Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp1052276imm; Fri, 5 Oct 2018 17:22:45 -0700 (PDT) X-Google-Smtp-Source: ACcGV61wyiqmG5Ur1P6MNJxQycznGhVfJ6rsWs73PqYA3MJR3Xc3FLCV6SBMBDOaF/a88ckv6yNk X-Received: by 2002:a63:7f0e:: with SMTP id a14-v6mr12195697pgd.296.1538785365211; Fri, 05 Oct 2018 17:22:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538785365; cv=none; d=google.com; s=arc-20160816; b=xkTevEwVeAOtwAx07WvCPQ0VFnYNFO9HMhHqTalISDVi3DAdnu+4g6vhArGtn5zEcT JCQcqXYvq8m6HTa33567HsatuNXIvjnFxa4EfkQrjDi/7Y1hqTBnS63m6Ee4qHY23cUx j9vYE5DRz1SCXkHDbd/y2/j+uSETnrfh+5NLyvjL3dOi6CMg93LT/dkxa0IxikrZ8lm+ cQ10KjErXcDYjSQ/LWk6vtxKvfIcxIZMFkPf0yFKmQtuPWacSk05xwIushS8FDIB2x+Z HSt3tMA8LkNWx5OMfGuKFCB2UJNOuwSB97L/YE49BLXCZK+vl0hMJ5j16Dp+uYEKIfp8 fFJA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-transfer-encoding:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=x9eQrkMyrWPMhICe83T2cY5IxAr+/4HTRZP+n1VAv6M=; b=lSHIVfLrNpVGP1TiuPOsSyjLr323cXy91JHO6slnoBYogyHytxSxr5kuMCVnLvypL9 Slzc4yL9PRyc2TpX8ASDJ+JN0FUVXSYraIP+q2UOLSrrcKstaog0NtJieRTCh81dt4sx FrZ/Gxzw1cVyJZ92/HlMXRPX3g3GEPGlgcHqbx7ccIhcLOh4YGDP529puaFDjiFflI3Y d0D/gqBzr2pXTcxr4Nk/JQryT1uFbZq3odZWKdSzK5tnu3Uo7IeoCZazzNs4Mls4XD6c RoAvXByuNlnYIFIUYnGY/pYmywuiKImbbwmQ3v7zELs4VgoZKImdgzX1Ui5xbTpZor+X xYrA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=ncdYN+Kb; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f34-v6si10410994ple.365.2018.10.05.17.22.29; Fri, 05 Oct 2018 17:22:45 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=ncdYN+Kb; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729391AbeJFHXa (ORCPT + 99 others); Sat, 6 Oct 2018 03:23:30 -0400 Received: from mail-pg1-f196.google.com ([209.85.215.196]:40864 "EHLO mail-pg1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726696AbeJFHXa (ORCPT ); Sat, 6 Oct 2018 03:23:30 -0400 Received: by mail-pg1-f196.google.com with SMTP id n31-v6so5388049pgm.7; Fri, 05 Oct 2018 17:22:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to :user-agent; bh=x9eQrkMyrWPMhICe83T2cY5IxAr+/4HTRZP+n1VAv6M=; b=ncdYN+KbfXozQv/DTKcJqLztFeqezO+uUaKCmewj2jNKoGU2UOPLBGYdxJbswsgRKf ODf9E4MGYZ0A25IMhW+1hiUiiUEYCXBllbTByN6YgTHhBayQB8VUKcWOI0Ox1C3i1kXp J1ChzwANW957jzYcaiKpE1xIP+Z1A2nUSBStySAHSgAnhoJpT7yAq3VH760TSE26gzJY 4xtsV0NZtwskQDuAZ48SCU+Z/bzW2i9SutcRD7PfwridgcrM7AxeVoS/4Co0ZQpk+AVX blRlEvipTaTf7WFjqSKxaBEE2rqPsRjjSGr0Tyh9jUU3ExEsZjmMa3dSk4liKYwDWzyh veaA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to:user-agent; bh=x9eQrkMyrWPMhICe83T2cY5IxAr+/4HTRZP+n1VAv6M=; b=E/yKUWwZSXU/T9Ncs+9itN+rdTEZS03bUqguodtAbKeQqEYSBtF/Vntt9/hHytuG4C JX7yLKvEIyScVrstB15wBJA1XLobIt0RXwTMn9sM0T8smI8cDZpExoO/OXSh2PEksSfF FqkOmDJ/QuKNsI2Bp+2jXspDZqPMxXuBsmbX4Thoppzvbji/p0spgV7GqqWZuaIZJpIg 4T9q8SZ9IEb+/voyGWLlJVdAPOlt9bsK618qtYWjcZGyrSRlaXH8N0MPZlKB02SHkGvb e/imDeWOuahKOHBy9cAhL+C29G28FCre88N4vup5vmtrlpPO+9ZUG2nFR5eThMuvrwce Y3ig== X-Gm-Message-State: ABuFfoi+t0B+XkmgVs1rQUwEbh+SQVtxxk1Vy0V/8/5uJvrWO4sS6GGh Vd5/FIO2LTABtHiXMHK5dmI= X-Received: by 2002:a63:d34f:: with SMTP id u15-v6mr12197329pgi.325.1538785343248; Fri, 05 Oct 2018 17:22:23 -0700 (PDT) Received: from ast-mbp.dhcp.thefacebook.com ([2620:10d:c090:200::4:fc91]) by smtp.gmail.com with ESMTPSA id h19-v6sm16084779pfk.71.2018.10.05.17.22.21 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 05 Oct 2018 17:22:22 -0700 (PDT) Date: Fri, 5 Oct 2018 17:22:20 -0700 From: Alexei Starovoitov To: Al Viro Cc: Andy Lutomirski , Alexei Starovoitov , "David S. Miller" , Daniel Borkmann , Network Development , LKML , kernel-team Subject: Re: [PATCH bpf-next 1/6] bpf: introduce BPF_PROG_TYPE_FILE_FILTER Message-ID: <20181006002218.amfazxko4sq32hu6@ast-mbp.dhcp.thefacebook.com> References: <20181004025750.498303-1-ast@kernel.org> <20181004025750.498303-2-ast@kernel.org> <20181005044659.GU32577@ZenIV.linux.org.uk> <20181005220518.747ri4q34obrnaoc@ast-mbp.dhcp.thefacebook.com> <20181005222752.l5da54rpww6tlyfy@ast-mbp.dhcp.thefacebook.com> <20181005234706.GX32577@ZenIV.linux.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20181005234706.GX32577@ZenIV.linux.org.uk> User-Agent: NeoMutt/20180223 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Oct 06, 2018 at 12:47:06AM +0100, Al Viro wrote: > > And no, it's not that each of those filesystems does not use inode->i_ino at all. > There's a bunch of library helpers in fs/*.c that happen to use the value filesystem > has seen fit to store there. Whether to use those helpers or not, what to store in > that field, etc. is, again, entirely up to the filesystem in question. > generic_fillattr() is one of those, that's all there is to it. makes sense. > That's precisely why I really do not like the idea of hooks poking in the internals > of kernel data structures. Especially since not even "it's not visible outside of > a subsystem-internal header" appears to slow you down. that's why there is a code review to get the patches in shape that don't expose kernel internals by _accident_. > The same goes for tracepoints, etc. - turning random details of implementation into > a carved in stone ABI is actively harmful. we're not talking about tracepoints here. > PS: If anything, visibility to hooks should be opt-in. not sure how do you expect 'opt-in' to be imlemented. As far as exposing inode and dev I agree that was a wrong approach. Going to switch to struct file_handle instead. Doing statx for every file_open is probably too slow for practical use. > Sure, we can start actively hiding > the things, but that's a winless arms race - even if we bloody went and encrypted the > private stuff, you'd still be able to pull decryption key from where it would be accessed > by legitimate users, etc. Нахуй нам это надо? why do this ? the use cases are explained in commit log. Back to internals exposure. Do you see an issue in the following: struct bpf_file_info { __u32 fs_magic; // file->f_inode->i_sb->s_magic __u32 mnt_id; // real_mount(file->f_path.mnt)->mnt_id __u32 nlink; // file->f_inode->i_nlink __u32 mode; // file->f_inode->i_mode __u32 flags; // file->f_flags }; and separate helper that returns struct file_handle ? and ctx rewriting moved to fs/bpf_file_filter.c ?