| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 13 Dec 2019 19:10:40 +0100
From: Paul Chaignon <paul.chaignon@...nge.com>
To: Quentin Monnet <quentin.monnet@...ronome.com>
Cc: bpf@...r.kernel.org, paul.chaignon@...il.com,
netdev@...r.kernel.org, Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Martin KaFai Lau <kafai@...com>,
Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
Andrii Nakryiko <andriin@...com>
Subject: Re: [PATCH bpf-next 1/3] bpftool: match several programs with same
tag
On Tue, Dec 10, 2019 at 05:29:18PM +0000, Quentin Monnet wrote:
> Hi Paul,
>
> 2019-12-10 17:06 UTC+0100 ~ Paul Chaignon <paul.chaignon@...nge.com>
> > When several BPF programs have the same tag, bpftool matches only the
> > first (in ID order). This patch changes that behavior such that dump and
> > show commands return all matched programs. Commands that require a single
> > program (e.g., pin and attach) will error out if given a tag that matches
> > several. bpftool prog dump will also error out if file or visual are
> > given and several programs have the given tag.
> >
> > In the case of the dump command, a program header is added before each
> > dump only if the tag matches several programs; this patch doesn't change
> > the output if a single program matches.
> >
> > Signed-off-by: Paul Chaignon <paul.chaignon@...nge.com>
> > ---
> > .../bpftool/Documentation/bpftool-prog.rst | 16 +-
> > tools/bpf/bpftool/prog.c | 371 ++++++++++++------
> > 2 files changed, 272 insertions(+), 115 deletions(-)
> >
[...]
> > @@ -351,21 +421,43 @@ static int show_prog(int fd)
> >
> > static int do_show(int argc, char **argv)
> > {
> > + int fd, nb_fds, i;
> > + int *fds = NULL;
> > __u32 id = 0;
> > int err;
> > - int fd;
> >
> > if (show_pinned)
> > build_pinned_obj_table(&prog_table, BPF_OBJ_PROG);
> >
> > if (argc == 2) {
> > - fd = prog_parse_fd(&argc, &argv);
> > - if (fd < 0)
> > + fds = malloc(sizeof(int));
> > + if (!fds) {
> > + p_err("mem alloc failed");
> > return -1;
> > + }
> > + nb_fds = prog_parse_fds(&argc, &argv, fds);
> > + if (nb_fds < 1)
> > + goto err_free;
> >
> > - err = show_prog(fd);
> > - close(fd);
> > - return err;
> > + if (json_output && nb_fds > 1)
> > + jsonw_start_array(json_wtr); /* root array */
> > + for (i = 0; i < nb_fds; i++) {
> > + err = show_prog(fds[i]);
> > + close(fds[i]);
> > + if (err) {
> > + for (i++; i < nb_fds; i++)
> > + close(fds[i]);
> > + goto err_free;
>
> Alternatively, we could keep trying to list the remaining programs. For
> example, if the system has a long list of BPF programs running and one
> of them is removed while printing the list, we would still have the rest
> of the list.
As discussed off the list, since the kernel keeps a refcount for programs,
a program won't be removed while printing the list, not as long as we hold
an fd to it. Unless there's another common case of failure, I'm going to
keep the current behavior in the v2 and break out of the loop on errors
(though, with the appropriate JSON array closing).
>
> If we went this way, maybe just set err to non-zero if no program at all
> could be printed?
>
> > + }
> > + }
> > + if (json_output && nb_fds > 1)
> > + jsonw_end_array(json_wtr); /* root array */
> > +
> > + return 0;
> > +
> > +err_free:
> > + free(fds);
> > + return -1;
> > }
> >
> > if (argc)
Powered by blists - more mailing lists