Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp58259ybe; Thu, 12 Sep 2019 15:36:14 -0700 (PDT) X-Google-Smtp-Source: APXvYqycwDmjWnmVptuXwp65Tc2VX6Tq0HTa2XrUC4yDbW5gKFXsIC1uK23qQUYv6Wkn/wgBg0WO X-Received: by 2002:a05:6402:1447:: with SMTP id d7mr44416184edx.146.1568327774090; Thu, 12 Sep 2019 15:36:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1568327774; cv=none; d=google.com; s=arc-20160816; b=KdNnsyOOmLtzLvx0d5sO1eladvOEcwa/Mk0ZldWVvv3xyvdc/ir6v0lbiTfop9sdAb kzy1zAPxcJ6ptvcCCX4KIKglYLpI3jYQQsQDjYHje+LWrBAGiVkE5ZtKmjy4hqcInsV9 iSdeUrDyTK02qSqLZGcqFR0j7OK0tJ6MdF9FtEvH4RI8B560v4Sga4rvBAu+Vt6hmlLA XscLi9GUWZmBcrg+cI2tEXZV6hTq90SRLLw66Q4TcxOpC2LF10/nyIPkX+P8bxtseu36 lvPfjh3QhQFcadi7k6YGhRawHYIDpyjP9PhdaGmRBoWJyJZX18JNIG5OYx8BNcuse3lI 2mMA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=9wRQrow4UfJ6ztoHYRc60iXbG4ypvNvP3NWX1o5yGbc=; b=rIOxeuUaARw6zXs9XadC2wx2D2HJLas5IP5hIv0dYo2sE4xBq2JEMMEaIo1lxWRGQR 0R1gqmcZGAJVbwZolfZBvYfjLBO/hBstC0RMRIgghxloCzblifk/vZ0jKNWf8xk+7p0W dn0GnyDzILiiJgLY5iRORUOeVPYjCYFaHeQ9DdZDn4+BMRv9/Y7I/alAQ19DP+QBr8OP aoyvDi94pkyX4Jdfn2u/e7yjkBdVr8tLRGPzPyzeDbdJ6Er5ByHQLarrPLrfrFGBHMpp td5+pynsF/SFUNJlQi47eHymGU+AHQdmdXgHHS1tii+MLpQLaY1fWnbWU+suDFQV8I38 e2XA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=PxELN7yr; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d15si16523468edb.7.2019.09.12.15.35.45; Thu, 12 Sep 2019 15:36:14 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=PxELN7yr; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387409AbfILWBk (ORCPT + 99 others); Thu, 12 Sep 2019 18:01:40 -0400 Received: from mail-vs1-f68.google.com ([209.85.217.68]:34048 "EHLO mail-vs1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727041AbfILWBk (ORCPT ); Thu, 12 Sep 2019 18:01:40 -0400 Received: by mail-vs1-f68.google.com with SMTP id g14so11756225vsp.1 for ; Thu, 12 Sep 2019 15:01:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=9wRQrow4UfJ6ztoHYRc60iXbG4ypvNvP3NWX1o5yGbc=; b=PxELN7yrSwTB4xo+2bLpaVJfsP1CZ2XgWh4CMmNQvMkqXfQeFK5XwkVPe2b+VnYE+T aWltXDhAKAhl4Lo0eaUv1JtyqdJ17dnMJrI0kWwghWC4TKIlZl6BPMLwqSR9GvwnWpXL 3dQq6KK38SlBWbbBlJ/0K+vRSQXhJOZPXgflx2PBroAmY67bxncD7pbewZaNmvtPqex1 ePDs8fRmPHjPeXMj1NIYkGC78AZ9pL27uLr9CC3DxmsNegLlJgpSZqflsteh22E+fZe1 CYeXys+yzL6ieW45Q6qHa8+IByR8hLKatwtP9WFg+vSd0+2i2XO+R6j8Qkp9q53J6ZWc TFuw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=9wRQrow4UfJ6ztoHYRc60iXbG4ypvNvP3NWX1o5yGbc=; b=Z1+2G2xjrCy4rVVu7dVMzt3fqsvacAiocGp1AKBfJXQxdljUYx5KVevvLzwkVkljiK rIv9UMJmQrjCnR4L6ZVHp43rPDuNu21gm/Ak0+JQWLz54Qe8Cezi6FHLM9M2QCXewjlx h0LrWvyOzWU4Z/vfTM829WUx96H0j1lrrHauCyB8VxigJHRLn/DadrU6puWmKcwGIqm7 0XtkMq4w6TGMhj+QZDCM1eGlh1MrwfLv37IuvhSK0bnSNWVTdvkac6InZ2pGGkk5LJ1k o1l2abGoqI1LvkJV4tMX2peIygUFFHJVLlv8t6aG8knXN+b+oikuHzgEDb5Ks59mVZXd yDZw== X-Gm-Message-State: APjAAAV/g5cqjPrZ+m3KeThPOsXCMteiDdVHbND4xq2beh2zQLMLSK7q +/qvPdj3+L8nGWgBlkjWQDXPofQIx3xST7l/ih/I/g== X-Received: by 2002:a67:b911:: with SMTP id q17mr22872278vsn.104.1568325698476; Thu, 12 Sep 2019 15:01:38 -0700 (PDT) MIME-Version: 1.0 References: <20190909223236.157099-1-samitolvanen@google.com> <4f4136f5-db54-f541-2843-ccb35be25ab4@fb.com> <20190910172253.GA164966@google.com> <87impzt4pu.fsf@toke.dk> <87sgp1ssfk.fsf@toke.dk> In-Reply-To: <87sgp1ssfk.fsf@toke.dk> From: Sami Tolvanen Date: Thu, 12 Sep 2019 15:01:26 -0700 Message-ID: Subject: Re: [PATCH] bpf: validate bpf_func when BPF_JIT is enabled To: =?UTF-8?B?VG9rZSBIw7hpbGFuZC1Kw7hyZ2Vuc2Vu?= Cc: =?UTF-8?B?QmrDtnJuIFTDtnBlbA==?= , Yonghong Song , Alexei Starovoitov , Daniel Borkmann , Kees Cook , Martin Lau , Song Liu , "netdev@vger.kernel.org" , "bpf@vger.kernel.org" , "linux-kernel@vger.kernel.org" , Jesper Dangaard Brouer Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Sep 12, 2019 at 3:52 AM Toke H=C3=B8iland-J=C3=B8rgensen wrote: > I think it would be good if you do both. I'm a bit worried that XDP > performance will end up in a "death by a thousand paper cuts" situation, > so I'd rather push back on even relatively small overheads like this; so > being able to turn it off in the config would be good. OK, thanks for the feedback. In that case, I think it's probably better to wait until we have CFI ready for upstreaming and use the same config for this one. > Can you share more details about what the "future CFI checking" is > likely to look like? Sure, I posted an overview of CFI and what we're doing in Pixel devices her= e: https://android-developers.googleblog.com/2018/10/control-flow-integrity-in= -android-kernel.html Sami