lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20191213181040.GA6096@Omicron>
Date:   Fri, 13 Dec 2019 19:10:40 +0100
From:   Paul Chaignon <paul.chaignon@...nge.com>
To:     Quentin Monnet <quentin.monnet@...ronome.com>
Cc:     bpf@...r.kernel.org, paul.chaignon@...il.com,
        netdev@...r.kernel.org, Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        Martin KaFai Lau <kafai@...com>,
        Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
        Andrii Nakryiko <andriin@...com>
Subject: Re: [PATCH bpf-next 1/3] bpftool: match several programs with same
 tag

On Tue, Dec 10, 2019 at 05:29:18PM +0000, Quentin Monnet wrote:
> Hi Paul,
> 
> 2019-12-10 17:06 UTC+0100 ~ Paul Chaignon <paul.chaignon@...nge.com>
> > When several BPF programs have the same tag, bpftool matches only the
> > first (in ID order).  This patch changes that behavior such that dump and
> > show commands return all matched programs.  Commands that require a single
> > program (e.g., pin and attach) will error out if given a tag that matches
> > several.  bpftool prog dump will also error out if file or visual are
> > given and several programs have the given tag.
> > 
> > In the case of the dump command, a program header is added before each
> > dump only if the tag matches several programs; this patch doesn't change
> > the output if a single program matches.
> > 
> > Signed-off-by: Paul Chaignon <paul.chaignon@...nge.com>
> > ---
> >  .../bpftool/Documentation/bpftool-prog.rst    |  16 +-
> >  tools/bpf/bpftool/prog.c                      | 371 ++++++++++++------
> >  2 files changed, 272 insertions(+), 115 deletions(-)
> > 

[...]

> > @@ -351,21 +421,43 @@ static int show_prog(int fd)
> >  
> >  static int do_show(int argc, char **argv)
> >  {
> > +	int fd, nb_fds, i;
> > +	int *fds = NULL;
> >  	__u32 id = 0;
> >  	int err;
> > -	int fd;
> >  
> >  	if (show_pinned)
> >  		build_pinned_obj_table(&prog_table, BPF_OBJ_PROG);
> >  
> >  	if (argc == 2) {
> > -		fd = prog_parse_fd(&argc, &argv);
> > -		if (fd < 0)
> > +		fds = malloc(sizeof(int));
> > +		if (!fds) {
> > +			p_err("mem alloc failed");
> >  			return -1;
> > +		}
> > +		nb_fds = prog_parse_fds(&argc, &argv, fds);
> > +		if (nb_fds < 1)
> > +			goto err_free;
> >  
> > -		err = show_prog(fd);
> > -		close(fd);
> > -		return err;
> > +		if (json_output && nb_fds > 1)
> > +			jsonw_start_array(json_wtr);	/* root array */
> > +		for (i = 0; i < nb_fds; i++) {
> > +			err = show_prog(fds[i]);
> > +			close(fds[i]);
> > +			if (err) {
> > +				for (i++; i < nb_fds; i++)
> > +					close(fds[i]);
> > +				goto err_free;
> 
> Alternatively, we could keep trying to list the remaining programs. For
> example, if the system has a long list of BPF programs running and one
> of them is removed while printing the list, we would still have the rest
> of the list.

As discussed off the list, since the kernel keeps a refcount for programs,
a program won't be removed while printing the list, not as long as we hold
an fd to it.  Unless there's another common case of failure, I'm going to
keep the current behavior in the v2 and break out of the loop on errors
(though, with the appropriate JSON array closing).

> 
> If we went this way, maybe just set err to non-zero if no program at all
> could be printed?
> 
> > +			}
> > +		}
> > +		if (json_output && nb_fds > 1)
> > +			jsonw_end_array(json_wtr);	/* root array */
> > +
> > +		return 0;
> > +
> > +err_free:
> > +		free(fds);
> > +		return -1;
> >  	}
> >  
> >  	if (argc)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ