lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20191210100536.7a57d5e1@cakuba.netronome.com>
Date:   Tue, 10 Dec 2019 10:05:36 -0800
From:   Jakub Kicinski <jakub.kicinski@...ronome.com>
To:     Andrii Nakryiko <andrii.nakryiko@...il.com>
Cc:     Andrii Nakryiko <andriin@...com>,
        LKML <linux-kernel@...r.kernel.org>, bpf <bpf@...r.kernel.org>,
        Networking <netdev@...r.kernel.org>,
        Alexei Starovoitov <ast@...com>,
        Daniel Borkmann <daniel@...earbox.net>,
        Kernel Team <kernel-team@...com>
Subject: Re: [PATCH bpf-next 11/15] bpftool: add skeleton codegen command

On Tue, 10 Dec 2019 09:11:31 -0800, Andrii Nakryiko wrote:
> On Mon, Dec 9, 2019 at 5:57 PM Jakub Kicinski wrote:
> > On Mon, 9 Dec 2019 17:14:34 -0800, Andrii Nakryiko wrote:  
> > > struct <object-name> {
> > >       /* used by libbpf's skeleton API */
> > >       struct bpf_object_skeleton *skeleton;
> > >       /* bpf_object for libbpf APIs */
> > >       struct bpf_object *obj;
> > >       struct {
> > >               /* for every defined map in BPF object: */
> > >               struct bpf_map *<map-name>;
> > >       } maps;
> > >       struct {
> > >               /* for every program in BPF object: */
> > >               struct bpf_program *<program-name>;
> > >       } progs;
> > >       struct {
> > >               /* for every program in BPF object: */
> > >               struct bpf_link *<program-name>;
> > >       } links;
> > >       /* for every present global data section: */
> > >       struct <object-name>__<one of bss, data, or rodata> {
> > >               /* memory layout of corresponding data section,
> > >                * with every defined variable represented as a struct field
> > >                * with exactly the same type, but without const/volatile
> > >                * modifiers, e.g.:
> > >                */
> > >                int *my_var_1;
> > >                ...
> > >       } *<one of bss, data, or rodata>;
> > > };  
> >
> > I think I understand how this is useful, but perhaps the problem here
> > is that we're using C for everything, and simple programs for which
> > loading the ELF is majority of the code would be better of being
> > written in a dynamic language like python?  Would it perhaps be a
> > better idea to work on some high-level language bindings than spend
> > time writing code gens and working around limitations of C?  
> 
> None of this work prevents Python bindings and other improvements, is
> it? Patches, as always, are greatly appreciated ;)

This "do it yourself" shit is not really funny :/

I'll stop providing feedback on BPF patches if you guy keep saying 
that :/ Maybe that's what you want.

> This skeleton stuff is not just to save code, but in general to
> simplify and streamline working with BPF program from userspace side.
> Fortunately or not, but there are a lot of real-world applications
> written in C and C++ that could benefit from this, so this is still
> immensely useful. selftests/bpf themselves benefit a lot from this
> work, see few of the last patches in this series.

Maybe those applications are written in C and C++ _because_ there 
are no bindings for high level languages. I just wish BPF programming
was less weird and adding some funky codegen is not getting us closer
to that goal.

In my experience code gen is nothing more than a hack to work around
bad APIs, but experiences differ so that's not a solid argument.

> > > This provides great usability improvements:
> > > - no need to look up maps and programs by name, instead just
> > >   my_obj->maps.my_map or my_obj->progs.my_prog would give necessary
> > >   bpf_map/bpf_program pointers, which user can pass to existing libbpf APIs;
> > > - pre-defined places for bpf_links, which will be automatically populated for
> > >   program types that libbpf knows how to attach automatically (currently
> > >   tracepoints, kprobe/kretprobe, raw tracepoint and tracing programs). On
> > >   tearing down skeleton, all active bpf_links will be destroyed (meaning BPF
> > >   programs will be detached, if they are attached). For cases in which libbpf
> > >   doesn't know how to auto-attach BPF program, user can manually create link
> > >   after loading skeleton and they will be auto-detached on skeleton
> > >   destruction:
> > >
> > >       my_obj->links.my_fancy_prog = bpf_program__attach_cgroup_whatever(
> > >               my_obj->progs.my_fancy_prog, <whatever extra param);
> > >
> > > - it's extremely easy and convenient to work with global data from userspace
> > >   now. Both for read-only and read/write variables, it's possible to
> > >   pre-initialize them before skeleton is loaded:
> > >
> > >       skel = my_obj__open(raw_embed_data);
> > >       my_obj->rodata->my_var = 123;
> > >       my_obj__load(skel); /* 123 will be initialization value for my_var */
> > >
> > >   After load, if kernel supports mmap() for BPF arrays, user can still read
> > >   (and write for .bss and .data) variables values, but at that point it will
> > >   be directly mmap()-ed to BPF array, backing global variables. This allows to
> > >   seamlessly exchange data with BPF side. From userspace program's POV, all
> > >   the pointers and memory contents stay the same, but mapped kernel memory
> > >   changes to point to created map.
> > >   If kernel doesn't yet support mmap() for BPF arrays, it's still possible to
> > >   use those data section structs to pre-initialize .bss, .data, and .rodata,
> > >   but after load their pointers will be reset to NULL, allowing user code to
> > >   gracefully handle this condition, if necessary.
> > >
> > > Given a big surface area, skeleton is kept as an experimental non-public
> > > API for now, until more feedback and real-world experience is collected.  
> >
> > That makes no sense to me. bpftool has the same backward compat
> > requirements as libbpf. You're just pushing the requirements from
> > one component to the other. Feedback and real-world use cases have
> > to be exercised before code is merged to any project with backward
> > compatibility requirements :(  
> 
> To get this feedback we need to have this functionality adopted. To
> have it adopted, we need it available in tool users already know,
> have, and use. 

Well you claim you have users for it, just talk to them now. I don't
understand how this is not obvious. It's like saying "we can't test
this unless it's in the tree"..!?

> If you feel that "experimental" disclaimer is not enough, I guess we
> can add extra flag to bpftool itself to enable experimental
> functionality, something like:
> 
> bpftool --experimental gen skeleton <bla>

Yeah, world doesn't really work like that. Users start depending on 
a feature, it will break people's scripts/Makefiles if it disappears.
This codegen thing is made to be hard coded in Makefiles.. how do you
expect people not to immediately become dependent on it.

> > Also please run checkpatch on your patches, and fix reverse xmas tree.
> > This is bpftool, not libbpf. Creating a separate tool for this codegen
> > stuff is also an option IMHO.  
> 
> Sure, will fix few small things checkpatch detected.

Running checkpatch should be part of your upstreaming routine, you're
wasting people's time. So stop with the amused tone.

> Will reverse christmas-ize all the variables, of course :)
> 
> As for separate tool just for this, you are not serious, right? If
> bpftool is not right tool for this, I don't know which one is.

I am serious. There absolutely nothing this tool needs from BPF, no
JSON needed, no bpffs etc. It can be a separate tool like
libbpf-skel-gen or libbpf-c-skel or something, distributed with libbpf.
That way you can actually soften the backward compat. In case people
become dependent on it they can carry that little tool on their own.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ