[net] bpf: add security considerations to package docs

0 views
Skip to first unread message

Damien Neil (Gerrit)

unread,
2:29 PM (8 hours ago) 2:29 PM
to goph...@pubsubhelper.golang.org, Nicholas Husin, golang-co...@googlegroups.com
Attention needed from Nicholas Husin

Damien Neil voted Commit-Queue+1

Commit-Queue+1
Open in Gerrit

Related details

Attention is currently required from:
  • Nicholas Husin
Submit Requirements:
  • requirement is not satisfiedCode-Review
  • requirement satisfiedNo-Unresolved-Comments
  • requirement is not satisfiedReview-Enforcement
  • requirement is not satisfiedTryBots-Pass
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: comment
Gerrit-Project: net
Gerrit-Branch: master
Gerrit-Change-Id: I9d9bd9b66f6b5290ecd356fcefb1659d6a6a6964
Gerrit-Change-Number: 795780
Gerrit-PatchSet: 1
Gerrit-Owner: Damien Neil <dn...@google.com>
Gerrit-Reviewer: Damien Neil <dn...@google.com>
Gerrit-Reviewer: Nicholas Husin <n...@golang.org>
Gerrit-Attention: Nicholas Husin <n...@golang.org>
Gerrit-Comment-Date: Tue, 30 Jun 2026 18:29:53 +0000
Gerrit-HasComments: No
Gerrit-Has-Labels: Yes
unsatisfied_requirement
satisfied_requirement
open
diffy

Nicholas Husin (Gerrit)

unread,
2:34 PM (8 hours ago) 2:34 PM
to Damien Neil, goph...@pubsubhelper.golang.org, golang...@luci-project-accounts.iam.gserviceaccount.com, golang-co...@googlegroups.com
Attention needed from Damien Neil

Nicholas Husin voted Code-Review+2

Code-Review+2
Open in Gerrit

Related details

Attention is currently required from:
  • Damien Neil
Submit Requirements:
  • requirement satisfiedCode-Review
  • requirement satisfiedNo-Unresolved-Comments
  • requirement is not satisfiedReview-Enforcement
  • requirement is not satisfiedTryBots-Pass
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: comment
Gerrit-Project: net
Gerrit-Branch: master
Gerrit-Change-Id: I9d9bd9b66f6b5290ecd356fcefb1659d6a6a6964
Gerrit-Change-Number: 795780
Gerrit-PatchSet: 1
Gerrit-Owner: Damien Neil <dn...@google.com>
Gerrit-Reviewer: Damien Neil <dn...@google.com>
Gerrit-Reviewer: Nicholas Husin <n...@golang.org>
Gerrit-Attention: Damien Neil <dn...@google.com>
Gerrit-Comment-Date: Tue, 30 Jun 2026 18:34:56 +0000
Gerrit-HasComments: No
Gerrit-Has-Labels: Yes
satisfied_requirement
unsatisfied_requirement
open
diffy

Nicholas Husin (Gerrit)

unread,
2:35 PM (8 hours ago) 2:35 PM
to Damien Neil, goph...@pubsubhelper.golang.org, Nicholas Husin, golang...@luci-project-accounts.iam.gserviceaccount.com, golang-co...@googlegroups.com
Attention needed from Damien Neil

Nicholas Husin voted Code-Review+1

Code-Review+1
Open in Gerrit

Related details

Attention is currently required from:
  • Damien Neil
Submit Requirements:
    • requirement satisfiedCode-Review
    • requirement satisfiedNo-Unresolved-Comments
    • requirement satisfiedReview-Enforcement
    • requirement is not satisfiedTryBots-Pass
    Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
    Gerrit-MessageType: comment
    Gerrit-Project: net
    Gerrit-Branch: master
    Gerrit-Change-Id: I9d9bd9b66f6b5290ecd356fcefb1659d6a6a6964
    Gerrit-Change-Number: 795780
    Gerrit-PatchSet: 1
    Gerrit-Owner: Damien Neil <dn...@google.com>
    Gerrit-Reviewer: Damien Neil <dn...@google.com>
    Gerrit-Reviewer: Nicholas Husin <hu...@google.com>
    Gerrit-Comment-Date: Tue, 30 Jun 2026 18:35:03 +0000
    Gerrit-HasComments: No
    Gerrit-Has-Labels: Yes
    satisfied_requirement
    unsatisfied_requirement
    open
    diffy

    Roland Shoemaker (Gerrit)

    unread,
    2:35 PM (8 hours ago) 2:35 PM
    to Damien Neil, goph...@pubsubhelper.golang.org, Nicholas Husin, Nicholas Husin, golang...@luci-project-accounts.iam.gserviceaccount.com, golang-co...@googlegroups.com
    Attention needed from Damien Neil

    Roland Shoemaker added 1 comment

    File bpf/doc.go
    Line 56, Patchset 1 (Latest):implementations, but divergence in behavior is considered a
    non-security bug.
    Roland Shoemaker . unresolved

    `is not considered a security issue.` maybe (I know these are extremely similar, but for some reason feel different to me).

    Open in Gerrit

    Related details

    Attention is currently required from:
    • Damien Neil
    Submit Requirements:
    • requirement satisfiedCode-Review
    • requirement is not satisfiedNo-Unresolved-Comments
    • requirement satisfiedReview-Enforcement
    • requirement is not satisfiedTryBots-Pass
    Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
    Gerrit-MessageType: comment
    Gerrit-Project: net
    Gerrit-Branch: master
    Gerrit-Change-Id: I9d9bd9b66f6b5290ecd356fcefb1659d6a6a6964
    Gerrit-Change-Number: 795780
    Gerrit-PatchSet: 1
    Gerrit-Owner: Damien Neil <dn...@google.com>
    Gerrit-Reviewer: Damien Neil <dn...@google.com>
    Gerrit-Reviewer: Nicholas Husin <hu...@google.com>
    Gerrit-Reviewer: Nicholas Husin <n...@golang.org>
    Gerrit-CC: Roland Shoemaker <rol...@golang.org>
    Gerrit-Comment-Date: Tue, 30 Jun 2026 18:35:07 +0000
    Gerrit-HasComments: Yes
    Gerrit-Has-Labels: No
    satisfied_requirement
    unsatisfied_requirement
    open
    diffy

    Nicholas Husin (Gerrit)

    unread,
    2:37 PM (8 hours ago) 2:37 PM
    to Damien Neil, goph...@pubsubhelper.golang.org, Roland Shoemaker, Nicholas Husin, golang...@luci-project-accounts.iam.gserviceaccount.com, golang-co...@googlegroups.com
    Attention needed from Damien Neil

    Nicholas Husin added 1 comment

    File bpf/doc.go
    Line 57, Patchset 1 (Latest):non-security bug.
    Nicholas Husin . unresolved

    Optional: do we want to commit to divergence being a bug?

    I think in most cases it is, but it might be nice to be conservative in case some behavior comes up where there is divergence, but there's no overwhelming consensus between implementations.

    Open in Gerrit

    Related details

    Attention is currently required from:
    • Damien Neil
    Submit Requirements:
    • requirement satisfiedCode-Review
    • requirement is not satisfiedNo-Unresolved-Comments
    • requirement satisfiedReview-Enforcement
    • requirement is not satisfiedTryBots-Pass
    Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
    Gerrit-MessageType: comment
    Gerrit-Project: net
    Gerrit-Branch: master
    Gerrit-Change-Id: I9d9bd9b66f6b5290ecd356fcefb1659d6a6a6964
    Gerrit-Change-Number: 795780
    Gerrit-PatchSet: 1
    Gerrit-Owner: Damien Neil <dn...@google.com>
    Gerrit-Reviewer: Damien Neil <dn...@google.com>
    Gerrit-Reviewer: Nicholas Husin <hu...@google.com>
    Gerrit-Reviewer: Nicholas Husin <n...@golang.org>
    Gerrit-CC: Roland Shoemaker <rol...@golang.org>
    Gerrit-Attention: Damien Neil <dn...@google.com>
    Gerrit-Comment-Date: Tue, 30 Jun 2026 18:37:33 +0000
    Gerrit-HasComments: Yes
    Gerrit-Has-Labels: No
    satisfied_requirement
    unsatisfied_requirement
    open
    diffy

    Damien Neil (Gerrit)

    unread,
    4:36 PM (6 hours ago) 4:36 PM
    to goph...@pubsubhelper.golang.org, golang-co...@googlegroups.com
    Attention needed from Damien Neil

    Damien Neil uploaded new patchset

    Damien Neil uploaded patch set #2 to this change.
    Following approvals got outdated and were removed:
    Open in Gerrit

    Related details

    Attention is currently required from:
    • Damien Neil
    Submit Requirements:
    • requirement satisfiedCode-Review
    • requirement is not satisfiedNo-Unresolved-Comments
    • requirement satisfiedReview-Enforcement
    • requirement is not satisfiedTryBots-Pass
    Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
    Gerrit-MessageType: newpatchset
    Gerrit-Project: net
    Gerrit-Branch: master
    Gerrit-Change-Id: I9d9bd9b66f6b5290ecd356fcefb1659d6a6a6964
    Gerrit-Change-Number: 795780
    Gerrit-PatchSet: 2
    Gerrit-Owner: Damien Neil <dn...@google.com>
    Gerrit-Reviewer: Damien Neil <dn...@google.com>
    Gerrit-Reviewer: Nicholas Husin <hu...@google.com>
    Gerrit-Reviewer: Nicholas Husin <n...@golang.org>
    satisfied_requirement
    unsatisfied_requirement
    open
    diffy

    Damien Neil (Gerrit)

    unread,
    4:37 PM (6 hours ago) 4:37 PM
    to goph...@pubsubhelper.golang.org, golang...@luci-project-accounts.iam.gserviceaccount.com, Roland Shoemaker, Nicholas Husin, Nicholas Husin, golang-co...@googlegroups.com
    Attention needed from Roland Shoemaker

    Damien Neil added 2 comments

    File bpf/doc.go
    Line 56, Patchset 1:implementations, but divergence in behavior is considered a
    non-security bug.
    Roland Shoemaker . resolved

    `is not considered a security issue.` maybe (I know these are extremely similar, but for some reason feel different to me).

    Damien Neil

    Done

    Line 57, Patchset 1:non-security bug.
    Nicholas Husin . resolved

    Optional: do we want to commit to divergence being a bug?

    I think in most cases it is, but it might be nice to be conservative in case some behavior comes up where there is divergence, but there's no overwhelming consensus between implementations.

    Damien Neil

    Went with Roland's phrasing which does not commit to divergence being a bug.

    Open in Gerrit

    Related details

    Attention is currently required from:
    • Roland Shoemaker
    Submit Requirements:
    • requirement satisfiedCode-Review
    • requirement satisfiedNo-Unresolved-Comments
    • requirement satisfiedReview-Enforcement
    • requirement is not satisfiedTryBots-Pass
    Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
    Gerrit-MessageType: comment
    Gerrit-Project: net
    Gerrit-Branch: master
    Gerrit-Change-Id: I9d9bd9b66f6b5290ecd356fcefb1659d6a6a6964
    Gerrit-Change-Number: 795780
    Gerrit-PatchSet: 2
    Gerrit-Owner: Damien Neil <dn...@google.com>
    Gerrit-Reviewer: Damien Neil <dn...@google.com>
    Gerrit-Reviewer: Nicholas Husin <hu...@google.com>
    Gerrit-Reviewer: Nicholas Husin <n...@golang.org>
    Gerrit-CC: Roland Shoemaker <rol...@golang.org>
    Gerrit-Attention: Roland Shoemaker <rol...@golang.org>
    Gerrit-Comment-Date: Tue, 30 Jun 2026 20:37:52 +0000
    Gerrit-HasComments: Yes
    Gerrit-Has-Labels: No
    Comment-In-Reply-To: Roland Shoemaker <rol...@golang.org>
    Comment-In-Reply-To: Nicholas Husin <n...@golang.org>
    satisfied_requirement
    unsatisfied_requirement
    open
    diffy

    Damien Neil (Gerrit)

    unread,
    4:38 PM (6 hours ago) 4:38 PM
    to goph...@pubsubhelper.golang.org, golang...@luci-project-accounts.iam.gserviceaccount.com, Roland Shoemaker, Nicholas Husin, Nicholas Husin, golang-co...@googlegroups.com
    Attention needed from Roland Shoemaker

    Damien Neil voted

    Auto-Submit+1
    Commit-Queue+1
    Open in Gerrit

    Related details

    Attention is currently required from:
    • Roland Shoemaker
    Submit Requirements:
    • requirement satisfiedCode-Review
    • requirement satisfiedNo-Unresolved-Comments
    • requirement satisfiedReview-Enforcement
    • requirement is not satisfiedTryBots-Pass
    Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
    Gerrit-MessageType: comment
    Gerrit-Project: net
    Gerrit-Branch: master
    Gerrit-Change-Id: I9d9bd9b66f6b5290ecd356fcefb1659d6a6a6964
    Gerrit-Change-Number: 795780
    Gerrit-PatchSet: 2
    Gerrit-Owner: Damien Neil <dn...@google.com>
    Gerrit-Reviewer: Damien Neil <dn...@google.com>
    Gerrit-Reviewer: Nicholas Husin <hu...@google.com>
    Gerrit-Reviewer: Nicholas Husin <n...@golang.org>
    Gerrit-CC: Roland Shoemaker <rol...@golang.org>
    Gerrit-Attention: Roland Shoemaker <rol...@golang.org>
    Gerrit-Comment-Date: Tue, 30 Jun 2026 20:38:07 +0000
    Gerrit-HasComments: No
    Gerrit-Has-Labels: Yes
    satisfied_requirement
    unsatisfied_requirement
    open
    diffy

    Gopher Robot (Gerrit)

    unread,
    4:52 PM (6 hours ago) 4:52 PM
    to Damien Neil, goph...@pubsubhelper.golang.org, golang-...@googlegroups.com, golang...@luci-project-accounts.iam.gserviceaccount.com, Roland Shoemaker, Nicholas Husin, Nicholas Husin, golang-co...@googlegroups.com

    Gopher Robot submitted the change with unreviewed changes

    Unreviewed changes

    1 is the latest approved patch-set.
    The change was submitted with unreviewed changes in the following files:

    ```
    The name of the file: bpf/doc.go
    Insertions: 2, Deletions: 2.

    @@ -53,8 +53,8 @@

    The implementation of the BPF VM in this package is suitable for
    testing BPF programs. It aims for consistency with other BPF VM
    -implementations, but divergence in behavior is considered a
    -non-security bug.
    +implementations, but divergence in behavior is not considered a
    +security issue.

    # Examples

    ```

    Change information

    Commit message:
    bpf: add security considerations to package docs
    Change-Id: I9d9bd9b66f6b5290ecd356fcefb1659d6a6a6964
    Reviewed-by: Nicholas Husin <hu...@google.com>
    Reviewed-by: Nicholas Husin <n...@golang.org>
    Auto-Submit: Damien Neil <dn...@google.com>
    Files:
    • M bpf/doc.go
    Change size: XS
    Delta: 1 file changed, 7 insertions(+), 0 deletions(-)
    Branch: refs/heads/master
    Submit Requirements:
    Open in Gerrit
    Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
    Gerrit-MessageType: merged
    Gerrit-Project: net
    Gerrit-Branch: master
    Gerrit-Change-Id: I9d9bd9b66f6b5290ecd356fcefb1659d6a6a6964
    Gerrit-Change-Number: 795780
    Gerrit-PatchSet: 3
    Gerrit-Owner: Damien Neil <dn...@google.com>
    Gerrit-Reviewer: Damien Neil <dn...@google.com>
    Gerrit-Reviewer: Gopher Robot <go...@golang.org>
    open
    diffy
    satisfied_requirement
    Reply all
    Reply to author
    Forward
    0 new messages