Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 25 Jun 2019 16:02:57 -0700
From: Alexei Starovoitov <>
To: Mickaël Salaün <>
Cc: LKML <>, Aleksa Sarai <>, 
	Alexander Viro <>, Alexei Starovoitov <>, 
	Andrew Morton <>, Andy Lutomirski <>, 
	Arnaldo Carvalho de Melo <>, Casey Schaufler <>, 
	Daniel Borkmann <>, David Drysdale <>, 
	"David S . Miller" <>, "Eric W . Biederman" <>, 
	James Morris <>, Jann Horn <>, 
	John Johansen <>, Jonathan Corbet <>, 
	Kees Cook <>, Michael Kerrisk <>, 
	Mickaël Salaün <>, 
	Paul Moore <>, Sargun Dhillon <>, 
	"Serge E . Hallyn" <>, Shuah Khan <>, Stephen Smalley <>, 
	Tejun Heo <>, Tetsuo Handa <>, 
	Thomas Graf <>, Tycho Andersen <>, Will Drewry <>, 
	Kernel Hardening <>, Linux API <>, 
	Linux-Fsdevel <>, 
	LSM List <>, 
	Network Development <>
Subject: Re: [PATCH bpf-next v9 02/10] bpf: Add eBPF program subtype and
 is_valid_subtype() verifier

On Tue, Jun 25, 2019 at 3:04 PM Mickaël Salaün <> wrote:
> The goal of the program subtype is to be able to have different static
> fine-grained verifications for a unique program type.
> The struct bpf_verifier_ops gets a new optional function:
> is_valid_subtype(). This new verifier is called at the beginning of the
> eBPF program verification to check if the (optional) program subtype is
> valid.
> The new helper bpf_load_program_xattr() enables to verify a program with
> subtypes.
> For now, only Landlock eBPF programs are using a program subtype (see
> next commits) but this could be used by other program types in the
> future.
> Signed-off-by: Mickaël Salaün <>
> Cc: Alexei Starovoitov <>
> Cc: Daniel Borkmann <>
> Cc: David S. Miller <>
> Link:
> ---
> Changes since v8:
> * use bpf_load_program_xattr() instead of bpf_load_program() and add
>   bpf_verify_program_xattr() to deal with subtypes
> * remove put_extra() since there is no more "previous" field (for now)
> Changes since v7:
> * move subtype in bpf_prog_aux and use only one bit for has_subtype
>   (suggested by Alexei Starovoitov)

sorry to say, but I don't think the landlock will ever land,
since posting huge patches once a year is missing a lot of development
that is happening during that time.
This 2/10 patch is an example.
subtype concept was useful 2 years ago when v6 was posted.
Since then bpf developers faced very similar problem in other parts
and it was solved with 'expected_attach_type' field.
See commit 5e43f899b03a ("bpf: Check attach type at prog load time")
dated March 2018.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.