| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 15 Aug 2014 12:16:11 -0700 From: Alexei Starovoitov <ast@...mgrid.com> To: Andy Lutomirski <luto@...capital.net> Cc: Daniel Borkmann <dborkman@...hat.com>, "H. Peter Anvin" <hpa@...or.com>, Andrew Morton <akpm@...ux-foundation.org>, Linux API <linux-api@...r.kernel.org>, Chema Gonzalez <chema@...gle.com>, Eric Dumazet <edumazet@...gle.com>, "David S. Miller" <davem@...emloft.net>, Brendan Gregg <brendan.d.gregg@...il.com>, Linus Torvalds <torvalds@...ux-foundation.org>, Steven Rostedt <rostedt@...dmis.org>, LKML <linux-kernel@...r.kernel.org>, Peter Zijlstra <a.p.zijlstra@...llo.nl>, Kees Cook <keescook@...omium.org>, Network Development <netdev@...r.kernel.org>, Ingo Molnar <mingo@...nel.org> Subject: Re: [PATCH RFC v4 net-next 17/26] tracing: allow eBPF programs to be attached to events On Fri, Aug 15, 2014 at 12:02 PM, Andy Lutomirski <luto@...capital.net> wrote: >> >> correct. eBPF program would be using 8-byte read on 64-bit kernel >> and 4-byte read on 32-bit kernel. Same with access to ptrace fields >> and pretty much all other fields in the kernel. The program will be >> different on different kernels. >> Say, this bpf_context struct doesn't exist at all. The programs would >> still need to be different to walk in-kernel data structures... > > Hmm. I guess this isn't so bad. > > What's the actual difficulty with using u64? ISTM that, if the clang > front-end can't deal with u64, there's a bigger problem. Or is it > something else I don't understand. clang/llvm has no problem with u64 :) This bpf_context struct for tracing is trying to answer the question: 'what's the most convenient way to access tracepoint arguments from a script'. When kernel code has something like: trace_kfree_skb(skb, net_tx_action); the script needs to be able to access this 'skb' and 'net_tx_action' values through _single_ data structure. In this proposal they are ctx->arg1 and ctx->arg2. I've considered having different bpf_context's for every event, but the complexity explodes. I need to hack all event definitions and so on. imo it's better to move complexity to userspace, so program author or high level language abstracts these details. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists