Date: Tue, 10 Sep 2024 13:35:11 +0000 From: "Poul-Henning Kamp" <phk@phk.freebsd.dk> To: David Chisnall <theraven@FreeBSD.org> Cc: Vadim Goncharov <vadimnuclight@gmail.com>, tcpdump-workers@lists.tcpdump.org, "freebsd-arch@freebsd.org" <freebsd-arch@FreeBSD.org>, "freebsd-hackers@freebsd.org" <freebsd-hackers@FreeBSD.org>, "freebsd-net@freebsd.org" <freebsd-net@FreeBSD.org>, "tech-net@netbsd.org" <tech-net@NetBSD.org>, Alexander Nasonov <alnsn@NetBSD.org> Subject: Re: BPF64: proposal of platform-independent hardware-friendly backwards-compatible eBPF alternative Message-ID: <202409101335.48ADZBhq094507@critter.freebsd.dk> In-Reply-To: <4D84AF55-51C7-4C2B-94F7-D486A29E8821@FreeBSD.org> References: <20240910040544.125245ad@nuclight.lan> <202409100638.48A6cor2090591@critter.freebsd.dk> <20240910144557.4d95052a@nuclight.lan> <4D84AF55-51C7-4C2B-94F7-D486A29E8821@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
David Chisnall writes: > The thing I would like to see for our current use of semi-trusted Lua in > the kernel (ZFS channel programs) is a way of exposing them (under > /dev/something) as file descriptors and modifying the ioctls that run > them to take a file descriptor argument. I would like to separate the > two operations: > > - Load a channel program. > - Run a channel program. > > In the post-Spectre world, the former remains a privileged operation. > Even though Linux pretends it isn't, allowing arbitrary (even > arbitrary constrained) code to run in the kernel's address space > is a problem. Invoking such code; however, should follow the same rules > as everything else. A trusted entity should be able to load a pile of > Lua / eBPF / BPF64 / whatever programs into the kernel and then set up > permissions so that sandboxed programs (and jails) can use a defined > subset of them. That would be a great way to do it. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202409101335.48ADZBhq094507>