Received: by 2002:a05:6358:a55:b0:ec:fcf4:3ecf with SMTP id 21csp3862754rwb;
        Mon, 16 Jan 2023 14:16:20 -0800 (PST)
X-Google-Smtp-Source: AMrXdXvkYTZFV4KNbK4B4xoTUVEWPyna2SAkejtrZHckNnn9l+QEeLYfJcP0cu0W9Hkqg+SndmhU
X-Received: by 2002:a05:6a20:ba92:b0:b8:c300:c813 with SMTP id fb18-20020a056a20ba9200b000b8c300c813mr111420pzb.12.1673907379834;
        Mon, 16 Jan 2023 14:16:19 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1673907379; cv=none;
        d=google.com; s=arc-20160816;
        b=p0cQAsLjj2e7rzZigdfw2RkMJiw14puarPOOKCUrrhsdEmxxgQFdFd+nvkehNS95RA
         JOdyjO1RmyFepSZ0/23wrEECxNaASO5EeJxQ/o0J4lEmYBD35mnBSYdndF7+e7VMU5pK
         aOrjWwz3AznX1QaAyKEnTowaY8lB7l1SsmahnJmSwabiiJCfbRr5CyXLoMiVCZgX76zQ
         xNB9BFCxQA2qP3ZHb+HWvXbv1aaQLMaP02J4XJJvAg4p85ydlq5OLp909s7mazv5TU1k
         3mfHPRJ0UcTHSd+AeWK3xHnchuWvnc5voWkmA7z3ZSOWBOJyACxK/r8E+HsajMH00gzW
         a7Nw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=LvEZOyuc5/GFwYRY5UKA2UZ38eM2tbgqq8oAaCFfZ1s=;
        b=R+Ju5wIHw8xtbEs2YIVtrwHQfL3TXwJqenkP87y75sh40zxrGuo6myqp6TnmMwNel2
         eCLrW0gQbJeLPZ65kxpgMBc6HnBN0lRVBMcFNj5/K2/qMK8iaZqgQm8+e8dQpPSQCt4J
         87FUTymw1BhBol/BkxkHbQuBdZDYQ8/LggnAJHaS7jTEPCCxaV1tWFM8lJMUOzVNkgzd
         upWB4+Y8Bp24wu8GoTTo1GjygBp7RQnkfzSAy6BnyfY2G6IjDGdGYHsPP4FKXXocEqxO
         FFyC7fovMwjejMJbPUTyvoZqMLZMnZsfd/Df1b/YB0RDeC7CvBK8IlVM6WhuYyBS4lrb
         pUag==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b="PI9/0VJh";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id i4-20020a63b304000000b0046ebb90e5bdsi31250778pgf.337.2023.01.16.14.16.13;
        Mon, 16 Jan 2023 14:16:19 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b="PI9/0VJh";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S234684AbjAPVjn (ORCPT <rfc822;a.beregalov@gmail.com>
        + 51 others); Mon, 16 Jan 2023 16:39:43 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39354 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S234627AbjAPVji (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 16 Jan 2023 16:39:38 -0500
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 485F82BEF4
        for <linux-kernel@vger.kernel.org>; Mon, 16 Jan 2023 13:39:36 -0800 (PST)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by dfw.source.kernel.org (Postfix) with ESMTPS id D9A076112F
        for <linux-kernel@vger.kernel.org>; Mon, 16 Jan 2023 21:39:35 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 49641C433F1
        for <linux-kernel@vger.kernel.org>; Mon, 16 Jan 2023 21:39:35 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1673905175;
        bh=weET09a+ApawIsIatnvFTDnBOF/EDNC+WndN/Pj7sP8=;
        h=References:In-Reply-To:From:Date:Subject:To:Cc:From;
        b=PI9/0VJhIuleRzqDyGxToT3hXqpP6NAczZ6JAe2nd9+m/ZG0RKcvwojVQDhuLxTzw
         88pwKlBU8AApOlfR5S7NIt/zsRdD71Zq4JyZTw9QOUgZMCldlB74ZhO0x96VAm2J0P
         rBcBUyf3Ki8qVCy+YG+GjX0+H/yvqsGGd1ffaTEUVbaexoM0QdO5rIqSUWRJzc/Avw
         jOhEh3L5G0mjKuBEsZpBidX8dwCRWRn4167xYTsAp8J7QzxeQ4pGkt7DTkbnPLXKWB
         HOXj8EW+DrekEd4HZ+idtCAUdiMztgcBOz+jc5ZiivqZScme2CZ7WGkbVpcsvdkR6B
         oWSS6bDCw5SmA==
Received: by mail-ed1-f51.google.com with SMTP id x10so39566313edd.10
        for <linux-kernel@vger.kernel.org>; Mon, 16 Jan 2023 13:39:35 -0800 (PST)
X-Gm-Message-State: AFqh2kqn//l5+iggOY38WagpoOEFXmnODIeMkZftIlzNOtOe6zBjHkNX
        q7mmGXsYCL2ct4phRFXJ3FhZCj44ay1JQHaSK00IgA==
X-Received: by 2002:a05:6402:194b:b0:49d:ba1:dc82 with SMTP id
 f11-20020a056402194b00b0049d0ba1dc82mr53839edz.312.1673905163253; Mon, 16 Jan
 2023 13:39:23 -0800 (PST)
MIME-Version: 1.0
References: <SJ0PR04MB7248C599DE6F006F94997CF180C39@SJ0PR04MB7248.namprd04.prod.outlook.com>
 <CAADnVQK4ucv=LugqZ3He9ubwdxDu6ohaBKr2E=TX0UT65+7WpQ@mail.gmail.com>
In-Reply-To: <CAADnVQK4ucv=LugqZ3He9ubwdxDu6ohaBKr2E=TX0UT65+7WpQ@mail.gmail.com>
From:   KP Singh <kpsingh@kernel.org>
Date:   Mon, 16 Jan 2023 22:39:12 +0100
X-Gmail-Original-Message-ID: <CACYkzJ75aNbH4w_GzYjrNPKis1x24KOu_33DniY_ig5s3ycobg@mail.gmail.com>
Message-ID: <CACYkzJ75aNbH4w_GzYjrNPKis1x24KOu_33DniY_ig5s3ycobg@mail.gmail.com>
Subject: Re: [PATCH] bpf: Add CONFIG_BPF_HELPER_STRICT
To:     Alexei Starovoitov <alexei.starovoitov@gmail.com>
Cc:     Roland <kernel.pwn@outlook.com>, Ingo Molnar <mingo@redhat.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Juri Lelli <juri.lelli@redhat.com>,
        Vincent Guittot <vincent.guittot@linaro.org>,
        Dietmar Eggemann <dietmar.eggemann@arm.com>,
        Steven Rostedt <rostedt@goodmis.org>, bsegall@google.com,
        Mel Gorman <mgorman@suse.de>, bristot <bristot@redhat.com>,
        vschneid@redhat.com, Alexei Starovoitov <ast@kernel.org>,
        Daniel Borkmann <daniel@iogearbox.net>,
        Andrii Nakryiko <andrii@kernel.org>,
        Martin KaFai Lau <martin.lau@linux.dev>,
        Song Liu <song@kernel.org>, Yonghong Song <yhs@fb.com>,
        John Fastabend <john.fastabend@gmail.com>,
        Stanislav Fomichev <sdf@google.com>,
        Hao Luo <haoluo@google.com>, Jiri Olsa <jolsa@kernel.org>,
        Masami Hiramatsu <mhiramat@kernel.org>,
        LKML <linux-kernel@vger.kernel.org>, bpf <bpf@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI,
        SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Sun, Jan 15, 2023 at 10:32 PM Alexei Starovoitov
<alexei.starovoitov@gmail.com> wrote:
>
> On Fri, Jan 13, 2023 at 11:53 PM Roland <kernel.pwn@outlook.com> wrote:
> >
> > In container environment, ebpf helpers could be used maliciously to
> >    leak information, DOS, even escape from containers.
> >    CONFIG_BPF_HELPER_STRICT is as a mitigation of it.
> >    Related Link: https://rolandorange.zone/report.html
>
> The link is arguing that a process with CAP_SYS_ADMIN permissions
> can read memory of user processes, leak kernel addresses, etc.
> And this is somehow an issue with bpf helpers?
> and your suggested "temporary mitigation" is to CONFIG_BPF=n ?
> While this patch is a "proper fix" ?
> Sorry, but please stay with your "temporary mitigation" forever.

100% agreeing with Alexei here, if you are running your containers
with CAP_SYS_ADMIN there are a lot of other things you need to worry
about than just BPF helpers. You need to revisit your threat model and
consider not using CAP_SYS_ADMIN and more fine grained policies using
Mandatory Access Control.