lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 22 Jul 2021 21:51:50 -0700
From:   Andrii Nakryiko <andrii.nakryiko@...il.com>
To:     Hangbin Liu <haliu@...hat.com>
Cc:     Martynas Pumputis <m@...bda.lt>,
        Networking <netdev@...r.kernel.org>,
        Stephen Hemminger <stephen@...workplumber.org>,
        David Ahern <dsahern@...il.com>,
        Daniel Borkmann <daniel@...earbox.net>
Subject: Re: [PATCH iproute2] libbpf: fix attach of prog with multiple sections

On Thu, Jul 22, 2021 at 9:41 PM Hangbin Liu <haliu@...hat.com> wrote:
>
> On Wed, Jul 21, 2021 at 04:47:14PM +0200, Martynas Pumputis wrote:
> > > > diff --git a/lib/bpf_libbpf.c b/lib/bpf_libbpf.c
> > > > index d05737a4..f76b90d2 100644
> > > > --- a/lib/bpf_libbpf.c
> > > > +++ b/lib/bpf_libbpf.c
> > > > @@ -267,10 +267,12 @@ static int load_bpf_object(struct bpf_cfg_in *cfg)
> > > >          }
> > > >
> > > >          bpf_object__for_each_program(p, obj) {
> > > > +               bool prog_to_attach = !prog && cfg->section &&
> > > > +                       !strcmp(get_bpf_program__section_name(p), cfg->section);
> > >
> > > This is still problematic, because one section can have multiple BPF
> > > programs. I.e., it's possible two define two or more XDP BPF programs
> > > all with SEC("xdp") and libbpf works just fine with that. I suggest
> > > moving users to specify the program name (i.e., C function name
> > > representing the BPF program). All the xdp_mycustom_suffix namings are
> > > a hack and will be rejected by libbpf 1.0, so it would be great to get
> > > a head start on fixing this early on.
> >
> > Thanks for bringing this up. Currently, there is no way to specify a
> > function name with "tc exec bpf" (only a section name via the "sec" arg). So
> > probably, we should just add another arg to specify the function name.
>
> How about add a "prog" arg to load specified program name and mark
> "sec" as not recommended? To keep backwards compatibility we just load the
> first program in the section.

Why not error out if there is more than one program with the same
section name? if there is just one (and thus section name is still
unique) -- then proceed. It seems much less confusing, IMO.

>
> Thanks
> Hangbin
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ