| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <80235a44-8f01-6733-0638-c70c51cd1b90@iogearbox.net>
Date: Fri, 20 Mar 2020 21:40:46 +0100
From: Daniel Borkmann <daniel@...earbox.net>
To: Toke Høiland-Jørgensen <toke@...hat.com>,
Jakub Kicinski <kuba@...nel.org>
Cc: Alexei Starovoitov <ast@...nel.org>,
Martin KaFai Lau <kafai@...com>,
Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
Andrii Nakryiko <andriin@...com>,
"David S. Miller" <davem@...emloft.net>,
Jesper Dangaard Brouer <brouer@...hat.com>,
John Fastabend <john.fastabend@...il.com>,
Lorenz Bauer <lmb@...udflare.com>,
Andrey Ignatov <rdna@...com>, netdev@...r.kernel.org,
bpf@...r.kernel.org
Subject: Re: [PATCH bpf-next 1/4] xdp: Support specifying expected existing
program when attaching XDP
On 3/20/20 9:30 PM, Daniel Borkmann wrote:
> On 3/20/20 9:48 AM, Toke Høiland-Jørgensen wrote:
>> Jakub Kicinski <kuba@...nel.org> writes:
>>> On Thu, 19 Mar 2020 14:13:13 +0100 Toke Høiland-Jørgensen wrote:
>>>> From: Toke Høiland-Jørgensen <toke@...hat.com>
>>>>
>>>> While it is currently possible for userspace to specify that an existing
>>>> XDP program should not be replaced when attaching to an interface, there is
>>>> no mechanism to safely replace a specific XDP program with another.
>>>>
>>>> This patch adds a new netlink attribute, IFLA_XDP_EXPECTED_FD, which can be
>>>> set along with IFLA_XDP_FD. If set, the kernel will check that the program
>>>> currently loaded on the interface matches the expected one, and fail the
>>>> operation if it does not. This corresponds to a 'cmpxchg' memory operation.
>>>>
>>>> A new companion flag, XDP_FLAGS_EXPECT_FD, is also added to explicitly
>>>> request checking of the EXPECTED_FD attribute. This is needed for userspace
>>>> to discover whether the kernel supports the new attribute.
>>>>
>>>> Signed-off-by: Toke Høiland-Jørgensen <toke@...hat.com>
>>>
>>> I didn't know we wanted to go ahead with this...
>>
>> Well, I'm aware of the bpf_link discussion, obviously. Not sure what's
>> happening with that, though. So since this is a straight-forward
>> extension of the existing API, that doesn't carry a high implementation
>> cost, I figured I'd just go ahead with this. Doesn't mean we can't have
>> something similar in bpf_link as well, of course.
>
> Overall series looks okay, but before we go down that road, especially given there is
> the new bpf_link object now, I would like us to first elaborate and figure out how XDP
> fits into the bpf_link concept, where its limitations are, whether it even fits at all,
> and how its semantics should look like realistically given bpf_link is to be generic to
> all program types. Then we could extend the atomic replace there generically as well. I
> think at the very minimum it might have similarities with what is proposed here, but
> from a user experience I would like to avoid having something similar in XDP API and
> then again in bpf_link which would just be confusing..
Another aspect that falls into this atomic replacement is also that the programs can
actually be atomically replaced at runtime. Last time I looked, some drivers still do
a down/up cycle on replacement and hence traffic would be interrupted. I would argue
that such /atomic/ swap operation on bpf_link would cover a guarantee of not having to
perform this as well (workaround today would be a simple tail call map as entry point).
Thanks,
Daniel
Powered by blists - more mailing lists