lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAEf4BzY9VyvQSXv4AiX6m85gcvwAqfXxKcRFDpsLe=yucL5MPA@mail.gmail.com>
Date:   Thu, 8 Jul 2021 13:04:48 -0700
From:   Andrii Nakryiko <andrii.nakryiko@...il.com>
To:     Steven Rostedt <rostedt@...dmis.org>
Cc:     LKML <linux-kernel@...r.kernel.org>,
        syzbot+721aa903751db87aa244@...kaller.appspotmail.com,
        Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>,
        Mathieu Desnoyers <mathieu.desnoyers@...icios.com>,
        Ingo Molnar <mingo@...nel.org>,
        Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        Andrii Nakryiko <andrii@...nel.org>,
        netdev <netdev@...r.kernel.org>, bpf <bpf@...r.kernel.org>
Subject: Re: [PATCH] tracepoint: Add tracepoint_probe_register_may_exist() for
 BPF tracing

On Wed, Jul 7, 2021 at 5:43 PM Steven Rostedt <rostedt@...dmis.org> wrote:
>
> On Wed, 7 Jul 2021 17:23:54 -0700
> Andrii Nakryiko <andrii.nakryiko@...il.com> wrote:
>
> > On Wed, Jul 7, 2021 at 5:05 PM Steven Rostedt <rostedt@...dmis.org> wrote:
> > >
> > > On Wed, 7 Jul 2021 16:49:26 -0700
> > > Andrii Nakryiko <andrii.nakryiko@...il.com> wrote:
> > >
> > > > As for why the user might need that, it's up to the user and I don't
> > > > want to speculate because it will always sound contrived without a
> > > > specific production use case. But people are very creative and we try
> > > > not to dictate how and what can be done if it doesn't break any
> > > > fundamental assumption and safety.
> > >
> > > I guess it doesn't matter, because if they try to do it, the second
> > > attachment will simply fail to attach.
> > >
> >
> > But not for the kprobe case.
>
> What do you mean "not for the kprobe case"? What kprobe case?
>
> You attach the same program twice to the same kprobe? Or do you create
> two kprobes at the same location?
>

I meant attaching the same BPF program twice to the same kernel
function through the kprobe mechanism (through perf_event_open()
syscall). From user perspective it's one BPF program attached twice to
the same kprobe. Not entirely sure if two perf_event_open() calls will
create two kprobes or re-use one internally.

> >
> > And it might not always be possible to know that the same BPF program
> > is being attached. It could be attached by different processes that
> > re-use pinned program (without being aware of each other). Or it could
> > be done from some generic library that just accepts prog_fd and
> > doesn't really know the exact BPF program and whether it was already
> > attached.
> >
> > Not sure why it doesn't matter that attachment will fail where it is
> > expected to succeed. The question is rather why such restriction?
>
> Why is it expected to succeed? It never did. And why such a
> restriction? Because it complicates the code, and there's no good use
> case to do so. Why complicate something for little reward?

See above about kprobe for why it was my expectation.

But it was my original question whether this causes some complications
or it's just an attempt to detect API mis-use. Seems like it's the
former, alright.

>
> -- Steve

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ