lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 30 Mar 2015 11:13:51 +0800
From:	He Kuang <hekuang@...wei.com>
To:	Alexei Starovoitov <ast@...mgrid.com>
CC:	<wangnan0@...wei.com>, LKML <linux-kernel@...r.kernel.org>,
	"daniel@...earbox.net >> Daniel Borkmann" <daniel@...earbox.net>
Subject: Re: [RFC] bpf: Suggestion on bpf syscall interface


On 2015/3/29 1:21, Alexei Starovoitov wrote:
> On 3/28/15 4:36 AM, He Kuang wrote:
>> Hi, Alexei
>>
>> In our end-end IO module project, we use bpf maps to record
>> configurations. According to current bpf syscall interface, we
>> should specify map_fd to lookup/update bpf maps, so we are
>> restricted to do config in the same user program.
>
> you can pass map_fd and prog_fd from one process to another via normal
> scm_rights mechanism.

In our current use case, we add a bpf probe point in sys_write()
as the entry of IO procedure, this bpf point will return true on
some conditions, and then trigger bpf chain on IO path, for
example:

SEC("kprobe/sys_write")
int NODE_sys_write(struct pt_regs *ctx) {
...
    struct parameters *param = bpf_map_lookup_elem(&parameters_map, 
&index);
    if(param->num_samples % param->sample_rate !=0)
        return 0;
...
    /* extract characters from this sampled point, fill it to another 
map */
    bpf_map_update_elem(&TRIGGER_mpage_submit_page_HASH, 
(void**)__b__buf, &value, BPF_ANY);
    return 1;
...
SEC("kprobe/mpage_submit_page")
int NODE_mpage_submit_page(struct pt_regs *ctx) {
...
   /* lookup filter table */
   value = (struct 
table_value*)bpf_map_lookup_elem(&TRIGGER_mpage_submit_page_HASH, 
(void**)__b__buf);
   if (!value) return 0;
...

By using current bpf syscalls, we should keep the program which
attaches bpf programs running background, use it or some other
processes communicate with it to adjust maps parameters, like
sample rate for sys_write.

What we hope is to use bpf maps/progs like kernel-modules or
kprobes, one process inserts them to kernel, then they detactch
from that process, and allow us to configure them with sysfs. For
example:

$ perf probe --add='sys_write'
$ perf record -e probe:sys_open -aR sleep 1

In current implementation, we have to use a large and relative
heavy daemon to deal with loading, configuration, adjusting and
unloading works together.

Thanks.
>
>> My suggestion is to export this kind of operations to sysfs, so
>> we can load&attach bpf progs and config it seperately. We
>> implement this feature in our demo project. What's your opinion
>> on this?
>
> Eventually we may use single sysfs file for lsmod-like listings, but I
> definitely don't want to create parallel interface to maps via sysfs.
> It's way too expensive and not really suitable for binary key/values.
>
>
>
>


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ