| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 31 Mar 2020 11:52:04 -0700
From: Alexei Starovoitov <alexei.starovoitov@...il.com>
To: Toke Høiland-Jørgensen <toke@...hat.com>
Cc: Edward Cree <ecree@...arflare.com>,
Andrii Nakryiko <andrii.nakryiko@...il.com>,
John Fastabend <john.fastabend@...il.com>,
Jakub Kicinski <kuba@...nel.org>,
Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Martin KaFai Lau <kafai@...com>,
Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
Andrii Nakryiko <andriin@...com>,
"David S. Miller" <davem@...emloft.net>,
Jesper Dangaard Brouer <brouer@...hat.com>,
Lorenz Bauer <lmb@...udflare.com>,
Andrey Ignatov <rdna@...com>,
Networking <netdev@...r.kernel.org>, bpf <bpf@...r.kernel.org>
Subject: Re: [PATCH bpf-next 1/4] xdp: Support specifying expected existing
program when attaching XDP
On Tue, Mar 31, 2020 at 01:34:00PM +0200, Toke Høiland-Jørgensen wrote:
> Alexei Starovoitov <alexei.starovoitov@...il.com> writes:
>
> > On Mon, Mar 30, 2020 at 04:41:46PM +0100, Edward Cree wrote:
> >> On 29/03/2020 21:23, Andrii Nakryiko wrote:
> >> > But you can't say the same about other XDP applications that do not
> >> > use libxdp. So will your library come with a huge warning
> >> What about a system-wide policy switch to decide whether replacing/
> >> removing an XDP program without EXPECTED_FD is allowed? That way
> >> the sysadmin gets to choose whether it's the firewall or the packet
> >> analyser that breaks, rather than baking a policy into the design.
> >> Then libxdp just needs to say in the README "you might want to turn
> >> on this switch". Or maybe it defaults to on, and the other program
> >> has to talk you into turning it off if it wants to be 'ill-behaved'.
> >
> > yeah. something like this can work for xdp only, but
> > it won't work for tc, since ownership is missing.
> > It looks like such policy knob will bere-inventing bpf_link for
> > one specific xdp case only because xdp has one program per attachment.
>
> You keep talking about this as though bpf_link was the existing API and
> we're discussing adding another, when in reality it's the other way
> around.
We explained it several times already that it is an existing API.
The _name_ bpf_link was formed only recently, but the concept
existed for very long time.
The raw_tp attach is nothing but bpf_link. It's FD based and it
preserves ownership (program execution guarantee).
Nothing can nuke it from under the process.
This was an api from the day one. See
commit c4f6699dfcb8 ("bpf: introduce BPF_RAW_TRACEPOINT")
from March 2018.
Then FD based [ku]probe and tracepoints were added
with the same two properties of bpf_link concept.
Then fentry/fexit attachment. Also FD based and execution guarantee.
And finally freplace. which is exact equivalent of bpf_link for xdp.
Since freplace can only be one, attaching freplace prog to another
program locks out any other process from attaching a different freplace
prog in the same spot (the same hook/function in the target prog).
To me that behavior looks like 100% equivalency to bpf_link for xdp.
While raw_tp/kprobe/tp/fentry/fexit/bpf_lsm are 100% equivalent to
what we want to do with bpf_link for TC (FD based multi prog with
all progs running and execution guarantee).
Powered by blists - more mailing lists