Re: BPF64: proposal of platform-independent hardware-friendly backwards-compatible eBPF alternative

In reply to: David Chisnall : "Re: BPF64: proposal of platform-independent hardware-friendly backwards-compatible eBPF alternative"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Poul-Henning Kamp <phk_at_phk.freebsd.dk>
Date: Tue, 10 Sep 2024 13:35:11 UTC

David Chisnall writes:

> The thing I would like to see for our current use of semi-trusted Lua in 
> the kernel (ZFS channel programs) is a way of exposing them (under 
> /dev/something) as file descriptors and modifying the ioctls that run 
> them to take a file descriptor argument.  I would like to separate the 
> two operations:
>
>  - Load a channel program.
>  - Run a channel program.
>
> In the post-Spectre world, the former remains a privileged operation.  
> Even though Linux pretends it isn't, allowing arbitrary (even 
> arbitrary constrained) code to run in the kernel's address space 
> is a problem.  Invoking such code; however, should follow the same rules 
> as everything else.  A trusted entity should be able to load a pile of 
> Lua / eBPF / BPF64 / whatever programs into the kernel and then set up 
> permissions so that sandboxed programs (and jails) can use a defined 
> subset of them.

That would be a great way to do it.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.