Received: by 2002:ac0:da4c:0:0:0:0:0 with SMTP id a12csp271557imi; Thu, 21 Jul 2022 21:34:55 -0700 (PDT) X-Google-Smtp-Source: AGRyM1tko+d40x2xM/CvWaFZ35KWcunEbps923gw0tGCRkNkTKLgVk7Y3w0whNIIGMz4ulnDlJn3 X-Received: by 2002:a17:90a:7c4a:b0:1f2:2826:f2c7 with SMTP id e10-20020a17090a7c4a00b001f22826f2c7mr1973273pjl.94.1658464495166; Thu, 21 Jul 2022 21:34:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1658464495; cv=none; d=google.com; s=arc-20160816; b=acxgn27cma8fAmDVOg+VOemQKtxgyP/MU5w/aNgNVcpD3dpIRUTFEx1EyzfQ7ZlSgG +AEt/3XAM+QYjAdG7KkJGaeC3CytpdNRQ6Kz0moSKMIKFVEuSUORD1mHlDOJCFno64R1 JSoCbhmsEWsLSqy+Xcbta7Tg1zMoryRmqYv8kPJ/smClMGwgHkqzf6dHPIfbR2lJWzeR ECrGD7fJ2HHN5Ov7CTHirUKLwYBqQ5ef1FJ+HwaePau3vtE0xmt0Z7SpDO2IgV8iHzoT Rv0SLHY5srsQ1hnfvkR6VKZwu3iqEvg0zGEQizjLhZb/vp03AeTaW7LRUCUjTh/fGSIh pDTQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=wK85Xq29MVxgOXn1JQxYSaRa292CjnMXvVLzF3E2ehs=; b=QlVZkjmoFuNKZSPqZ+dtrLljOKYwijMx0wvvO1h0xXMKSv01XYUrc145/VE/UZASKo r9zKjwem5PyagfNriWtjXE80NR00t6iiN0ZR6STQV+PcwZiiP+qEvd1lvAweDWNUi3Sz fsszTdAvV5JvgXq0ohXO8SaM9zrTbUYJoqvedugt5Mey+LR9svVpaf84n7lMRW41VYBR wIUX8BKDVjFnj97ldCEYZ1eRsq2Pfb68UMz8L54N5wHkjxdug7/FcRoe4g/k8Qs1pJVI QKBInN9bCuPF2SeQD5MN4IP2gh/UpKfFISVM3CORn43KEKgFRu1+L7qoapY9gOl21A4W Vu1g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=ECaI9A6n; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id j71-20020a638b4a000000b004160a07032dsi4220309pge.35.2022.07.21.21.34.25; Thu, 21 Jul 2022 21:34:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=ECaI9A6n; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233913AbiGVETI (ORCPT + 99 others); Fri, 22 Jul 2022 00:19:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50162 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229479AbiGVETE (ORCPT ); Fri, 22 Jul 2022 00:19:04 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 3ECD097D48 for ; Thu, 21 Jul 2022 21:18:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1658463538; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=wK85Xq29MVxgOXn1JQxYSaRa292CjnMXvVLzF3E2ehs=; b=ECaI9A6nq7NTfmK0u9ypdsIL2W9VoD88CcecK2sirKfmFK6ZwzjOxupN6pY+h72LYFhZXU NVXb+TI8eOw3zjVnMvZ1+q49alOarWZ2RFNUBJA76SOGM9shkB4IJQVMPNEnJ7qaMmh6Cx fahc/cDNaT3LKFeo/2HEc+8jk2ZY+IA= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-595-uUaWnyf5OmCIHZbOcQbvPw-1; Fri, 22 Jul 2022 00:18:51 -0400 X-MC-Unique: uUaWnyf5OmCIHZbOcQbvPw-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id A7548811E7A; Fri, 22 Jul 2022 04:18:50 +0000 (UTC) Received: from sparkplug.usersys.redhat.com (unknown [10.40.192.7]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 41D48404754B; Fri, 22 Jul 2022 04:18:48 +0000 (UTC) Date: Fri, 22 Jul 2022 06:18:45 +0200 From: Artem Savkov To: Alexei Starovoitov Cc: Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , bpf , Network Development , LKML , Andrea Arcangeli , Daniel Vacek , Jiri Olsa , Song Liu Subject: Re: [PATCH bpf-next 1/4] bpf: add BPF_F_DESTRUCTIVE flag for BPF_PROG_LOAD Message-ID: References: <20220720114652.3020467-1-asavkov@redhat.com> <20220720114652.3020467-2-asavkov@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: X-Scanned-By: MIMEDefang 2.84 on 10.11.54.1 X-Spam-Status: No, score=-3.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW, SPF_HELO_NONE,SPF_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jul 21, 2022 at 07:02:07AM -0700, Alexei Starovoitov wrote: > On Wed, Jul 20, 2022 at 4:47 AM Artem Savkov wrote: > > > > +/* If BPF_F_DESTRUCTIVE is used in BPF_PROG_LOAD command, the loaded program > > + * will be able to perform destructive operations such as calling bpf_panic() > > + * helper. > > + */ > > +#define BPF_F_DESTRUCTIVE (1U << 6) > > I don't understand what value this flag provides. > > bpf prog won't be using kexec accidentally. > Requiring user space to also pass this flag seems pointless. bpf program likely won't. But I think it is not uncommon for people to run bpftrace scripts they fetched off the internet to run them without fully reading the code. So the idea was to provide intermediate tools like that with a common way to confirm user's intent without implementing their own guards around dangerous calls. If that is not a good enough of a reason to add the flag I can drop it. -- Artem