lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <b23ef4e0-afa1-4d94-b4aa-28c02c3499c6@vivo.com>
Date: Thu, 18 Sep 2025 16:05:51 +0800
From: Fuyu Zhao <zhaofuyu@...o.com>
To: Song Liu <song@...nel.org>
Cc: ast@...nel.org, daniel@...earbox.net, andrii@...nel.org,
 martin.lau@...ux.dev, yonghong.song@...ux.dev, haoluo@...gle.com,
 jolsa@...nel.org, eddyz87@...il.com, kpsingh@...nel.org, sdf@...ichev.me,
 rostedt@...dmis.org, mhiramat@...nel.org, mathieu.desnoyers@...icios.com,
 shuah@...nel.org, willemb@...gle.com, kerneljasonxing@...il.com,
 paul.chaignon@...il.com, chen.dylane@...ux.dev, memxor@...il.com,
 martin.kelly@...wdstrike.com, ameryhung@...il.com,
 linux-kernel@...r.kernel.org, bpf@...r.kernel.org,
 linux-trace-kernel@...r.kernel.org, linux-kselftest@...r.kernel.org,
 yikai.lin@...o.com
Subject: Re: [RFC PATCH bpf-next v1 0/3] bpf: Add BPF program type for
 overriding tracepoint probes



On 9/18/2025 4:02 AM, Song Liu wrote:
> On Wed, Sep 17, 2025 at 12:23 AM Fuyu Zhao <zhaofuyu@...o.com> wrote:
>>
>> Hi everyone,
>>
>> This patchset introduces a new BPF program type that allows overriding
>> a tracepoint probe function registered via register_trace_*.
>>
>> Motivation
>> ----------
>> Tracepoint probe functions registered via register_trace_* in the kernel
>> cannot be dynamically modified, changing a probe function requires recompiling
>> the kernel and rebooting. Nor can BPF programs change an existing
>> probe function.
>>
>> Overiding tracepoint supports a way to apply patches into kernel quickly
>> (such as applying security ones), through predefined static tracepoints,
>> without waiting for upstream integration.
> 
> IIUC, this work solves the same problem as raw tracepoint (raw_tp) or raw
> tracepoint with btf (tp_btf).
> 
> Did I miss something?
> 
> Thanks,
> Song

As I understand it, raw tracepoints (raw_tp) and raw tracepoint (raw_tp)
are designed mainly for tracing the kernel. The goal of this work is to
provide a way to override the tracepoint callback, so that kernel behavior
can be adjusted dynamically.

Thanks,
Fuyu

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ