From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id B5B14C54E58
	for <linux-mm@archiver.kernel.org>; Thu,  7 Mar 2024 20:51:12 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 197256B0208; Thu,  7 Mar 2024 15:51:12 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 1475C6B0279; Thu,  7 Mar 2024 15:51:12 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id F29D26B027A; Thu,  7 Mar 2024 15:51:11 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11])
	by kanga.kvack.org (Postfix) with ESMTP id E27776B0208
	for <linux-mm@kvack.org>; Thu,  7 Mar 2024 15:51:11 -0500 (EST)
Received: from smtpin06.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay06.hostedemail.com (Postfix) with ESMTP id BA94BA0E8C
	for <linux-mm@kvack.org>; Thu,  7 Mar 2024 20:51:11 +0000 (UTC)
X-FDA: 81871437942.06.131C7B2
Received: from mail-yb1-f175.google.com (mail-yb1-f175.google.com [209.85.219.175])
	by imf10.hostedemail.com (Postfix) with ESMTP id 204B0C0007
	for <linux-mm@kvack.org>; Thu,  7 Mar 2024 20:51:08 +0000 (UTC)
Authentication-Results: imf10.hostedemail.com;
	dkim=pass header.d=paul-moore.com header.s=google header.b=JQOIS0BR;
	dmarc=pass (policy=none) header.from=paul-moore.com;
	spf=pass (imf10.hostedemail.com: domain of paul@paul-moore.com designates 209.85.219.175 as permitted sender) smtp.mailfrom=paul@paul-moore.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1709844670; a=rsa-sha256;
	cv=none;
	b=vIlMAA7LPRqz+50uJUuEc7a4jiNXwbBWzOEc2155QrslIc7WtLjawvCpYDCQr9tLsnSdVy
	c+cqWnLpVcJsU/X/9labhSZTVx84q+FJCto27546RvsQ3K7apYqGZ4ZVH3sSZ7t8dSw5cy
	F3ObPAG8SFKdrTw2F2FsGk6i8MwqWYw=
ARC-Authentication-Results: i=1;
	imf10.hostedemail.com;
	dkim=pass header.d=paul-moore.com header.s=google header.b=JQOIS0BR;
	dmarc=pass (policy=none) header.from=paul-moore.com;
	spf=pass (imf10.hostedemail.com: domain of paul@paul-moore.com designates 209.85.219.175 as permitted sender) smtp.mailfrom=paul@paul-moore.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1709844670;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=GiLNl3PvVRA0+tZJXmH2lrS7jOMXZFu6IHJfjoR5u/8=;
	b=lXpUvW+YRjKTH+x359O1vQVPgTKjEGfCg/Tl8GXld6VAaEH1mwzifS6RxFjj8qvE1OLlqh
	asqB/oYIfZWs4dQN4DSl/3Ga2QakK60HO5rSVJkTq4V2HsQ+2fCZJUa6Cns9tdRISY2IYY
	Ow/fplikuJ0IPMbEHZzFNIee2LUFLNI=
Received: by mail-yb1-f175.google.com with SMTP id 3f1490d57ef6-dcbcea9c261so244056276.3
        for <linux-mm@kvack.org>; Thu, 07 Mar 2024 12:51:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=paul-moore.com; s=google; t=1709844669; x=1710449469; darn=kvack.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=GiLNl3PvVRA0+tZJXmH2lrS7jOMXZFu6IHJfjoR5u/8=;
        b=JQOIS0BRRm7WzUziTX3zVQXLdaCp1vmPFF3lp6M1RJ+HuTxQVZxr2XoHYo8HfJviWk
         PrrICQVnqD84U0kMQyfoG3aY13sQZLLR+7xs+OTdapx4TYoj7FEaBqe1oJntsuv9iysW
         /5NzpM9W3aIAsYHIl3TvbNPHG4HwSag3EpJUjbLTyJHln+caiJG6Y04pzQVx+JrLUsk6
         9FBDCOQ1DjL+V7d+3oKvJlxudlX2XG+cHXUAytYns7P5WI8Ntt7iZB8z1G7OUUQ6ZUJc
         KyMWjZpYvOemNC2yaUvzxAT9oWubeF63qa7TKwsA2o6rwU+hMsS9K58f8DPFenLefOt7
         xZ7A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1709844669; x=1710449469;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=GiLNl3PvVRA0+tZJXmH2lrS7jOMXZFu6IHJfjoR5u/8=;
        b=daSX6l+N0elulBPavFPuEQjeW8zwljuKx1ogIIVCFMSFQUGlj/1Do59HZUELctcDGB
         ZJRO8+0RmfI9CqQHNxdOMkrbKVRHq9rVN21Pb64YVUfMNhysl3XKyESz4zsvOKoj7nJQ
         QTxVlUPf5YV8UcfRx4lEcou6K+w4OsIxnbkZlk24mc39cwZi6uAiuzTi0wI638mfb4/l
         09CHG0dxzLY3oaOQV5nUD0b5Jp1/EZ71kCAo53/lWl7Be/wx3LdxCVBYd6BmGQg0ulQY
         g5+s0YRfZpUwmpdFGjtgIRM+vAVBsPFChvp+OGSt0KIW2kOqQDMPywikwjk2wsWuopuS
         285g==
X-Forwarded-Encrypted: i=1; AJvYcCUylZ0mwPsIlRV4jV57JBI8Vd6AoqcejGD1nwXNshjvfhyvbSmvzL3o9/AKiLT/yHn/rzwejsfA5w/wdzyUpsQ6Wsg=
X-Gm-Message-State: AOJu0YwEJM+u2GKWKLNVZNRWnxF1/aSfhv4MK/AsQIbtUDy3MjD/HJpG
	LJlUlYXU3q7HrljNWbvmfLZAK9vFZiCaS1o3ralzU+ruXJCZOEFzLnjVc63Y7lTCzIORMJm0dry
	IuwSeR+Xipci5RKQVfiuCaKcmhiT87xUvDFEk
X-Google-Smtp-Source: AGHT+IFdOq4811A1JsfV2pUrWH4aPW+V27XPXrThh32udqoQTvdjjnprX4glDvrh+sZ0krraTC9bWk2pOpSk01W6NV8=
X-Received: by 2002:a5b:70a:0:b0:dcf:f525:2b81 with SMTP id
 g10-20020a5b070a000000b00dcff5252b81mr16864727ybq.46.1709844668892; Thu, 07
 Mar 2024 12:51:08 -0800 (PST)
MIME-Version: 1.0
References: <cover.1709675979.git.mattbobrowski@google.com>
 <20240306-flach-tragbar-b2b3c531bf0d@brauner> <20240306-sandgrube-flora-a61409c2f10c@brauner>
 <CAADnVQ+RBV_rJx5LCtCiW-TWZ5DCOPz1V3ga_fc__RmL_6xgOg@mail.gmail.com> <20240307-phosphor-entnahmen-8ef28b782abf@brauner>
In-Reply-To: <20240307-phosphor-entnahmen-8ef28b782abf@brauner>
From: Paul Moore <paul@paul-moore.com>
Date: Thu, 7 Mar 2024 15:50:58 -0500
Message-ID: <CAHC9VhTbjzS88uU=7Pau7tzsYD+UW5=3TGw2qkqrA5a-GVunrQ@mail.gmail.com>
Subject: Re: [PATCH v2 bpf-next 0/9] add new acquire/release BPF kfuncs
To: Christian Brauner <brauner@kernel.org>
Cc: Alexei Starovoitov <alexei.starovoitov@gmail.com>, Matt Bobrowski <mattbobrowski@google.com>, 
	bpf <bpf@vger.kernel.org>, Alexei Starovoitov <ast@kernel.org>, 
	Andrii Nakryiko <andrii@kernel.org>, KP Singh <kpsingh@google.com>, Jann Horn <jannh@google.com>, 
	Jiri Olsa <jolsa@kernel.org>, Daniel Borkmann <daniel@iogearbox.net>, 
	Linus Torvalds <torvalds@linux-foundation.org>, 
	Linux-Fsdevel <linux-fsdevel@vger.kernel.org>, Andrew Morton <akpm@linux-foundation.org>, 
	linux-mm <linux-mm@kvack.org>, LSM List <linux-security-module@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Rspam-User: 
X-Rspamd-Server: rspam06
X-Rspamd-Queue-Id: 204B0C0007
X-Stat-Signature: rf9kmctqc9z3s1uqzc5t418c5m9strpd
X-HE-Tag: 1709844668-314216
X-HE-Meta: U2FsdGVkX1+IUuJki1R0QqJJzieeuXinbD/eqgJswFwWRCQAefp3VpbBZAXFcJtkkB74DsEkru2Jh+3jO1IOcvzmShRwNAXgVUNtxTpsh2bMAZb0mwfLj7sV8v/S0hXd8NVVw+BEDkFnRr4VgApmZhrm4y3Dya1oLGF+FGMT/Dit4N0NaI5m3hFIlAa/AHaCqal65F5cz8bQncdvMD+fN+2rJ7NhPCttd8ZblFdG+GCklrMB/WnMkUVnDeR+UcfOvw9lTvdWCYvQ5/L8N6BTPBoStaZ7IAw3+XZT/EODvnCQkYFqxJdCtBk6H2kR4lstKBp2Gp2NrD03NmZLWFYQpR/ztw1L88WzVCFfHajy8tApzsgl2cDayvfM7V180bQGEfGfcoieVeRwhD9DUNg9CBV5ogTePWk4CR/OXDWHh9kohimY4O97pdYWB3Rs8DLGkQUedqQCW5cf7ITr+jCjVF1FG6uFXHA+hbN1Fvmcug9tyetaUmKGTy0H2s0iXMCwf9s1y+jrnLqEA49foadkYEiomDV9QLlAaxMwFbu1rJWQN94xUGSED4TsxcMC5wPcQBERwHtPYKtEKdTZk74g8UAtpjahnur43PDPO8dyqYzlSKevrvNYFyNBlewMKd8j2lI6W7xumUNycKHO3Iyhni1vXoN9OWSo2ERumgvRKgr8fy61m2TS94wFgXNZyHm001bIe0jMHWbotTpoSzpUKUSmxvZqUgPxAo/gFHKw/fY7MZYHqKBiRm+QdDcKMkfNaIzEwi6t8W7F1E/26Np0QguUHKAA4Lc27rFiXJVr8C9TGRoqRWWrYHbCYClrdf9vEWHGfuwYfnGknJsL0cNSbyB2B40DWDCWyH/NIuiSP8zc++kKnPwTbZdXloiOIYkH3wVLHEBdN6SIcE7yMipvX1AWcWrtK4jos6gRpHzVgMyqYeRTZ/6HWgVtc/RJBbwTf1OH4x8YYM00JJusE9s
 i84B/gxx
 TtU5YYQeyLKWPcIUXrFHNWKwviIQxQQBjqLhOL5hotzUsKGZhh+K5ZidFzOqfipj++afmA2aF8OEr/FM=
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000001, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

On Thu, Mar 7, 2024 at 4:55=E2=80=AFAM Christian Brauner <brauner@kernel.or=
g> wrote:
>
> There's one fundamental question here that we'll need an official answer =
to:
>
> Is it ok for an out-of-tree BPF LSM program, that nobody has ever seen
> to request access to various helpers in the kernel?

Phrased in a slightly different way, and a bit more generalized: do we
treat out-of-tree BPF programs the same as we do with out-of-tree
kernel modules?  I believe that's the real question, and if we answer
that, we should also have our answer for the internal helper function
question.

> Because fundamentally this is what this patchset is asking to be done.
>
> If the ZFS out-of-tree kernel module were to send us a similar patch
> series asking us for a list of 9 functions that they'd like us to export
> what would the answer to that be? It would be "no" - on principle alone.
>
> So what is different between an out-of-tree BPF LSM program that no one
> even has ever seen and an out-of-tree kernel module that one can at
> least look at in Github? Why should we reject requests from the latter
> but are supposed to accept requests from the former?
>
> If we say yes to the BPF LSM program requests we would have to say yes
> to ZFS as well.

--=20
paul-moore.com