[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190307213035.5eagphx6vswxalai@ast-mbp.dhcp.thefacebook.com>
Date: Thu, 7 Mar 2019 13:30:37 -0800
From: Alexei Starovoitov <alexei.starovoitov@...il.com>
To: Kris Van Hees <kris.van.hees@...cle.com>
Cc: netdev@...r.kernel.org, bpf@...r.kernel.org, daniel@...earbox.net
Subject: Re: [PATCH 0/2] bpf: context casting for tail call and gtrace prog
type
On Tue, Mar 05, 2019 at 09:03:57PM -0500, Kris Van Hees wrote:
>
> So in summary, I am trying to solve two (related) problems:
>
> - Ensure that unprivileged tracing can obtain information about the task that
> triggered a probe or event. There will always be limitations but we can do
> better than is available now.
I think unprivileged tracing is a huge topic on its own.
It's too easy to create security holes with such mechanism.
kprobe/tracepoints/etc have been historically root only and I don't see a way
for them to become unpriv.
imo the existing /proc/pid/status is already more powerful than
what you're proposing with gtrace context.
> - Allow tracing tools ab ability to provide actions to be performed when a
> probe or event fires, beyond what the individual BPF program types allow
> for the specific probe/event types (and do it in a generic manner, in a
> sense encapsulating multiple probe/event types in a more generic tracing
> context).
I think existing bpf tracing is generic whereas proposed gtrace is not generic at all.
'generic' is a loaded word. we can throw it back and forth and won't make
any forward progress. Let's focus on technical bits, ok?
> A patch I am currently working on ties into this (and I hope to get it ready
> sometime next week). It builds on the support you already have for accessing
> packet data from the __sk_buff context. If we can make this same functionality
> available to other contexts as well, my goal would be to make it possible for
> the generic tracing context to have a buffer (data and data_end members) that
> the BPF program can issue direct stores to as a means to allow a tracing
> program to control how data is written into the buffer.
sounds like you're trying to reinvent bpf_perf_event_output() mechanism.
> But being able to do things like this without
> needing to touch the context of any other BPF program type is a great benefit
> to offer tracing tools, as far as I see it.
I still don't understand what you're referring to by 'things like this'
that somehow will be possible in the future, but not possible today.
Could you please give concrete example?
Powered by blists - more mailing lists