From nobody Tue Sep 10 13:35:11 2024 X-Original-To: freebsd-arch@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4X34T438Tyz5WXxb; Tue, 10 Sep 2024 13:35:20 +0000 (UTC) (envelope-from phk@critter.freebsd.dk) Received: from phk.freebsd.dk (phk.freebsd.dk [130.225.244.222]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4X34T418FPz4Jjs; Tue, 10 Sep 2024 13:35:19 +0000 (UTC) (envelope-from phk@critter.freebsd.dk) Authentication-Results: mx1.freebsd.org; none Received: from critter.freebsd.dk (unknown [192.168.55.3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by phk.freebsd.dk (Postfix) with ESMTPS id 1B79B89284; Tue, 10 Sep 2024 13:35:12 +0000 (UTC) Received: (from phk@localhost) by critter.freebsd.dk (8.18.1/8.16.1/Submit) id 48ADZBhq094507; Tue, 10 Sep 2024 13:35:11 GMT (envelope-from phk) Message-Id: <202409101335.48ADZBhq094507@critter.freebsd.dk> To: David Chisnall cc: Vadim Goncharov , tcpdump-workers@lists.tcpdump.org, "freebsd-arch@freebsd.org" , "freebsd-hackers@freebsd.org" , "freebsd-net@freebsd.org" , "tech-net@netbsd.org" , Alexander Nasonov Subject: Re: BPF64: proposal of platform-independent hardware-friendly backwards-compatible eBPF alternative In-reply-to: <4D84AF55-51C7-4C2B-94F7-D486A29E8821@FreeBSD.org> From: "Poul-Henning Kamp" References: <20240910040544.125245ad@nuclight.lan> <202409100638.48A6cor2090591@critter.freebsd.dk> <20240910144557.4d95052a@nuclight.lan> <4D84AF55-51C7-4C2B-94F7-D486A29E8821@FreeBSD.org> List-Id: Discussion related to FreeBSD architecture List-Archive: https://lists.freebsd.org/archives/freebsd-arch List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-arch@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <94505.1725975311.1@critter.freebsd.dk> Date: Tue, 10 Sep 2024 13:35:11 +0000 X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:1835, ipnet:130.225.0.0/16, country:EU] X-Rspamd-Queue-Id: 4X34T418FPz4Jjs David Chisnall writes: > The thing I would like to see for our current use of semi-trusted Lua in > the kernel (ZFS channel programs) is a way of exposing them (under > /dev/something) as file descriptors and modifying the ioctls that run > them to take a file descriptor argument. I would like to separate the > two operations: > > - Load a channel program. > - Run a channel program. > > In the post-Spectre world, the former remains a privileged operation. > Even though Linux pretends it isn't, allowing arbitrary (even > arbitrary constrained) code to run in the kernel's address space > is a problem. Invoking such code; however, should follow the same rules > as everything else. A trusted entity should be able to load a pile of > Lua / eBPF / BPF64 / whatever programs into the kernel and then set up > permissions so that sandboxed programs (and jails) can use a defined > subset of them. That would be a great way to do it. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.