| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 23 Mar 2020 21:53:29 -0700
From: Andrii Nakryiko <andrii.nakryiko@...il.com>
To: David Ahern <dsahern@...il.com>
Cc: Toke Høiland-Jørgensen <toke@...hat.com>,
John Fastabend <john.fastabend@...il.com>,
Jakub Kicinski <kuba@...nel.org>,
Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Martin KaFai Lau <kafai@...com>,
Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
Andrii Nakryiko <andriin@...com>,
"David S. Miller" <davem@...emloft.net>,
Jesper Dangaard Brouer <brouer@...hat.com>,
Lorenz Bauer <lmb@...udflare.com>,
Andrey Ignatov <rdna@...com>,
Networking <netdev@...r.kernel.org>, bpf <bpf@...r.kernel.org>
Subject: Re: [PATCH bpf-next 1/4] xdp: Support specifying expected existing
program when attaching XDP
On Mon, Mar 23, 2020 at 6:01 PM David Ahern <dsahern@...il.com> wrote:
>
> On 3/23/20 1:23 PM, Toke Høiland-Jørgensen wrote:
> >>>> I agree here. And yes, I've been working on extending bpf_link into
> >>>> cgroup and then to XDP. We are still discussing some cgroup-specific
> >>>> details, but the patch is ready. I'm going to post it as an RFC to get
> >>>> the discussion started, before we do this for XDP.
> >>>
> >>> Well, my reason for being skeptic about bpf_link and proposing the
> >>> netlink-based API is actually exactly this, but in reverse: With
> >>> bpf_link we will be in the situation that everything related to a netdev
> >>> is configured over netlink *except* XDP.
>
> +1
Hm... so using **libbpf**'s bpf_set_link_xdp_fd() API (notice "bpf" in
the name of the library and function, and notice no "netlink"), which
exposes absolutely nothing about netlink (it's just an internal
implementation detail and can easily change), is ok. But actually
switching to libbpf's bpf_link would be out of ordinary? Especially
considering that to use freplace programs (for libxdp and chaining)
with libbpf you will use bpf_program and bpf_link abstractions
anyways.
>
> >>
> >> One can argue that everything related to use of BPF is going to be
> >> uniform and done through BPF syscall? Given variety of possible BPF
> >> hooks/targets, using custom ways to attach for all those many cases is
> >> really bad as well, so having a unifying concept and single entry to
> >> do this is good, no?
> >
> > Well, it depends on how you view the BPF subsystem's relation to the
> > rest of the kernel, I suppose. I tend to view it as a subsystem that
> > provides a bunch of functionality, which you can setup (using "internal"
> > BPF APIs), and then attach that object to a different subsystem
> > (networking) using that subsystem's configuration APIs.
> >
>
> again, +1.
>
> bpf syscall is used for program related manipulations like load and
bpf syscall is used for way more than that, actually...
> unload. Attaching that program to an object has a type unique solution -
> e.g., netlink for XDP and ioctl for perf_events.
That's not true and hasn't been true for at least a while now. cgroup
programs, flow_dissector, lirc_mode2 (whatever that is, I have no
idea) are attached with BPF_PROG_ATTACH. raw_tracepoint and all the
fentry/fexit/fmod_ret/freplace attachments are done also through bpf
syscall. For perf_event related stuff it's done through ioctls right
now, but with bpf_link unification I wouldn't be surprised if it will
be done through the same LINK_CREATE command soon, as is done for
cgroup and *other* tracing bpf_links. Because consistent API and
semantics is good, rather than having to do it N different ways for N
different subsystems.
Powered by blists - more mailing lists