lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <e4929660-21ff-e394-37a0-d72b67a3770a@isovalent.com>
Date:   Wed, 26 Feb 2020 11:17:21 +0000
From:   Quentin Monnet <quentin@...valent.com>
To:     Michal Rostecki <mrostecki@...nsuse.org>, bpf@...r.kernel.org
Cc:     Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        Martin KaFai Lau <kafai@...com>,
        Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
        Andrii Nakryiko <andriin@...com>,
        Jakub Kicinski <kuba@...nel.org>, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org, Shuah Khan <shuah@...nel.org>,
        linux-kselftest@...r.kernel.org
Subject: Re: [PATCH bpf-next v3 0/5] bpftool: Make probes which emit dmesg
 warnings optional

2020-02-25 20:44 UTC+0100 ~ Michal Rostecki <mrostecki@...nsuse.org>
> Feature probes in bpftool related to bpf_probe_write_user and
> bpf_trace_printk helpers emit dmesg warnings which might be confusing
> for people running bpftool on production environments. This patch series
> addresses that by filtering them out by default and introducing the new
> positional argument "full" which enables all available probes.
> 
> The main motivation behind those changes is ability the fact that some
> probes (for example those related to "trace" or "write_user" helpers)
> emit dmesg messages which might be confusing for people who are running
> on production environments. For details see the Cilium issue[0].
> 
> v1 -> v2:
> - Do not expose regex filters to users, keep filtering logic internal,
> expose only the "full" option for including probes which emit dmesg
> warnings.
> 
> v2 -> v3:
> - Do not use regex for filtering out probes, use function IDs directly.
> - Fix bash completion - in v2 only "prefix" was proposed after "macros",
>    "dev" and "kernel" were not.
> - Rephrase the man page paragraph, highlight helper function names.
> - Remove tests which parse the plain output of bpftool (except the
>    header/macros test), focus on testing JSON output instead.
> - Add test which compares the output with and without "full" option.
> 
> [0] https://github.com/cilium/cilium/issues/10048
> 
> Michal Rostecki (5):
>    bpftool: Move out sections to separate functions
>    bpftool: Make probes which emit dmesg warnings optional
>    bpftool: Update documentation of "bpftool feature" command
>    bpftool: Update bash completion for "bpftool feature" command
>    selftests/bpf: Add test for "bpftool feature" command
> 
>   .../bpftool/Documentation/bpftool-feature.rst |  19 +-
>   tools/bpf/bpftool/bash-completion/bpftool     |   3 +-
>   tools/bpf/bpftool/feature.c                   | 283 +++++++++++-------
>   tools/testing/selftests/.gitignore            |   5 +-
>   tools/testing/selftests/bpf/Makefile          |   3 +-
>   tools/testing/selftests/bpf/test_bpftool.py   | 179 +++++++++++
>   tools/testing/selftests/bpf/test_bpftool.sh   |   5 +
>   7 files changed, 374 insertions(+), 123 deletions(-)
>   create mode 100644 tools/testing/selftests/bpf/test_bpftool.py
>   create mode 100755 tools/testing/selftests/bpf/test_bpftool.sh
> 

This version looks good to me, thanks!

Reviewed-by: Quentin Monnet <quentin@...valent.com>

(Please keep Acked-by/Reviewed-by tags between versions if there are no 
significant changes, here for patch 1.)

That's a lot of tests now that we don't have the regex and filtering is 
very straightforward, but it does not hurt. I checked and they all pass 
on my system.

Thanks,
Quentin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ