| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CALx6S36aPgB1PCsTg7Z=SNGQs_8REMm4qJdpp6JJ6ksVp_65VA@mail.gmail.com> Date: Tue, 12 Jul 2016 07:52:53 -0700 From: Tom Herbert <tom@...bertland.com> To: Jesper Dangaard Brouer <brouer@...hat.com> Cc: Brenden Blanco <bblanco@...mgrid.com>, "David S. Miller" <davem@...emloft.net>, Linux Kernel Network Developers <netdev@...r.kernel.org>, Jamal Hadi Salim <jhs@...atatu.com>, Saeed Mahameed <saeedm@....mellanox.co.il>, Martin KaFai Lau <kafai@...com>, Ari Saha <as754m@....com>, Alexei Starovoitov <alexei.starovoitov@...il.com>, Or Gerlitz <gerlitz.or@...il.com>, john fastabend <john.fastabend@...il.com>, Hannes Frederic Sowa <hannes@...essinduktion.org>, Thomas Graf <tgraf@...g.ch>, Daniel Borkmann <daniel@...earbox.net> Subject: Re: [PATCH v8 01/11] bpf: add XDP prog type for early driver filter On Tue, Jul 12, 2016 at 6:14 AM, Jesper Dangaard Brouer <brouer@...hat.com> wrote: > > On Tue, 12 Jul 2016 00:51:24 -0700 Brenden Blanco <bblanco@...mgrid.com> wrote: > >> Add a new bpf prog type that is intended to run in early stages of the >> packet rx path. Only minimal packet metadata will be available, hence a >> new context type, struct xdp_md, is exposed to userspace. So far only >> expose the packet start and end pointers, and only in read mode. >> >> An XDP program must return one of the well known enum values, all other >> return codes are reserved for future use. Unfortunately, this >> restriction is hard to enforce at verification time, so take the >> approach of warning at runtime when such programs are encountered. Out >> of bounds return codes should alias to XDP_ABORTED. > > This is going to be a serious usability problem, when XDP gets extended > with newer features. > > How can users know what XDP capabilities a given driver support? > We talked about this a the XDP summit and I have some slides on this (hope to have slides posted shortly) . Drivers, more generally XDP platforms, will provide a list APIs that they support. APIs would be contained in a sort common specification files that and would have some name like basic_xdp_api, adv_switch_api, etc. An XDP program is written using one of the published APIs and the API it uses is expressed as part of the program. At runtime (possibly compile time) the API used by the program is checked against the list of APIs for the target platform-- if the API is not in the set then the program is not allowed to be loaded. To whatever extent possible we should also try to verify that program adhere's to the API as load and compile time. In the event that program violates the API it claims to be using, such as return invalid return code for the API, that is an error condition. > If the user loads a XDP program using capabilities not avail in the > driver, then all his traffic will be hard dropped. > > > My proposal is to NOT allow XDP programs to be loaded if they want to use > return-codes/features not supported by the driver. Thus, eBPF programs > register/annotate their needed capabilities upfront (I guess this could > also help HW offload engines). > Exactly. We just need to define exactly how this is done ;-) One open issue is whether XDP needs to be binary compatible across platforms or source code compatible (also require recompile in latter case for each platform). Personally I prefer source code compatible since that might allow platforms to implement the API specifically for their needs (like the ordering of fields in a meta data structure. Tom > -- > Best regards, > Jesper Dangaard Brouer > MSc.CS, Principal Kernel Engineer at Red Hat > Author of http://www.iptv-analyzer.org > LinkedIn: http://www.linkedin.com/in/brouer
Powered by blists - more mailing lists