lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 23 Jul 2021 18:12:32 -0600
From:   David Ahern <dsahern@...il.com>
To:     Andrii Nakryiko <andrii.nakryiko@...il.com>,
        Hangbin Liu <haliu@...hat.com>
Cc:     Martynas Pumputis <m@...bda.lt>,
        Networking <netdev@...r.kernel.org>,
        Stephen Hemminger <stephen@...workplumber.org>,
        David Ahern <dsahern@...il.com>,
        Daniel Borkmann <daniel@...earbox.net>
Subject: Re: [PATCH iproute2] libbpf: fix attach of prog with multiple
 sections

On 7/22/21 10:51 PM, Andrii Nakryiko wrote:
> On Thu, Jul 22, 2021 at 9:41 PM Hangbin Liu <haliu@...hat.com> wrote:
>>
>> On Wed, Jul 21, 2021 at 04:47:14PM +0200, Martynas Pumputis wrote:
>>>>> diff --git a/lib/bpf_libbpf.c b/lib/bpf_libbpf.c
>>>>> index d05737a4..f76b90d2 100644
>>>>> --- a/lib/bpf_libbpf.c
>>>>> +++ b/lib/bpf_libbpf.c
>>>>> @@ -267,10 +267,12 @@ static int load_bpf_object(struct bpf_cfg_in *cfg)
>>>>>          }
>>>>>
>>>>>          bpf_object__for_each_program(p, obj) {
>>>>> +               bool prog_to_attach = !prog && cfg->section &&
>>>>> +                       !strcmp(get_bpf_program__section_name(p), cfg->section);
>>>>
>>>> This is still problematic, because one section can have multiple BPF
>>>> programs. I.e., it's possible two define two or more XDP BPF programs
>>>> all with SEC("xdp") and libbpf works just fine with that. I suggest
>>>> moving users to specify the program name (i.e., C function name
>>>> representing the BPF program). All the xdp_mycustom_suffix namings are
>>>> a hack and will be rejected by libbpf 1.0, so it would be great to get
>>>> a head start on fixing this early on.
>>>
>>> Thanks for bringing this up. Currently, there is no way to specify a
>>> function name with "tc exec bpf" (only a section name via the "sec" arg). So
>>> probably, we should just add another arg to specify the function name.
>>
>> How about add a "prog" arg to load specified program name and mark
>> "sec" as not recommended? To keep backwards compatibility we just load the
>> first program in the section.
> 
> Why not error out if there is more than one program with the same
> section name? if there is just one (and thus section name is still
> unique) -- then proceed. It seems much less confusing, IMO.
> 

Let' see if I understand this correctly: libbpf 1.0 is not going to
allow SEC("xdp_foo") or SEC("xdp_bar") kind of section names - which is
the hint for libbpf to know program type. Instead only SEC("xdp") is
allowed.

Further, a single object file is not going to be allowed to have
multiple SEC("xdp") instances for each program name.

Correct? If so, it seems like this is limiting each object file to a
single XDP program or a single object file can have 1 XDP program and 1
tc program.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ