lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAEf4BzbzM85_946eB95e9U6stknBh4ucLMKVo5SEqUsihe4K1A@mail.gmail.com>
Date: Tue, 30 Jul 2024 10:28:05 -0700
From: Andrii Nakryiko <andrii.nakryiko@...il.com>
To: Leon Hwang <hffilwlqm@...il.com>
Cc: Yonghong Song <yonghong.song@...ux.dev>, Zheao Li <me@...jusaka.me>, 
	Alexei Starovoitov <ast@...nel.org>, Daniel Borkmann <daniel@...earbox.net>, 
	John Fastabend <john.fastabend@...il.com>, Andrii Nakryiko <andrii@...nel.org>, 
	Martin KaFai Lau <martin.lau@...ux.dev>, Eduard Zingerman <eddyz87@...il.com>, Song Liu <song@...nel.org>, 
	KP Singh <kpsingh@...nel.org>, Stanislav Fomichev <sdf@...ichev.me>, Hao Luo <haoluo@...gle.com>, 
	Jiri Olsa <jolsa@...nel.org>, bpf@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH bpf-next v2] bpf: Add bpf_check_attach_target_with_klog
 method to output failure logs to kernel

On Mon, Jul 29, 2024 at 8:32 PM Leon Hwang <hffilwlqm@...il.com> wrote:
>
>
>
> On 30/7/24 05:01, Andrii Nakryiko wrote:
> > On Fri, Jul 26, 2024 at 9:04 PM Leon Hwang <hffilwlqm@...il.com> wrote:
> >>
> >>
> >>
> >> On 2024/7/27 08:12, Andrii Nakryiko wrote:
> >>> On Thu, Jul 25, 2024 at 7:57 PM Leon Hwang <hffilwlqm@...il.com> wrote:
> >>>>
> >>>>
> >>>>
>
> [...]
>
> >>>>
> >>>> Is it OK to add a tracepoint here? I think tracepoint is more generic
> >>>> than retsnoop-like way.
> >>>
> >>> I personally don't see a problem with adding tracepoint, but how would
> >>> it look like, given we are talking about vararg printf-style function
> >>> calls? I'm not sure how that should be represented in such a way as to
> >>> make it compatible with tracepoints and not cause any runtime
> >>> overhead.
> >>
> >> The tracepoint is not about vararg printf-style function calls.
> >>
> >> It is to trace the reason why it fails to bpf_check_attach_target() at
> >> attach time.
> >>
> >
> > Oh, that changes things. I don't think we can keep adding extra
> > tracepoints for various potential reasons that BPF prog might be
> > failing to verify.
> >
> > But there is usually no need either. This particular code already
> > supports emitting extra information into verifier log, you just have
> > to provide that. This is done by libbpf automatically, can't your
> > library of choice do the same (if BPF program failed).
> >
> > Why go to all this trouble if we already have a facility to debug
> > issues like this. Note every issue is logged into verifier log, but in
> > this case it is.
> >
>
> Yeah, it is unnecessary to add tracepoint here, as we are able to trace
> the log message in bpf_log() arguments with retsnoop.

My point was that you don't even need retsnoop, you can just ask for
verifier log directly, that's the main way to understand and debug BPF
program verification/load failures.

>
> Thanks,
> Leon

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ