Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp19100817ybl; Fri, 3 Jan 2020 15:53:55 -0800 (PST) X-Google-Smtp-Source: APXvYqxFlVTa4v/g0B7/OUypxomGpm/ipBsKwfLDQlHKSJdBsEgbKFK6j7QMgxo3JXQlMb9SKRz6 X-Received: by 2002:a05:6830:139a:: with SMTP id d26mr103997903otq.75.1578095635294; Fri, 03 Jan 2020 15:53:55 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1578095635; cv=none; d=google.com; s=arc-20160816; b=hCQVaQuxFmi3mYnjl8/ATIBSmJc3iWt3l6ylorJ/XL7GMdkPaD7ef2CFZuVLqycVhi cDYnpsPhjTAfIW9sYKiN9lCLS39LSpCkxOQGdLfEWNQzcHLPTZRDFZdWq+xIUuzRJuLC HnF5HGr0uNcYBoOHkCCQTKEy6kD6OH/WdlTquzCXZo5bptIL0NCLNhmlvgjYaiao3ZUm 8nCDD/Whm/iWD6X52UpaDAOue5VtARjwaTSWRFb5D6BqnhNRD2fN9dwAnWI7Q+Elp9Q4 7CqQgjq/KCu2EgFD6Jqf7HtLfrlcpkAiOQShBOJ0rIEc0EUBiVZ9XJONcDn6Ff7pVrA6 nHpg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:date:from:dkim-signature; bh=Dz/v20Hft+ZxPT9oFbtS2gq/bqz6agzFQsRm4OWF9jI=; b=XJMBZ8Jr4ZkoO+pwh+deLI9MVMgXoX8ky+0NXWf2tigm0AXJny1RNFmNqgP8jiFqDx s7kNPkTMOSPTD0m1xZnUzfKH109cxsY9fh3iZoI4wXLLBObcRbWiZ0lfEpfiCPMq6l3n GpImA+SpTOO8c9ANxqh4BhEZppnyxUUAtrYiLq2EO3g/vJu+070Z1ICQqBoGgk8QXLou hPKMweQxSzzCxFSju7Nw67Pn+xliBmBPOqhnGPs+k4PsSymOUYrqEU6YB5vZOS2bFQ1O DErIe8w29AARgoQVYPunNvA5iafcV8Sk4Ho0UUvmUHZmnYXUkmv120Ld11a9RXmS5eZr /4Ig== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=dManOXxG; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j16si32706460otq.23.2020.01.03.15.53.42; Fri, 03 Jan 2020 15:53:55 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=dManOXxG; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726477AbgACXxC (ORCPT + 99 others); Fri, 3 Jan 2020 18:53:02 -0500 Received: from mail-wr1-f67.google.com ([209.85.221.67]:36725 "EHLO mail-wr1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726299AbgACXxC (ORCPT ); Fri, 3 Jan 2020 18:53:02 -0500 Received: by mail-wr1-f67.google.com with SMTP id z3so43899183wru.3 for ; Fri, 03 Jan 2020 15:53:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:date:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=Dz/v20Hft+ZxPT9oFbtS2gq/bqz6agzFQsRm4OWF9jI=; b=dManOXxGrlMaiJ/ynRgu1yCFdEcpD/AOSQkNls79QUWBWSYjqzY2BKe0B0CrbI6idm /dTj664fZOcZ3w0IhkkGvGKo0ZgQ5ovhCuxPUi0qIp8QbhJLqznWHjkdBBukcve8aOSq D6Arnnq/Btsydx/BvYbkVW+yAtU/2+76NlCYo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:date:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=Dz/v20Hft+ZxPT9oFbtS2gq/bqz6agzFQsRm4OWF9jI=; b=W/KV2iG25RLsMkFWmy2v5MwaxJQFntjftYm5p0WQmEgrlojFYGl1mRhMrAhKYp5GFu qpAp4zl8pDcNxSvdk7z2HAFDT2SjIs8yVeY/WaAbF0wkzLaasnk0NBJCMlACVrqt5lZB 9Jr1rCBYL0VIjhBmHxYa5chxTbaeu51mR/Vh5gRnI2/8L2ekHvYA04RbHQ8gU/g7Ukfx eAqhsIC7twQurSfLCNXQTrtXPP1coKUaLEBONJ5v191eiVW9cQWh/Vt3nLs/3jmJV8Mj tHvTBgaBEfwvJo80QcvKEvLYz2punKGE0ueMuKWHDEQIPah1TwKdyz7fSa8I/TwhqwLp 2WDw== X-Gm-Message-State: APjAAAUh4CksmVM2eLYYySHWqLSiuGuU9e3GzElxrBYnj5tnvfr7gvdn HQVYrHXN6Z41w9rkgxbDzkkwJg== X-Received: by 2002:adf:fac1:: with SMTP id a1mr87185425wrs.376.1578095579772; Fri, 03 Jan 2020 15:52:59 -0800 (PST) Received: from chromium.org (77-56-209-237.dclient.hispeed.ch. [77.56.209.237]) by smtp.gmail.com with ESMTPSA id n14sm13436895wmi.26.2020.01.03.15.52.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Jan 2020 15:52:59 -0800 (PST) From: KP Singh X-Google-Original-From: KP Singh Date: Sat, 4 Jan 2020 00:53:13 +0100 To: Kees Cook Cc: Andrii Nakryiko , open list , bpf , linux-security-module@vger.kernel.org, Alexei Starovoitov , Daniel Borkmann , James Morris , Thomas Garnier , Michael Halcrow , Paul Turner , Brendan Gregg , Jann Horn , Matthew Garrett , Christian Brauner , =?iso-8859-1?Q?Micka=EBl_Sala=FCn?= , Florent Revest , Brendan Jackman , Martin KaFai Lau , Song Liu , Yonghong Song , "Serge E. Hallyn" , Mauro Carvalho Chehab , "David S. Miller" , Greg Kroah-Hartman , Nicolas Ferre , Stanislav Fomichev , Quentin Monnet , Andrey Ignatov , Joe Stringer Subject: Re: [PATCH bpf-next v1 06/13] bpf: lsm: Init Hooks and create files in securityfs Message-ID: <20200103235313.GA23199@chromium.org> References: <20191220154208.15895-1-kpsingh@chromium.org> <20191220154208.15895-7-kpsingh@chromium.org> <20191230153711.GD70684@google.com> <201912301119.B475C474@keescook> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <201912301119.B475C474@keescook> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 30-Dez 11:20, Kees Cook wrote: > On Mon, Dec 30, 2019 at 04:37:11PM +0100, KP Singh wrote: > > On 23-Dec 22:28, Andrii Nakryiko wrote: > > > On Fri, Dec 20, 2019 at 7:43 AM KP Singh wrote: > > > [...] > > > > Good catch! You're right. These macros will not be there in v2 as > > we move to using trampolines based callbacks. > > Speaking of which -- is the BPF trampoline code correctly designed to be > W^X? Thanks for pointing this out! I don't think this is the case as of now. The dispatcher logic and the tracing programs allocate one page where one half of it is used for the active trampoline and the other half is used as a staging area for a future replacement. I sent a patch as an attempt to fix this: https://lore.kernel.org/bpf/20200103234725.22846-1-kpsingh@chromium.org/T/#u - KP > > -- > Kees Cook