lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 14 May 2020 23:25:39 +0100 (BST)
From:   Alan Maguire <>
To:     Andrii Nakryiko <>
cc:     Alan Maguire <>,
        Andrii Nakryiko <>, bpf <>,
        Networking <>,
        Alexei Starovoitov <>,
        Daniel Borkmann <>,
        Kernel Team <>,
        "Paul E . McKenney" <>,
        Jonathan Lemon <>
Subject: Re: [PATCH bpf-next 1/6] bpf: implement BPF ring buffer and verifier
 support for it

On Wed, 13 May 2020, Andrii Nakryiko wrote:

> On Wed, May 13, 2020 at 2:59 PM Alan Maguire <> wrote:
> >
> >
> > - attach a kprobe program to record the data via bpf_ringbuf_reserve(),
> >   and store the reserved pointer value in a per-task keyed hashmap.
> >   Then record the values of interest in the reserved space. This is our
> >   speculative data as we don't know whether we want to commit it yet.
> >
> > - attach a kretprobe program that picks up our reserved pointer and
> >   commit()s or discard()s the associated data based on the return value.
> >
> > - the consumer should (I think) then only read the committed data, so in
> >   this case just the data of interest associated with the failure case.
> >
> > I'm curious if that sort of ringbuf access pattern across multiple
> > programs would work? Thanks!
> Right now it's not allowed. Similar to spin lock and socket reference,
> verifier will enforce that reserved record is committed or discarded
> within the same BPF program invocation. Technically, nothing prevents
> us from relaxing this and allowing to store this pointer in a map, but
> that's probably way too dangerous and not necessary for most common
> cases.


> But all your troubles with this is due to using a pair of
> kprobe+kretprobe. What I think should solve your problem is a single
> fexit program. It can read input arguments *and* return value of
> traced function. So there won't be any need for additional map and
> storing speculative data (and no speculation as well, because you'll
> just know beforehand if you even need to capture data). Does this work
> for your case?

That would work for that case, absolutely! Thanks!


Powered by blists - more mailing lists