David Ahern <dsah...@gmail.com> writes: > On 5/22/20 9:59 AM, Toke Høiland-Jørgensen wrote: >> David Ahern <dsah...@kernel.org> writes: >> >>> Implementation of Daniel's proposal for allowing DEVMAP entries to be >>> a device index, program id pair. Daniel suggested an fd to specify the >>> program, but that seems odd to me that you insert the value as an fd, but >>> read it back as an id since the fd can be closed. >> >> While I can be sympathetic to the argument that it seems odd, every >> other API uses FD for insert and returns ID, so why make it different >> here? Also, the choice has privilege implications, since the CAP_BPF >> series explicitly makes going from ID->FD a more privileged operation >> than just querying the ID. >> > > I do not like the model where the kernel changes the value the user > pushed down.
Yet it's what we do in every other interface where a user needs to supply a program, including in prog array maps. So let's not create a new inconsistent interface here... -Toke
