has limitation for
> > bpf_jit_enable, so it has fixed value 1 and we cannot set it to 2
> > for JIT opcode dumping; this patch is to update the doc for it.
> > 
> > Signed-off-by: Leo Yan <leo.yan@linaro.org>
> > ---
> >  Documentation/networking/filter.txt | 6 ++++++
> >  1 file changed, 6 insertions(+)
> > 
> > diff --git a/Documentation/networking/filter.txt b/Documentation/networking/filter.txt
> > index fd55c7d..feddab9 100644
> > --- a/Documentation/networking/filter.txt
> > +++ b/Documentation/networking/filter.txt
> > @@ -483,6 +483,12 @@ Example output from dmesg:
> >  [ 3389.935851] JIT code: 00000030: 00 e8 28 94 ff e0 83 f8 01 75 07 b8 ff ff 00 00
> >  [ 3389.935852] JIT code: 00000040: eb 02 31 c0 c9 c3
> >  
> > +When CONFIG_BPF_JIT_ALWAYS_ON is enabled, bpf_jit_enable is set to 1 by default
> > +and it returns failure if change to any other value from proc node; this is
> > +for security consideration to avoid leaking info to unprivileged users. In this
> > +case, we can't directly dump JIT opcode image from kernel log, alternatively we
> > +need to use bpf tool for the dumping.
> > +
> 
> Could you change this doc text a bit, I think it's slightly misleading. From the first
> sentence one could also interpret that value 0 would leaking info to unprivileged users
> whereas here we're only talking about the case of value 2. Maybe something roughly like
> this to make it more clear:
> 
>   When CONFIG_BPF_JIT_ALWAYS_ON is enabled, bpf_jit_enable is permanently set to 1 and
>   setting any other value than that will return in failure. This is even the case for
>   setting bpf_jit_enable to 2, since dumping the final JIT image into the kernel log
>   is discouraged and introspection through bpftool (under tools/bpf/bpftool/) is the
>   generally recommended approach instead.

Yeah, your rephrasing is more clear and better.  Will do this and send
new patch soon.  Thanks for your helping.

> Thanks,
> Daniel