| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 3 Aug 2020 11:33:13 -0700
From: Alexei Starovoitov <alexei.starovoitov@...il.com>
To: Daniel Borkmann <daniel@...earbox.net>
Cc: "David S. Miller" <davem@...emloft.net>,
Network Development <netdev@...r.kernel.org>,
bpf <bpf@...r.kernel.org>, Kernel Team <kernel-team@...com>
Subject: Re: [PATCH v5 bpf-next 3/4] bpf: Add kernel module with user mode
driver that populates bpffs.
On Mon, Aug 3, 2020 at 10:40 AM Daniel Borkmann <daniel@...earbox.net> wrote:
>
> On 8/3/20 7:34 PM, Daniel Borkmann wrote:
> > On 8/3/20 7:15 PM, Daniel Borkmann wrote:
> >> On 8/3/20 12:29 AM, Alexei Starovoitov wrote:
> >>> From: Alexei Starovoitov <ast@...nel.org>
> >>>
> >>> Add kernel module with user mode driver that populates bpffs with
> >>> BPF iterators.
> >>>
> >>> $ mount bpffs /my/bpffs/ -t bpf
> >>> $ ls -la /my/bpffs/
> >>> total 4
> >>> drwxrwxrwt 2 root root 0 Jul 2 00:27 .
> >>> drwxr-xr-x 19 root root 4096 Jul 2 00:09 ..
> >>> -rw------- 1 root root 0 Jul 2 00:27 maps.debug
> >>> -rw------- 1 root root 0 Jul 2 00:27 progs.debug
> >>>
> >>> The user mode driver will load BPF Type Formats, create BPF maps, populate BPF
> >>> maps, load two BPF programs, attach them to BPF iterators, and finally send two
> >>> bpf_link IDs back to the kernel.
> >>> The kernel will pin two bpf_links into newly mounted bpffs instance under
> >>> names "progs.debug" and "maps.debug". These two files become human readable.
> >>>
> >>> $ cat /my/bpffs/progs.debug
> >>> id name attached
> >>> 11 dump_bpf_map bpf_iter_bpf_map
> >>> 12 dump_bpf_prog bpf_iter_bpf_prog
> >>> 27 test_pkt_access
> >>> 32 test_main test_pkt_access test_pkt_access
> >>> 33 test_subprog1 test_pkt_access_subprog1 test_pkt_access
> >>> 34 test_subprog2 test_pkt_access_subprog2 test_pkt_access
> >>> 35 test_subprog3 test_pkt_access_subprog3 test_pkt_access
> >>> 36 new_get_skb_len get_skb_len test_pkt_access
> >>> 37 new_get_skb_ifindex get_skb_ifindex test_pkt_access
> >>> 38 new_get_constant get_constant test_pkt_access
> >>>
> >>> The BPF program dump_bpf_prog() in iterators.bpf.c is printing this data about
> >>> all BPF programs currently loaded in the system. This information is unstable
> >>> and will change from kernel to kernel as ".debug" suffix conveys.
> >>>
> >>> Signed-off-by: Alexei Starovoitov <ast@...nel.org>
> >> [...]
> >>> diff --git a/kernel/bpf/preload/Kconfig b/kernel/bpf/preload/Kconfig
> >>> new file mode 100644
> >>> index 000000000000..b8ba5a9398ed
> >>> --- /dev/null
> >>> +++ b/kernel/bpf/preload/Kconfig
> >>> @@ -0,0 +1,18 @@
> >>> +# SPDX-License-Identifier: GPL-2.0-only
> >>> +menuconfig BPF_PRELOAD
> >>> + bool "Preload BPF file system with kernel specific program and map iterators"
> >>> + depends on BPF
> >>> + help
> >>> + This builds kernel module with several embedded BPF programs that are
> >>> + pinned into BPF FS mount point as human readable files that are
> >>> + useful in debugging and introspection of BPF programs and maps.
> >>> +
> >>> +if BPF_PRELOAD
> >>> +config BPF_PRELOAD_UMD
> >>> + tristate "bpf_preload kernel module with user mode driver"
> >>> + depends on CC_CAN_LINK
> >>> + depends on m || CC_CAN_LINK_STATIC
> >>> + default m
> >>> + help
> >>> + This builds bpf_preload kernel module with embedded user mode driver.
> >>> +endif
> >> [...]
> >> When I applied this set locally to run build & selftests I noticed that the above
> >> kconfig will appear in the top-level menuconfig. This is how it looks in menuconfig:
> >>
> >> │ ┌────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐ │
> >> │ │ General setup ---> │ │
> >> │ │ [*] 64-bit kernel │ │
> >> │ │ Processor type and features ---> │ │
> >> │ │ Power management and ACPI options ---> │ │
> >> │ │ Bus options (PCI etc.) ---> │ │
> >> │ │ Binary Emulations ---> │ │
> >> │ │ Firmware Drivers ---> │ │
> >> │ │ [*] Virtualization ---> │ │
> >> │ │ General architecture-dependent options ---> │ │
> >> │ │ [*] Enable loadable module support ---> │ │
> >> │ │ -*- Enable the block layer ---> │ │
> >> │ │ IO Schedulers ---> │ │
> >> │ │ [ ] Preload BPF file system with kernel specific program and map iterators ---- │ │
> >> │ │ Executable file formats ---> │ │
> >> │ │ Memory Management options ---> │ │
> >> │ │ [*] Networking support ---> │ │
> >> │ │ Device Drivers ---> │ │
> >> │ │ File systems ---> │ │
> >> │ │ Security options ---> │ │
> >> [...]
> >>
> >> I assume the original intention was to have it under 'general setup' on a similar level for
> >> the JIT settings, or is this intentional to have it at this high level next to 'networking
> >> support' and others?
I don't remember when last time I did menuconfig.
How do you propose to move it?
Any particular suggestion how kconfig suppose to look like?
> >
> > Hm, my config has:
> >
> > CONFIG_BPF_PRELOAD=y
> > CONFIG_BPF_PRELOAD_UMD=y
> >
> > I'm getting the following 3 warnings and build error below:
> >
> > root@...k:~/bpf-next# make -j8 > /dev/null
> > arch/x86/hyperv/hv_apic.c: In function ‘hv_send_ipi_mask_allbutself’:
> > arch/x86/hyperv/hv_apic.c:236:1: warning: the frame size of 1032 bytes is larger than 1024 bytes [-Wframe-larger-than=]
> > }
> > ^
> > make[3]: *** No rule to make target 'kernel/bpf/preload/./../../tools/lib/bpf/bpf.c', needed by 'kernel/bpf/preload/./../../tools/lib/bpf/bpf.o'. Stop.
> > make[3]: *** Waiting for unfinished jobs....
> > kernel/bpf/preload/iterators/iterators.c: In function ‘main’:
> > kernel/bpf/preload/iterators/iterators.c:50:2: warning: ignoring return value of ‘dup’, declared with attribute warn_unused_result [-Wunused-result]
> > dup(debug_fd);
> > ^~~~~~~~~~~~~
> > kernel/bpf/preload/iterators/iterators.c:53:2: warning: ignoring return value of ‘read’, declared with attribute warn_unused_result [-Wunused-result]
> > read(from_kernel, &magic, sizeof(magic));
> > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > kernel/bpf/preload/iterators/iterators.c:85:2: warning: ignoring return value of ‘read’, declared with attribute warn_unused_result [-Wunused-result]
> > read(from_kernel, &magic, sizeof(magic));
> > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > make[2]: *** [kernel/bpf/preload] Error 2
> > make[1]: *** [kernel/bpf] Error 2
> > make: *** [kernel] Error 2
> > make: *** Waiting for unfinished jobs....
> > [...]
> >
> > Have you seen the target error before, what am I missing?
>
> Looks like the path in this patch is wrong:
>
> diff --git a/kernel/bpf/preload/Makefile b/kernel/bpf/preload/Makefile
> index 191d82209842..136c6ca0c196 100644
> --- a/kernel/bpf/preload/Makefile
> +++ b/kernel/bpf/preload/Makefile
> @@ -1,6 +1,6 @@
> # SPDX-License-Identifier: GPL-2.0
>
> -LIBBPF := $(srctree)/../../tools/lib/bpf
> +LIBBPF := $(srctree)/../../../tools/lib/bpf
hmm. that's very odd.
Are you building in-src-tree ?
I'm building out-of-src-tree with KBUILD_OUTPUT.
And two pairs of dots would be correct.
make V=1 kernel/bpf/preload/
gcc -m64 -lelf -lz -o kernel/bpf/preload/bpf_preload_umd
kernel/bpf/preload/iterators/iterators.o
kernel/bpf/preload/../../../tools/lib/bpf/bpf.o
see three pairs above. the first pair comes from $(srctree) somehow.
> userccflags += -I $(srctree)/tools/include/ -I $(srctree)/tools/include/uapi -I $(LIBBPF) \
> -I $(srctree)/tools/lib/ \
> -I $(srctree)/kernel/bpf/preload/iterators/ -Wno-int-conversion \
>
> With that, I'm now getting the following error:
>
> root@...k:~/bpf-next# make -j8
> DESCEND objtool
> DESCEND bpf/resolve_btfids
> CALL scripts/atomic/check-atomics.sh
> CALL scripts/checksyscalls.sh
> CHK include/generated/compile.h
> CC kernel/events/core.o
> CC [U] kernel/bpf/preload/iterators/iterators.o
> kernel/bpf/preload/iterators/iterators.c: In function ‘main’:
> kernel/bpf/preload/iterators/iterators.c:50:2: warning: ignoring return value of ‘dup’, declared with attribute warn_unused_result [-Wunused-result]
> dup(debug_fd);
> ^~~~~~~~~~~~~
> kernel/bpf/preload/iterators/iterators.c:53:2: warning: ignoring return value of ‘read’, declared with attribute warn_unused_result [-Wunused-result]
> read(from_kernel, &magic, sizeof(magic));
> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> kernel/bpf/preload/iterators/iterators.c:85:2: warning: ignoring return value of ‘read’, declared with attribute warn_unused_result [-Wunused-result]
> read(from_kernel, &magic, sizeof(magic));
> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> CC kernel/events/ring_buffer.o
> CC [U] kernel/bpf/preload/./../../../tools/lib/bpf/bpf.o
> CC [U] kernel/bpf/preload/./../../../tools/lib/bpf/libbpf.o
> In file included from kernel/bpf/preload/./../../../tools/lib/bpf/libbpf.c:47:0:
> ./tools/include/tools/libc_compat.h:11:21: error: static declaration of ‘reallocarray’ follows non-static declaration
> static inline void *reallocarray(void *ptr, size_t nmemb, size_t size)
> ^~~~~~~~~~~~
I saw this in the past when makefile was wrong. I suspect it's related
to the above issue.
Could you send me your build script / command line and make version?
Powered by blists - more mailing lists