Re: [PATCH 3/6] ebpf: add a way to dump an eBPF program

2015-09-09 Thread Tycho Andersen
On Wed, Sep 09, 2015 at 05:44:06PM -0700, Andy Lutomirski wrote: > On Wed, Sep 9, 2015 at 5:13 PM, Tycho Andersen > wrote: > > On Wed, Sep 09, 2015 at 04:44:24PM -0700, Andy Lutomirski wrote: > >> On Wed, Sep 9, 2015 at 3:34 PM, Tycho Andersen > >> wrote: > >> > > >> > Here's a thought, > >> > >

Re: [PATCH 3/6] ebpf: add a way to dump an eBPF program

2015-09-09 Thread Andy Lutomirski
On Wed, Sep 9, 2015 at 5:13 PM, Tycho Andersen wrote: > On Wed, Sep 09, 2015 at 04:44:24PM -0700, Andy Lutomirski wrote: >> On Wed, Sep 9, 2015 at 3:34 PM, Tycho Andersen >> wrote: >> > >> > Here's a thought, >> > >> > The set I'm currently proposing effectively separates the ref-counting >> > of

Re: [PATCH 3/6] ebpf: add a way to dump an eBPF program

2015-09-09 Thread Tycho Andersen
On Wed, Sep 09, 2015 at 04:44:24PM -0700, Andy Lutomirski wrote: > On Wed, Sep 9, 2015 at 3:34 PM, Tycho Andersen > wrote: > > > > Here's a thought, > > > > The set I'm currently proposing effectively separates the ref-counting > > of the struct seccomp_filter from the struct bpf_prog (by necessit

Re: [PATCH 3/6] ebpf: add a way to dump an eBPF program

2015-09-09 Thread Andy Lutomirski
On Wed, Sep 9, 2015 at 3:34 PM, Tycho Andersen wrote: > On Fri, Sep 04, 2015 at 06:27:27PM -0600, Tycho Andersen wrote: >> On Fri, Sep 04, 2015 at 04:08:53PM -0700, Andy Lutomirski wrote: >> > On Fri, Sep 4, 2015 at 3:28 PM, Tycho Andersen >> > wrote: >> > > On Fri, Sep 04, 2015 at 02:48:03PM -07

Re: [PATCH 3/6] ebpf: add a way to dump an eBPF program

2015-09-09 Thread Tycho Andersen
On Fri, Sep 04, 2015 at 06:27:27PM -0600, Tycho Andersen wrote: > On Fri, Sep 04, 2015 at 04:08:53PM -0700, Andy Lutomirski wrote: > > On Fri, Sep 4, 2015 at 3:28 PM, Tycho Andersen > > wrote: > > > On Fri, Sep 04, 2015 at 02:48:03PM -0700, Andy Lutomirski wrote: > > >> On Fri, Sep 4, 2015 at 1:45

Re: [PATCH 3/6] ebpf: add a way to dump an eBPF program

2015-09-04 Thread Tycho Andersen
On Fri, Sep 04, 2015 at 04:08:53PM -0700, Andy Lutomirski wrote: > On Fri, Sep 4, 2015 at 3:28 PM, Tycho Andersen > wrote: > > On Fri, Sep 04, 2015 at 02:48:03PM -0700, Andy Lutomirski wrote: > >> On Fri, Sep 4, 2015 at 1:45 PM, Tycho Andersen > >> wrote: > >> > On Fri, Sep 04, 2015 at 01:17:30PM

Re: [PATCH 3/6] ebpf: add a way to dump an eBPF program

2015-09-04 Thread Andy Lutomirski
On Fri, Sep 4, 2015 at 4:27 PM, Kees Cook wrote: > On Fri, Sep 4, 2015 at 3:28 PM, Tycho Andersen > wrote: >> On Fri, Sep 04, 2015 at 02:48:03PM -0700, Andy Lutomirski wrote: >>> On Fri, Sep 4, 2015 at 1:45 PM, Tycho Andersen >>> wrote: >>> > On Fri, Sep 04, 2015 at 01:17:30PM -0700, Kees Cook w

Re: [PATCH 3/6] ebpf: add a way to dump an eBPF program

2015-09-04 Thread Kees Cook
On Fri, Sep 4, 2015 at 3:28 PM, Tycho Andersen wrote: > On Fri, Sep 04, 2015 at 02:48:03PM -0700, Andy Lutomirski wrote: >> On Fri, Sep 4, 2015 at 1:45 PM, Tycho Andersen >> wrote: >> > On Fri, Sep 04, 2015 at 01:17:30PM -0700, Kees Cook wrote: >> >> On Fri, Sep 4, 2015 at 9:04 AM, Tycho Andersen

Re: [PATCH 3/6] ebpf: add a way to dump an eBPF program

2015-09-04 Thread Andy Lutomirski
On Fri, Sep 4, 2015 at 3:28 PM, Tycho Andersen wrote: > On Fri, Sep 04, 2015 at 02:48:03PM -0700, Andy Lutomirski wrote: >> On Fri, Sep 4, 2015 at 1:45 PM, Tycho Andersen >> wrote: >> > On Fri, Sep 04, 2015 at 01:17:30PM -0700, Kees Cook wrote: >> >> On Fri, Sep 4, 2015 at 9:04 AM, Tycho Andersen

Re: [PATCH 3/6] ebpf: add a way to dump an eBPF program

2015-09-04 Thread Tycho Andersen
On Fri, Sep 04, 2015 at 02:48:03PM -0700, Andy Lutomirski wrote: > On Fri, Sep 4, 2015 at 1:45 PM, Tycho Andersen > wrote: > > On Fri, Sep 04, 2015 at 01:17:30PM -0700, Kees Cook wrote: > >> On Fri, Sep 4, 2015 at 9:04 AM, Tycho Andersen > >> wrote: > >> > This commit adds a way to dump eBPF prog

Re: [PATCH 3/6] ebpf: add a way to dump an eBPF program

2015-09-04 Thread Andy Lutomirski
On Fri, Sep 4, 2015 at 1:45 PM, Tycho Andersen wrote: > On Fri, Sep 04, 2015 at 01:17:30PM -0700, Kees Cook wrote: >> On Fri, Sep 4, 2015 at 9:04 AM, Tycho Andersen >> wrote: >> > This commit adds a way to dump eBPF programs. The initial implementation >> > doesn't support maps, and therefore onl

Re: [PATCH 3/6] ebpf: add a way to dump an eBPF program

2015-09-04 Thread Tycho Andersen
On Fri, Sep 04, 2015 at 01:58:25PM -0700, Alexei Starovoitov wrote: > On Fri, Sep 04, 2015 at 01:50:55PM -0700, Kees Cook wrote: > > On Fri, Sep 4, 2015 at 1:45 PM, Tycho Andersen > > wrote: > > > On Fri, Sep 04, 2015 at 01:17:30PM -0700, Kees Cook wrote: > > >> On Fri, Sep 4, 2015 at 9:04 AM, Tyc

Re: [PATCH 3/6] ebpf: add a way to dump an eBPF program

2015-09-04 Thread Alexei Starovoitov
On Fri, Sep 04, 2015 at 01:50:55PM -0700, Kees Cook wrote: > On Fri, Sep 4, 2015 at 1:45 PM, Tycho Andersen > wrote: > > On Fri, Sep 04, 2015 at 01:17:30PM -0700, Kees Cook wrote: > >> On Fri, Sep 4, 2015 at 9:04 AM, Tycho Andersen > >> wrote: > >> > This commit adds a way to dump eBPF programs.

Re: [PATCH 3/6] ebpf: add a way to dump an eBPF program

2015-09-04 Thread Kees Cook
On Fri, Sep 4, 2015 at 1:45 PM, Tycho Andersen wrote: > On Fri, Sep 04, 2015 at 01:17:30PM -0700, Kees Cook wrote: >> On Fri, Sep 4, 2015 at 9:04 AM, Tycho Andersen >> wrote: >> > This commit adds a way to dump eBPF programs. The initial implementation >> > doesn't support maps, and therefore onl

Re: [PATCH 3/6] ebpf: add a way to dump an eBPF program

2015-09-04 Thread Tycho Andersen
On Fri, Sep 04, 2015 at 01:17:30PM -0700, Kees Cook wrote: > On Fri, Sep 4, 2015 at 9:04 AM, Tycho Andersen > wrote: > > This commit adds a way to dump eBPF programs. The initial implementation > > doesn't support maps, and therefore only allows dumping seccomp ebpf > > programs which themselves d

Re: [PATCH 3/6] ebpf: add a way to dump an eBPF program

2015-09-04 Thread Tycho Andersen
Hi Alexei, On Fri, Sep 04, 2015 at 01:27:05PM -0700, Alexei Starovoitov wrote: > On Fri, Sep 04, 2015 at 10:04:21AM -0600, Tycho Andersen wrote: > > This commit adds a way to dump eBPF programs. The initial implementation > > doesn't support maps, and therefore only allows dumping seccomp ebpf > >

Re: [PATCH 3/6] ebpf: add a way to dump an eBPF program

2015-09-04 Thread Alexei Starovoitov
On Fri, Sep 04, 2015 at 10:04:21AM -0600, Tycho Andersen wrote: > This commit adds a way to dump eBPF programs. The initial implementation > doesn't support maps, and therefore only allows dumping seccomp ebpf > programs which themselves don't currently support maps. > > > Signed-off-by: Tycho An

Re: [PATCH 3/6] ebpf: add a way to dump an eBPF program

2015-09-04 Thread Kees Cook
On Fri, Sep 4, 2015 at 9:04 AM, Tycho Andersen wrote: > This commit adds a way to dump eBPF programs. The initial implementation > doesn't support maps, and therefore only allows dumping seccomp ebpf > programs which themselves don't currently support maps. > > We export the GPL bit as well as a u

[PATCH 3/6] ebpf: add a way to dump an eBPF program

2015-09-04 Thread Tycho Andersen
This commit adds a way to dump eBPF programs. The initial implementation doesn't support maps, and therefore only allows dumping seccomp ebpf programs which themselves don't currently support maps. We export the GPL bit as well as a unique ID for the program so that userspace can detect when two s