lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 18 Aug 2023 18:01:10 +0900
From: "Daniel T. Lee" <danieltimlee@...il.com>
To: Alexei Starovoitov <ast@...nel.org>,
	Daniel Borkmann <daniel@...earbox.net>,
	Andrii Nakryiko <andrii@...nel.org>
Cc: Martin KaFai Lau <martin.lau@...ux.dev>,
	Song Liu <song@...nel.org>,
	Yonghong Song <yonghong.song@...ux.dev>,
	John Fastabend <john.fastabend@...il.com>,
	KP Singh <kpsingh@...nel.org>,
	Stanislav Fomichev <sdf@...gle.com>,
	Hao Luo <haoluo@...gle.com>,
	Jiri Olsa <jolsa@...nel.org>,
	Jens Axboe <axboe@...nel.dk>,
	Johannes Thumshirn <johannes.thumshirn@....com>,
	netdev@...r.kernel.org,
	bpf@...r.kernel.org
Subject: [bpf-next 0/9] samples/bpf: make BPF programs more libbpf aware

The existing tracing programs have been developed for a considerable
period of time and, as a result, do not properly incorporate the
features of the current libbpf, such as CO-RE. This is evident in
frequent usage of functions like PT_REGS* and the persistence of "hack"
methods using underscore-style bpf_probe_read_kernel from the past. 
These programs are far behind the current level of libbpf and can
potentially confuse users.

The kernel has undergone significant changes, and some of these changes
have broken these programs, but on the other hand, more robust APIs have
been developed for increased stableness.

To list some of the kernel changes that this patch set is focusing on,
- symbol mismatch occurs due to compiler optimization [1]
- inline of blk_account_io* breaks BPF kprobe program [2]
- new tracepoints for the block_io_start/done are introduced [3]
- map lookup probes can't be triggered (bpf_disable_instrumentation)[4]
- BPF_KSYSCALL has been introduced to simplify argument fetching [5]
- convert to vmlinux.h and use tp argument structure within it
- make tracing programs to be more CO-RE centric

In this regard, this patch set aims not only to integrate the latest
features of libbpf into BPF programs but also to reduce confusion and
clarify the BPF programs. This will help with the potential confusion
among users and make the programs more intutitive.

[1]: https://github.com/iovisor/bcc/issues/1754
[2]: https://github.com/iovisor/bcc/issues/4261
[3]: commit 5a80bd075f3b ("block: introduce block_io_start/block_io_done tracepoints")
[4]: commit 7c4cd051add3 ("bpf: Fix syscall's stackmap lookup potential deadlock")
[5]: commit 6f5d467d55f0 ("libbpf: improve BPF_KPROBE_SYSCALL macro and rename it to BPF_KSYSCALL")

Daniel T. Lee (9):
  samples/bpf: fix warning with ignored-attributes
  samples/bpf: convert to vmlinux.h with tracing programs
  samples/bpf: unify bpf program suffix to .bpf with tracing programs
  samples/bpf: fix symbol mismatch by compiler optimization
  samples/bpf: make tracing programs to be more CO-RE centric
  samples/bpf: fix bio latency check with tracepoint
  samples/bpf: fix broken map lookup probe
  samples/bpf: refactor syscall tracing programs using BPF_KSYSCALL
    macro
  samples/bpf: simplify spintest with kprobe.multi

 samples/bpf/Makefile                          | 20 +++++-----
 samples/bpf/net_shared.h                      |  2 +
 .../{offwaketime_kern.c => offwaketime.bpf.c} | 39 +++++-------------
 samples/bpf/offwaketime_user.c                |  2 +-
 .../bpf/{spintest_kern.c => spintest.bpf.c}   | 27 +++++--------
 samples/bpf/spintest_user.c                   | 24 ++++-------
 samples/bpf/test_map_in_map.bpf.c             | 10 ++---
 samples/bpf/test_overhead_kprobe.bpf.c        | 20 ++++------
 samples/bpf/test_overhead_tp.bpf.c            | 29 +-------------
 samples/bpf/{tracex1_kern.c => tracex1.bpf.c} | 25 +++++-------
 samples/bpf/tracex1_user.c                    |  2 +-
 samples/bpf/{tracex3_kern.c => tracex3.bpf.c} | 40 ++++++++++++-------
 samples/bpf/tracex3_user.c                    |  2 +-
 samples/bpf/{tracex4_kern.c => tracex4.bpf.c} |  3 +-
 samples/bpf/tracex4_user.c                    |  2 +-
 samples/bpf/{tracex5_kern.c => tracex5.bpf.c} | 12 +++---
 samples/bpf/tracex5_user.c                    |  2 +-
 samples/bpf/{tracex6_kern.c => tracex6.bpf.c} | 20 ++++++++--
 samples/bpf/tracex6_user.c                    |  2 +-
 samples/bpf/{tracex7_kern.c => tracex7.bpf.c} |  3 +-
 samples/bpf/tracex7_user.c                    |  2 +-
 21 files changed, 117 insertions(+), 171 deletions(-)
 rename samples/bpf/{offwaketime_kern.c => offwaketime.bpf.c} (76%)
 rename samples/bpf/{spintest_kern.c => spintest.bpf.c} (67%)
 rename samples/bpf/{tracex1_kern.c => tracex1.bpf.c} (60%)
 rename samples/bpf/{tracex3_kern.c => tracex3.bpf.c} (70%)
 rename samples/bpf/{tracex4_kern.c => tracex4.bpf.c} (95%)
 rename samples/bpf/{tracex5_kern.c => tracex5.bpf.c} (90%)
 rename samples/bpf/{tracex6_kern.c => tracex6.bpf.c} (71%)
 rename samples/bpf/{tracex7_kern.c => tracex7.bpf.c} (82%)

-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ