On Fri, Oct 5, 2018 at 9:42 AM Lorenz Bauer <l...@cloudflare.com> wrote: > On Tue, 2 Oct 2018 at 21:00, Jann Horn <ja...@google.com> wrote: > > > > If this is for testing only, you can slap a capable(CAP_SYS_ADMIN) > > check in here, right? I doubt it matters, but I don't really like > > seeing something like this exposed to unprivileged userspace just > > because you need it for kernel testing. > > That would mean all tests have to run as root / with CAP_SYS_ADMIN > which isn't ideal.
This patch basically means that it becomes easier for a local user to construct a BPF hash table that has all of its values stuffed into a single hash bucket, correct? Which makes it easier to create a BPF program that generates unusually large RCU stalls by performing ~40000 BPF map lookups, each of which has to walk through the entire linked list of the hash map bucket? I dislike exposing something like that to unprivileged userspace. And if you want to run the whole BPF test suite with all its tests, don't you already need root privileges? Or is this a different test suite?
