lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 25 May 2022 09:14:20 -0700
From:   Maciej Żenczykowski <zenczykowski@...il.com>
To:     Alexei Starovoitov <alexei.starovoitov@...il.com>
Cc:     Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        Linux Network Development Mailing List 
        <netdev@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        BPF Mailing List <bpf@...r.kernel.org>,
        "David S . Miller" <davem@...emloft.net>
Subject: Re: [PATCH bpf-next] bpf: print a little more info about maps via cat /sys/fs/bpf/pinned_name

On Mon, May 23, 2022 at 1:21 PM Alexei Starovoitov
<alexei.starovoitov@...il.com> wrote:
>
> On Mon, May 23, 2022 at 1:14 PM Maciej Żenczykowski
> <zenczykowski@...il.com> wrote:
> >
> > On Mon, May 23, 2022 at 12:32 PM Alexei Starovoitov
> > <alexei.starovoitov@...il.com> wrote:
> > >
> > > On Sat, May 21, 2022 at 12:57 AM Maciej Żenczykowski
> > > <zenczykowski@...il.com> wrote:
> > > >
> > > > From: Maciej Żenczykowski <maze@...gle.com>
> > > >
> > > > While this information can be fetched via bpftool,
> > > > the cli tool itself isn't always available on more limited systems.
> > > >
> > > > From the information printed particularly the 'id' is useful since
> > > > when combined with /proc/pid/fd/X and /proc/pid/fdinfo/X it allows
> > > > tracking down which bpf maps a process has open (which can be
> > > > useful for tracking down fd leaks).
> > > >
> > > > Signed-off-by: Maciej Żenczykowski <maze@...gle.com>
> > > > ---
> > > >  kernel/bpf/inode.c | 3 +++
> > > >  1 file changed, 3 insertions(+)
> > > >
> > > > diff --git a/kernel/bpf/inode.c b/kernel/bpf/inode.c
> > > > index 4f841e16779e..784266e258fe 100644
> > > > --- a/kernel/bpf/inode.c
> > > > +++ b/kernel/bpf/inode.c
> > > > @@ -257,6 +257,9 @@ static int map_seq_show(struct seq_file *m, void *v)
> > > >         if (unlikely(v == SEQ_START_TOKEN)) {
> > > >                 seq_puts(m, "# WARNING!! The output is for debug purpose only\n");
> > > >                 seq_puts(m, "# WARNING!! The output format will change\n");
> > > > +               seq_printf(m, "# type: %d, key_size: %d, value_size: %d, max_entries: %d, id: %d\n",
> > > > +                          map->map_type, map->key_size, map->value_size, map->max_entries,
> > > > +                          map->id);
> > >
> > > Maybe use cat /sys/fs/bpf/maps.debug instead?
> > > It prints map id.
> >
> > Is this something that was very recently added?
> > I'm not seeing it on my 5.16 machine with bpffs mounted at /sys/fs/bpf.
>
> It was there since 2020.
> Make sure you have CONFIG_BPF_PRELOAD.

Hmm.  This seems very annoying to use in practice.

* it seems to default to disabled, and as such is disabled on:
- my Debian laptop and desktop (well google's corp Linux distro, but
it should be close enough to Debian here)
- my latest Fedora 36 Desktop and VMs
- our production (server) kernels
- all current Android Common Kernel / Generic Kernel Image / Pixel kernel trees
- Android UML test image kernel build scripts
* enabling it on our server kernels results in a compilation failure
(probably some missing backports, they're backported up the wazoo)
* enabling it on ACK 5.10 tree results in a very different build failure
* enabling it on ACK 5.15 successfully builds, but doesn't seem to work:

# uname -r
5.15.41-04342-g39bba8f6b9fe

# zcat /proc/config.gz  | egrep BPF_PRELOAD
CONFIG_BPF_PRELOAD=y
CONFIG_BPF_PRELOAD_UMD=y

# cat /proc/mounts | egrep sys
none /sys sysfs rw,relatime 0 0
none /sys/fs/bpf bpf rw,relatime 0 0

# cd /sys/fs/bpf
root@...-x86-64:/sys/fs/bpf# ls -al
total 0
drwxrwxrwt 2 root root 0 May 25 15:13 .
drwxr-xr-x 6 root root 0 May 25 15:13 ..

Perhaps a limitation of UML, or something funky in the build process,
or the files don't show up until maps/progs are pinned?
Hard to say - this is after running our bpf (python) test suite
(though it might not use pinned maps/programs)...

* finally.. I think it increases kernel size by a lot since I see:
120K ./kernel/bpf/preload/bpf_preload_kern.o
and in a different tree:
232K ./kernel/bpf/preload/bpf_preload.ko

I did get it to work by building a net next tree with the option
manually enabled and installing it on some dev servers.
Those by default have some pinned progs/maps, and I do see the debug files.

When it works it's really nice... but I don't think I'm willing to pay
the complexity/memory costs.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ