lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <19097c64-7dce-479a-8123-2d0be20a0927@gmail.com>
Date: Fri, 2 Aug 2024 13:35:08 +0800
From: Leon Hwang <hffilwlqm@...il.com>
To: Andrii Nakryiko <andrii.nakryiko@...il.com>
Cc: Yonghong Song <yonghong.song@...ux.dev>, Zheao Li <me@...jusaka.me>,
 Alexei Starovoitov <ast@...nel.org>, Daniel Borkmann <daniel@...earbox.net>,
 John Fastabend <john.fastabend@...il.com>,
 Andrii Nakryiko <andrii@...nel.org>, Martin KaFai Lau
 <martin.lau@...ux.dev>, Eduard Zingerman <eddyz87@...il.com>,
 Song Liu <song@...nel.org>, KP Singh <kpsingh@...nel.org>,
 Stanislav Fomichev <sdf@...ichev.me>, Hao Luo <haoluo@...gle.com>,
 Jiri Olsa <jolsa@...nel.org>, bpf@...r.kernel.org,
 linux-kernel@...r.kernel.org
Subject: Re: [PATCH bpf-next v2] bpf: Add bpf_check_attach_target_with_klog
 method to output failure logs to kernel



On 2/8/24 00:59, Andrii Nakryiko wrote:
> On Tue, Jul 30, 2024 at 8:31 PM Leon Hwang <hffilwlqm@...il.com> wrote:
>>
>>
>>
>> On 31/7/24 01:28, Andrii Nakryiko wrote:
>>> On Mon, Jul 29, 2024 at 8:32 PM Leon Hwang <hffilwlqm@...il.com> wrote:
>>>>
>>>>
>>>>
>>>> On 30/7/24 05:01, Andrii Nakryiko wrote:
>>>>> On Fri, Jul 26, 2024 at 9:04 PM Leon Hwang <hffilwlqm@...il.com> wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>> On 2024/7/27 08:12, Andrii Nakryiko wrote:
>>>>>>> On Thu, Jul 25, 2024 at 7:57 PM Leon Hwang <hffilwlqm@...il.com> wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>
>>>> [...]
>>>>
>>>>>>>>
>>>>>>>> Is it OK to add a tracepoint here? I think tracepoint is more generic
>>>>>>>> than retsnoop-like way.
>>>>>>>
>>>>>>> I personally don't see a problem with adding tracepoint, but how would
>>>>>>> it look like, given we are talking about vararg printf-style function
>>>>>>> calls? I'm not sure how that should be represented in such a way as to
>>>>>>> make it compatible with tracepoints and not cause any runtime
>>>>>>> overhead.
>>>>>>
>>>>>> The tracepoint is not about vararg printf-style function calls.
>>>>>>
>>>>>> It is to trace the reason why it fails to bpf_check_attach_target() at
>>>>>> attach time.
>>>>>>
>>>>>
>>>>> Oh, that changes things. I don't think we can keep adding extra
>>>>> tracepoints for various potential reasons that BPF prog might be
>>>>> failing to verify.
>>>>>
>>>>> But there is usually no need either. This particular code already
>>>>> supports emitting extra information into verifier log, you just have
>>>>> to provide that. This is done by libbpf automatically, can't your
>>>>> library of choice do the same (if BPF program failed).
>>>>>
>>>>> Why go to all this trouble if we already have a facility to debug
>>>>> issues like this. Note every issue is logged into verifier log, but in
>>>>> this case it is.
>>>>>
>>>>
>>>> Yeah, it is unnecessary to add tracepoint here, as we are able to trace
>>>> the log message in bpf_log() arguments with retsnoop.
>>>
>>> My point was that you don't even need retsnoop, you can just ask for
>>> verifier log directly, that's the main way to understand and debug BPF
>>> program verification/load failures.
>>>
>>
>> Nope. It is not about BPF program verification/load failures. It is
>> about freplace program attach failures instead.
> 
> Ah, my bad, it's at an attach time. Still, I don't think a tracepoint
> for every possible failure will ever work. Perhaps the right approach
> is to wire up bpf_log into attach commands (LINK_CREATE, at least), so
> that the kernel can report back what's the reason for declining
> attachment?
> 

OK. Let me take a try.

Thanks,
Leon

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ