lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20211018231525.tvkzacueudzceq2f@ast-mbp>
Date:   Mon, 18 Oct 2021 16:15:25 -0700
From:   Alexei Starovoitov <alexei.starovoitov@...il.com>
To:     Joe Burton <jevburton@...gle.com>
Cc:     Joe Burton <jevburton.kernel@...il.com>,
        Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        Andrii Nakryiko <andrii@...nel.org>,
        Martin KaFai Lau <kafai@...com>,
        Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
        John Fastabend <john.fastabend@...il.com>,
        KP Singh <kpsingh@...nel.org>,
        Petar Penkov <ppenkov@...gle.com>,
        Stanislav Fomichev <sdf@...gle.com>,
        Hao Luo <haoluo@...gle.com>, netdev@...r.kernel.org,
        bpf@...r.kernel.org
Subject: Re: [RFC PATCH v2 00/13] Introduce BPF map tracing capability

On Wed, Oct 06, 2021 at 02:05:55PM -0700, Joe Burton wrote:
> > Just to make sure we're on the same patch I'm proposing something like
> > the patch below...
> 
> The proposed patch seems reasonable overall:
> + eliminates a lot of boilerplate
> + enables map update filtering
> + minimal perf cost when not tracing maps
> + avoids adding complexity to verifier
> - requires touching every map type's implementation
> - tracing one map implies tracing all maps

right. The single 'if' filter inside attached bpf prog should be fast enough.

> I can rev this RFC with hooks inside the common map types' update() and
> delete() methods.
> 
> > Especially for local storage... doing tracing from bpf program itself
> > seems to make the most sense.
> 
> I'm a little unclear on how this should work. There's no off-the-shelf
> solution that can do this for us, right?
> 
> In particular I think we're looking for an interface like this:
> 
>         /* This is a BPF program */
>         int my_prog(struct bpf_sock *sk) {
>                 struct MyValue *v = bpf_sk_storage_get(&my_map, sk, ...);
>                 ...
>                 bpf_sk_storage_trace(&my_map, sk, v);
>                 return 0;
>         }
>
>
> I.e. we need some way of triggering a tracing hook from a BPF program.

I mean that above can be done as bpf prog.
bpf_sk_storage_trace() can be an empty global function inside a bpf program.
The attach to it is either fentry or even freplace.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ