On Mon, 25 May 2020 14:15:32 +0200 Toke Høiland-Jørgensen <t...@redhat.com> wrote:
> David Ahern <dsah...@gmail.com> writes: > > > On 5/22/20 9:59 AM, Toke Høiland-Jørgensen wrote: > >> David Ahern <dsah...@kernel.org> writes: > >> > >>> Implementation of Daniel's proposal for allowing DEVMAP entries to be > >>> a device index, program id pair. Daniel suggested an fd to specify the > >>> program, but that seems odd to me that you insert the value as an fd, but > >>> read it back as an id since the fd can be closed. > >> > >> While I can be sympathetic to the argument that it seems odd, every > >> other API uses FD for insert and returns ID, so why make it different > >> here? Also, the choice has privilege implications, since the CAP_BPF > >> series explicitly makes going from ID->FD a more privileged operation > >> than just querying the ID. Sorry, I don't follow. Can someone explain why is inserting an ID is a privilege problem? > > > > I do not like the model where the kernel changes the value the user > > pushed down. > > Yet it's what we do in every other interface where a user needs to > supply a program, including in prog array maps. So let's not create a > new inconsistent interface here... I sympathize with Ahern on this. It seems very weird to insert/write one value-type, but read another value-type. -- Best regards, Jesper Dangaard Brouer MSc.CS, Principal Kernel Engineer at Red Hat LinkedIn: http://www.linkedin.com/in/brouer
