lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <aEs6H4sVGY/YqcQl@pop-os.localdomain>
Date: Thu, 12 Jun 2025 13:35:43 -0700
From: Cong Wang <xiyou.wangcong@...il.com>
To: Alban Crequy <alban.crequy@...il.com>
Cc: linux-kernel@...r.kernel.org, bpf@...r.kernel.org,
	Yucong Sun <fallentree@...com>, mauriciovasquezbernal@...il.com,
	albancrequy@...rosoft.com
Subject: Re: Loading custom BPF programs at early boot (initrd)

Hi Alban,

On Wed, Jun 04, 2025 at 04:50:15PM +0200, Alban Crequy wrote:
> Hello,
> 
> I’m looking to load and attach a BPF program at early boot, that is
> before the rootfs is mounted in read-write mode. This is for tracing
> I/O operations on disk.
> 
> Without BPF, this can be done with a kernel module and then use Dracut
> + dkms to update the initrd. But I am looking to avoid custom kernel
> modules and I would like to have a solution with BPF working on most
> Linux distros without too much maintenance work for each distro.
> 
> I’ve noticed the bpf_preload module, but from the discussion below, I
> gather that it does not allow to load custom bpf modules:
> https://github.com/torvalds/linux/tree/master/kernel/bpf/preload
> https://lwn.net/Articles/889466/
> 
> Do you know of prior-art or recommendation how to do this correctly,
> and hopefully without a custom kernel module?

I must miss something here... but dracut should allow to pack any binary
(e.g. your own eBPF program) into initramfs and allow to customize your
own init script too. With the eBPF binary and bpftool and/or other
loading script packed into initramfs, you can get what you want without
bothering a kernel module?

Something like below?

install_items+="/path/to/your/ebpf_program"
# pack bpftool if you need
# pack libbpf if you need
inst_hook pre-mount 50 "/path/to/your_loading_script"

Regards,
Cong

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ