| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CALCETrUqop+UB-BhyX4Y41kELO+6kcFdS1F7ZyN0CzRwg4UGhA@mail.gmail.com> Date: Fri, 15 Aug 2014 12:18:53 -0700 From: Andy Lutomirski <luto@...capital.net> To: Alexei Starovoitov <ast@...mgrid.com> Cc: Daniel Borkmann <dborkman@...hat.com>, "H. Peter Anvin" <hpa@...or.com>, Andrew Morton <akpm@...ux-foundation.org>, Linux API <linux-api@...r.kernel.org>, Chema Gonzalez <chema@...gle.com>, Eric Dumazet <edumazet@...gle.com>, "David S. Miller" <davem@...emloft.net>, Brendan Gregg <brendan.d.gregg@...il.com>, Linus Torvalds <torvalds@...ux-foundation.org>, Steven Rostedt <rostedt@...dmis.org>, LKML <linux-kernel@...r.kernel.org>, Peter Zijlstra <a.p.zijlstra@...llo.nl>, Kees Cook <keescook@...omium.org>, Network Development <netdev@...r.kernel.org>, Ingo Molnar <mingo@...nel.org> Subject: Re: [PATCH RFC v4 net-next 17/26] tracing: allow eBPF programs to be attached to events On Fri, Aug 15, 2014 at 12:16 PM, Alexei Starovoitov <ast@...mgrid.com> wrote: > On Fri, Aug 15, 2014 at 12:02 PM, Andy Lutomirski <luto@...capital.net> wrote: >>> >>> correct. eBPF program would be using 8-byte read on 64-bit kernel >>> and 4-byte read on 32-bit kernel. Same with access to ptrace fields >>> and pretty much all other fields in the kernel. The program will be >>> different on different kernels. >>> Say, this bpf_context struct doesn't exist at all. The programs would >>> still need to be different to walk in-kernel data structures... >> >> Hmm. I guess this isn't so bad. >> >> What's the actual difficulty with using u64? ISTM that, if the clang >> front-end can't deal with u64, there's a bigger problem. Or is it >> something else I don't understand. > > clang/llvm has no problem with u64 :) > This bpf_context struct for tracing is trying to answer the question: > 'what's the most convenient way to access tracepoint arguments > from a script'. > When kernel code has something like: > trace_kfree_skb(skb, net_tx_action); > the script needs to be able to access this 'skb' and 'net_tx_action' > values through _single_ data structure. > In this proposal they are ctx->arg1 and ctx->arg2. > I've considered having different bpf_context's for every event, but > the complexity explodes. I need to hack all event definitions and so on. > imo it's better to move complexity to userspace, so program author > or high level language abstracts these details. I still don't understand why making them long instead of u64 is helpful, though. I feel like I'm missing obvious here. -- Andy Lutomirski AMA Capital Management, LLC -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists