Re: [PATCH net-next 4/6] bpf: track if the bpf program was loaded with SYS_ADMIN capabilities

On Thu, 27 Apr 2017 07:49:29 -0700, Alexei Starovoitov wrote: > there are bunch of other things that influence verifier. > should we add all of them ? Sure, why not? It's always good to be able to see the complete input conditions while debugging. Jiri

Re: [PATCH net-next 4/6] bpf: track if the bpf program was loaded with SYS_ADMIN capabilities

On Thu, Apr 27, 2017 at 6:17 AM, Hannes Frederic Sowa wrote: > > cap_sys_admin influences the verifier a lot in terms which programs are > accepted and which are not. So during investigations it might be even > interesting if the bpf program required those special

Re: [PATCH net-next 4/6] bpf: track if the bpf program was loaded with SYS_ADMIN capabilities

Hi, On 26.04.2017 23:08, Alexei Starovoitov wrote: > On Wed, Apr 26, 2017 at 08:24:17PM +0200, Hannes Frederic Sowa wrote: >> Signed-off-by: Hannes Frederic Sowa >> --- >> include/linux/filter.h | 6 -- >> kernel/bpf/core.c | 4 +++- >> kernel/bpf/syscall.c

Re: [PATCH net-next 4/6] bpf: track if the bpf program was loaded with SYS_ADMIN capabilities

On 26.04.2017 23:04, Daniel Borkmann wrote: > On 04/26/2017 08:24 PM, Hannes Frederic Sowa wrote: >> diff --git a/net/core/filter.c b/net/core/filter.c >> index 9a37860a80fc78..dc020d40bb770a 100644 >> --- a/net/core/filter.c >> +++ b/net/core/filter.c >> @@ -1100,7 +1100,7 @@ int

Re: [PATCH net-next 4/6] bpf: track if the bpf program was loaded with SYS_ADMIN capabilities

Hi Hannes, [auto build test WARNING on net-next/master] url: https://github.com/0day-ci/linux/commits/Hannes-Frederic-Sowa/bpf-list-all-loaded-ebpf-programs-in-proc-bpf-programs/20170427-090839 reproduce: # apt-get install sparse make ARCH=x86_64 allmodconfig make C=1

Re: [PATCH net-next 4/6] bpf: track if the bpf program was loaded with SYS_ADMIN capabilities

Hi Hannes, [auto build test ERROR on net-next/master] url: https://github.com/0day-ci/linux/commits/Hannes-Frederic-Sowa/bpf-list-all-loaded-ebpf-programs-in-proc-bpf-programs/20170427-090839 config: x86_64-rhel (attached as .config) compiler: gcc-6 (Debian 6.2.0-3) 6.2.0 20160901 reproduce:

Re: [PATCH net-next 4/6] bpf: track if the bpf program was loaded with SYS_ADMIN capabilities

On Wed, Apr 26, 2017 at 08:24:17PM +0200, Hannes Frederic Sowa wrote: > Signed-off-by: Hannes Frederic Sowa > --- > include/linux/filter.h | 6 -- > kernel/bpf/core.c | 4 +++- > kernel/bpf/syscall.c | 7 --- > kernel/bpf/verifier.c | 4 ++-- >

Re: [PATCH net-next 4/6] bpf: track if the bpf program was loaded with SYS_ADMIN capabilities

On 04/26/2017 08:24 PM, Hannes Frederic Sowa wrote: Signed-off-by: Hannes Frederic Sowa Ahh, looks this got swapped with 3/6. --- include/linux/filter.h | 6 -- kernel/bpf/core.c | 4 +++- kernel/bpf/syscall.c | 7 --- kernel/bpf/verifier.c |

[PATCH net-next 4/6] bpf: track if the bpf program was loaded with SYS_ADMIN capabilities

Signed-off-by: Hannes Frederic Sowa --- include/linux/filter.h | 6 -- kernel/bpf/core.c | 4 +++- kernel/bpf/syscall.c | 7 --- kernel/bpf/verifier.c | 4 ++-- net/core/filter.c | 6 +++--- 5 files changed, 16 insertions(+), 11 deletions(-) diff