lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAEf4BzbT=vC8OF8cwFX8H5vphn8-dyWRjRSPq50t0Cg8onmYhA@mail.gmail.com>
Date:   Mon, 23 Mar 2020 21:53:29 -0700
From:   Andrii Nakryiko <andrii.nakryiko@...il.com>
To:     David Ahern <dsahern@...il.com>
Cc:     Toke Høiland-Jørgensen <toke@...hat.com>,
        John Fastabend <john.fastabend@...il.com>,
        Jakub Kicinski <kuba@...nel.org>,
        Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        Martin KaFai Lau <kafai@...com>,
        Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
        Andrii Nakryiko <andriin@...com>,
        "David S. Miller" <davem@...emloft.net>,
        Jesper Dangaard Brouer <brouer@...hat.com>,
        Lorenz Bauer <lmb@...udflare.com>,
        Andrey Ignatov <rdna@...com>,
        Networking <netdev@...r.kernel.org>, bpf <bpf@...r.kernel.org>
Subject: Re: [PATCH bpf-next 1/4] xdp: Support specifying expected existing
 program when attaching XDP

On Mon, Mar 23, 2020 at 6:01 PM David Ahern <dsahern@...il.com> wrote:
>
> On 3/23/20 1:23 PM, Toke Høiland-Jørgensen wrote:
> >>>> I agree here. And yes, I've been working on extending bpf_link into
> >>>> cgroup and then to XDP. We are still discussing some cgroup-specific
> >>>> details, but the patch is ready. I'm going to post it as an RFC to get
> >>>> the discussion started, before we do this for XDP.
> >>>
> >>> Well, my reason for being skeptic about bpf_link and proposing the
> >>> netlink-based API is actually exactly this, but in reverse: With
> >>> bpf_link we will be in the situation that everything related to a netdev
> >>> is configured over netlink *except* XDP.
>
> +1

Hm... so using **libbpf**'s bpf_set_link_xdp_fd() API (notice "bpf" in
the name of the library and function, and notice no "netlink"), which
exposes absolutely nothing about netlink (it's just an internal
implementation detail and can easily change), is ok. But actually
switching to libbpf's bpf_link would be out of ordinary? Especially
considering that to use freplace programs (for libxdp and chaining)
with libbpf you will use bpf_program and bpf_link abstractions
anyways.

>
> >>
> >> One can argue that everything related to use of BPF is going to be
> >> uniform and done through BPF syscall? Given variety of possible BPF
> >> hooks/targets, using custom ways to attach for all those many cases is
> >> really bad as well, so having a unifying concept and single entry to
> >> do this is good, no?
> >
> > Well, it depends on how you view the BPF subsystem's relation to the
> > rest of the kernel, I suppose. I tend to view it as a subsystem that
> > provides a bunch of functionality, which you can setup (using "internal"
> > BPF APIs), and then attach that object to a different subsystem
> > (networking) using that subsystem's configuration APIs.
> >
>
> again, +1.
>
> bpf syscall is used for program related manipulations like load and

bpf syscall is used for way more than that, actually...

> unload. Attaching that program to an object has a type unique solution -
> e.g., netlink for XDP and ioctl for perf_events.

That's not true and hasn't been true for at least a while now. cgroup
programs, flow_dissector, lirc_mode2 (whatever that is, I have no
idea) are attached with BPF_PROG_ATTACH. raw_tracepoint and all the
fentry/fexit/fmod_ret/freplace attachments are done also through bpf
syscall. For perf_event related stuff it's done through ioctls right
now, but with bpf_link unification I wouldn't be surprised if it will
be done through the same LINK_CREATE command soon, as is done for
cgroup and *other* tracing bpf_links. Because consistent API and
semantics is good, rather than having to do it N different ways for N
different subsystems.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ