Re: [PATCH net-next 1/2] bpf: enable non-root eBPF programs

From: Alexei Starovoitov
Date: Wed Oct 07 2015 - 22:29:56 EST

Next message: kernel test robot: "[lkp] [dm ioctl] e817ef9b89: kernel BUG at mm/slub.c:3517!"
Previous message: Xishi Qiu: "[PATCH] mm: skip if required_kernelcore is larger than totalpages"
In reply to: Alexei Starovoitov: "Re: [PATCH net-next 1/2] bpf: enable non-root eBPF programs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 10/5/15 1:48 PM, Alexei Starovoitov wrote:

Unprivileged socket filter bpf programs have access to the
following helper functions:
- map lookup/update/delete (but they cannot store kernel pointers into them)
- get_random (it's already exposed to unprivileged user space)
- get_smp_processor_id
- tail_call into another socket filter program
- ktime_get_ns
- bpf_trace_printk (for debugging)

while reviewing everything for Nth time realized that
bpf_trace_printk is useless for unprivileged users, since
trace_pipe is root only.
So going to drop it in V2.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: kernel test robot: "[lkp] [dm ioctl] e817ef9b89: kernel BUG at mm/slub.c:3517!"
Previous message: Xishi Qiu: "[PATCH] mm: skip if required_kernelcore is larger than totalpages"
In reply to: Alexei Starovoitov: "Re: [PATCH net-next 1/2] bpf: enable non-root eBPF programs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]