Received: by 2002:a05:6358:e9c4:b0:b2:91dc:71ab with SMTP id hc4csp4705830rwb; Mon, 8 Aug 2022 05:55:26 -0700 (PDT) X-Google-Smtp-Source: AA6agR5GyRZhjwhRkNpTs3obWVbS7uabN0LUXAEaIaqm32eGtc5pgO4okjbFuSVu4hhKxMUYbuYD X-Received: by 2002:a05:6402:538a:b0:43a:298e:bc2b with SMTP id ew10-20020a056402538a00b0043a298ebc2bmr17717476edb.125.1659963325966; Mon, 08 Aug 2022 05:55:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1659963325; cv=none; d=google.com; s=arc-20160816; b=EeMrxif9+pUhHQF8y9gVdAjy4HBUxeML5JD4W1pXw34pJPGOWdtKSxpXXUndj+eSDw pmLT+iCIRudV8gzT2g4PZcGRXxCeMpJY+MdJ9VT+lXUc7j28zhUm67ITFyk5IB/tPced aq54pqvJFVT8QAzfTtz1GQJs452yVKS1yNMmo1el8V4ILckjF5adeVZibSixmBV3QGPi 77GLKvtM9fR7/BzHCrK/RqsDQ4qPHWwMzkUc2e5Kd+djVxIb3avDFSodPdqbESw9PVlf gWLEwGPnmPNRP79s7evBVWnR+D18MQG6cZ7JcVjALFgu/czWg9CEfuDem2ecM/cCvBBJ fBsA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:mail-followup-to:message-id:subject:cc:to:from:date :dkim-signature; bh=TrFh1uBMq/fvCw2kODakluoaRrhdWrjukcnqYlihIj0=; b=mnQTyD+ssVmpssWQHBo+wbSvpFViaBkeU0IvBn881GFsmJidTrm4ZLrlXTTfSPO1BN k3sQXsrrlqBQ+xgpd1+SwQ3kwsC2zP9+YLTwcFE1ZVkQRDHU2Zd40zMcmrtNSIMffRIK SeBBX48cilBAyBEEPA1gI490m6y8Eyl3JaE2Sf38oLuyVBjCfOhCDyigxuP+Bjzip+kt QqyCK3T8jACtsQ87Vikn9c/PWKY+nn46Y04zdEmPtBRPQwP8ZxzYmWNnVQYyVARFyNNs NOXIyoprpGgrXT2T2FQawOa88DvaEyvUgqcKHkUcbGdDVBzURfCGo5V+2C9RYEX4k+Gm uLPw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=Pi0OakUe; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id nb38-20020a1709071ca600b00727c6ac5e27si12671888ejc.388.2022.08.08.05.55.01; Mon, 08 Aug 2022 05:55:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=Pi0OakUe; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242399AbiHHMlR (ORCPT + 99 others); Mon, 8 Aug 2022 08:41:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58400 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242166AbiHHMlP (ORCPT ); Mon, 8 Aug 2022 08:41:15 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id E3EEA6447 for ; Mon, 8 Aug 2022 05:41:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1659962474; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=TrFh1uBMq/fvCw2kODakluoaRrhdWrjukcnqYlihIj0=; b=Pi0OakUesJvhbh/0Y034j/b2O9PnwbdapL8HcOGFEuVzosUZVvwThqOvLjJAZWiLnsFmVE F+ao0Dxe9I0J5reY3TttougznUQiHSVHmZFGvurmfu4x/3q6SAPYF0YX8XOGYgbmgzskH4 oIJjrGhfpqFSObmCgqK+M10elLIO8FY= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-134-eiN6VEufMYamlUmCExinFg-1; Mon, 08 Aug 2022 08:41:09 -0400 X-MC-Unique: eiN6VEufMYamlUmCExinFg-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 8383D957BA1; Mon, 8 Aug 2022 12:41:08 +0000 (UTC) Received: from samus.usersys.redhat.com (unknown [10.40.194.133]) by smtp.corp.redhat.com (Postfix) with ESMTPS id ABE6618ECC; Mon, 8 Aug 2022 12:41:05 +0000 (UTC) Date: Mon, 8 Aug 2022 14:41:02 +0200 From: Artem Savkov To: Kumar Kartikeya Dwivedi Cc: Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , bpf@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Andrea Arcangeli , Daniel Vacek , Jiri Olsa , Song Liu , Daniel Xu Subject: Re: [PATCH bpf-next v3 1/3] bpf: add destructive kfunc flag Message-ID: Mail-Followup-To: Kumar Kartikeya Dwivedi , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , bpf@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Andrea Arcangeli , Daniel Vacek , Jiri Olsa , Song Liu , Daniel Xu References: <20220808094623.387348-1-asavkov@redhat.com> <20220808094623.387348-2-asavkov@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Aug 08, 2022 at 02:14:33PM +0200, Kumar Kartikeya Dwivedi wrote: > On Mon, 8 Aug 2022 at 11:48, Artem Savkov wrote: > > > > Add KF_DESTRUCTIVE flag for destructive functions. Functions with this > > flag set will require CAP_SYS_BOOT capabilities. > > > > Signed-off-by: Artem Savkov > > --- > > include/linux/btf.h | 1 + > > kernel/bpf/verifier.c | 5 +++++ > > 2 files changed, 6 insertions(+) > > > > diff --git a/include/linux/btf.h b/include/linux/btf.h > > index cdb376d53238..51a0961c84e3 100644 > > --- a/include/linux/btf.h > > +++ b/include/linux/btf.h > > @@ -49,6 +49,7 @@ > > * for this case. > > */ > > #define KF_TRUSTED_ARGS (1 << 4) /* kfunc only takes trusted pointer arguments */ > > +#define KF_DESTRUCTIVE (1 << 5) /* kfunc performs destructive actions */ > > > > Please also document this flag in Documentation/bpf/kfuncs.rst. Ok, will do. > And maybe instead of KF_DESTRUCTIVE, it might be more apt to call this > KF_CAP_SYS_BOOT. While it is true you had a destructive flag for > programs being loaded earlier, so there was a mapping between the two > UAPI and kfunc flags, what it has boiled down to is that this flag > just requires CAP_SYS_BOOT (in addition to other capabilities) during > load. So that name might express the intent a bit better. We might > soon have similar flags encoding requirements of other capabilities on > load. > > The flag rename is just a suggestion, up to you. This makes sense right now, but if going forward we'll add stricter signing requirements or other prerequisites we'll either have to rename the flag back, or add those as separate flags. I guess the decision here depends on whether some of non-destructive bpf programs might ever require CAP_SYS_BOOT capabilities or not. -- Artem