On Fri, Aug 15, 2014 at 12:18 PM, Andy Lutomirski wrote:
> On Fri, Aug 15, 2014 at 12:16 PM, Alexei Starovoitov
> wrote:
>> This bpf_context struct for tracing is trying to answer the question:
>> 'what's the most convenient way to access tracepoint arguments
>> from a script'.
>> When kernel
On Fri, Aug 15, 2014 at 12:18 PM, Andy Lutomirski l...@amacapital.net wrote:
On Fri, Aug 15, 2014 at 12:16 PM, Alexei Starovoitov a...@plumgrid.com
wrote:
This bpf_context struct for tracing is trying to answer the question:
'what's the most convenient way to access tracepoint arguments
On Fri, Aug 15, 2014 at 12:18 PM, Andy Lutomirski wrote:
>>
>> clang/llvm has no problem with u64 :)
>> This bpf_context struct for tracing is trying to answer the question:
>> 'what's the most convenient way to access tracepoint arguments
>> from a script'.
>> When kernel code has something
On Fri, Aug 15, 2014 at 12:29 PM, Alexei Starovoitov wrote:
> On Fri, Aug 15, 2014 at 12:20 PM, Andy Lutomirski wrote:
I don't think that fixing this should be a prerequisite for merging,
since the risk is so small. Nonetheless, it would be nice. (This
family of attacks has
On Fri, Aug 15, 2014 at 12:20 PM, Andy Lutomirski wrote:
>>>
>>> I don't think that fixing this should be a prerequisite for merging,
>>> since the risk is so small. Nonetheless, it would be nice. (This
>>> family of attacks has lead to several root vulnerabilities in the
>>> past.)
>>
>> Ok. I
On Fri, Aug 15, 2014 at 12:16 PM, Alexei Starovoitov wrote:
> On Fri, Aug 15, 2014 at 12:02 PM, Andy Lutomirski wrote:
>>>
>>> correct. eBPF program would be using 8-byte read on 64-bit kernel
>>> and 4-byte read on 32-bit kernel. Same with access to ptrace fields
>>> and pretty much all other
On Fri, Aug 15, 2014 at 12:07 PM, Alexei Starovoitov wrote:
> On Fri, Aug 15, 2014 at 11:53 AM, Andy Lutomirski wrote:
>> On Fri, Aug 15, 2014 at 10:51 AM, Alexei Starovoitov
>> wrote:
>>> On Fri, Aug 15, 2014 at 10:25 AM, Andy Lutomirski
>>> wrote:
On Wed, Aug 13, 2014 at 12:57 AM,
On Fri, Aug 15, 2014 at 12:02 PM, Andy Lutomirski wrote:
>>
>> correct. eBPF program would be using 8-byte read on 64-bit kernel
>> and 4-byte read on 32-bit kernel. Same with access to ptrace fields
>> and pretty much all other fields in the kernel. The program will be
>> different on different
On Fri, Aug 15, 2014 at 11:53 AM, Andy Lutomirski wrote:
> On Fri, Aug 15, 2014 at 10:51 AM, Alexei Starovoitov
> wrote:
>> On Fri, Aug 15, 2014 at 10:25 AM, Andy Lutomirski
>> wrote:
>>> On Wed, Aug 13, 2014 at 12:57 AM, Alexei Starovoitov
>>> wrote:
User interface:
fd =
On Fri, Aug 15, 2014 at 11:56 AM, Alexei Starovoitov wrote:
> On Fri, Aug 15, 2014 at 11:50 AM, Andy Lutomirski wrote:
>> On Aug 15, 2014 10:36 AM, "Alexei Starovoitov" wrote:
>>>
>>> On Fri, Aug 15, 2014 at 10:20 AM, Andy Lutomirski
>>> wrote:
>>> > The downside of this approach is that
On Fri, Aug 15, 2014 at 11:50 AM, Andy Lutomirski wrote:
> On Aug 15, 2014 10:36 AM, "Alexei Starovoitov" wrote:
>>
>> On Fri, Aug 15, 2014 at 10:20 AM, Andy Lutomirski
>> wrote:
>> > The downside of this approach is that compat support might be
>> > difficult or impossible.
>>
>> Would do you
On Fri, Aug 15, 2014 at 10:51 AM, Alexei Starovoitov wrote:
> On Fri, Aug 15, 2014 at 10:25 AM, Andy Lutomirski wrote:
>> On Wed, Aug 13, 2014 at 12:57 AM, Alexei Starovoitov
>> wrote:
>>> User interface:
>>> fd = open("/sys/kernel/debug/tracing/__event__/filter")
>>>
>>> write(fd, "bpf_123")
On Aug 15, 2014 10:36 AM, "Alexei Starovoitov" wrote:
>
> On Fri, Aug 15, 2014 at 10:20 AM, Andy Lutomirski wrote:
> > The downside of this approach is that compat support might be
> > difficult or impossible.
>
> Would do you mean by compat? 32-bit programs on 64-bit kernels?
> There is no such
On Fri, Aug 15, 2014 at 10:25 AM, Andy Lutomirski wrote:
> On Wed, Aug 13, 2014 at 12:57 AM, Alexei Starovoitov
> wrote:
>> User interface:
>> fd = open("/sys/kernel/debug/tracing/__event__/filter")
>>
>> write(fd, "bpf_123")
>
> I didn't follow all the code flow leading to parsing the
On Fri, Aug 15, 2014 at 10:20 AM, Andy Lutomirski wrote:
> The downside of this approach is that compat support might be
> difficult or impossible.
Would do you mean by compat? 32-bit programs on 64-bit kernels?
There is no such concept for eBPF. All eBPF programs are always
operating on 64-bit
On Wed, Aug 13, 2014 at 12:57 AM, Alexei Starovoitov wrote:
> User interface:
> fd = open("/sys/kernel/debug/tracing/__event__/filter")
>
> write(fd, "bpf_123")
I didn't follow all the code flow leading to parsing the "bpf_123"
string, but if it works the way I imagine it does, it's a security
On Thu, Aug 14, 2014 at 11:08 PM, Alexei Starovoitov wrote:
> On Thu, Aug 14, 2014 at 2:20 PM, Brendan Gregg
> wrote:
>> On Wed, Aug 13, 2014 at 12:57 AM, Alexei Starovoitov
>> wrote:
>> [...]
>>> +/* For tracing filters save first six arguments of tracepoint events.
>>> + * On 64-bit
On Thu, Aug 14, 2014 at 2:20 PM, Brendan Gregg
wrote:
> On Wed, Aug 13, 2014 at 12:57 AM, Alexei Starovoitov
> wrote:
> [...]
>> +/* For tracing filters save first six arguments of tracepoint events.
>> + * On 64-bit architectures argN fields will match one to one to arguments
>> passed
>> + *
On Thu, Aug 14, 2014 at 2:20 PM, Brendan Gregg
brendan.d.gr...@gmail.com wrote:
On Wed, Aug 13, 2014 at 12:57 AM, Alexei Starovoitov a...@plumgrid.com
wrote:
[...]
+/* For tracing filters save first six arguments of tracepoint events.
+ * On 64-bit architectures argN fields will match one to
On Thu, Aug 14, 2014 at 11:08 PM, Alexei Starovoitov a...@plumgrid.com wrote:
On Thu, Aug 14, 2014 at 2:20 PM, Brendan Gregg
brendan.d.gr...@gmail.com wrote:
On Wed, Aug 13, 2014 at 12:57 AM, Alexei Starovoitov a...@plumgrid.com
wrote:
[...]
+/* For tracing filters save first six arguments
On Wed, Aug 13, 2014 at 12:57 AM, Alexei Starovoitov a...@plumgrid.com wrote:
User interface:
fd = open(/sys/kernel/debug/tracing/__event__/filter)
write(fd, bpf_123)
I didn't follow all the code flow leading to parsing the bpf_123
string, but if it works the way I imagine it does, it's a
On Fri, Aug 15, 2014 at 10:20 AM, Andy Lutomirski l...@amacapital.net wrote:
The downside of this approach is that compat support might be
difficult or impossible.
Would do you mean by compat? 32-bit programs on 64-bit kernels?
There is no such concept for eBPF. All eBPF programs are always
On Fri, Aug 15, 2014 at 10:25 AM, Andy Lutomirski l...@amacapital.net wrote:
On Wed, Aug 13, 2014 at 12:57 AM, Alexei Starovoitov a...@plumgrid.com
wrote:
User interface:
fd = open(/sys/kernel/debug/tracing/__event__/filter)
write(fd, bpf_123)
I didn't follow all the code flow leading to
On Aug 15, 2014 10:36 AM, Alexei Starovoitov a...@plumgrid.com wrote:
On Fri, Aug 15, 2014 at 10:20 AM, Andy Lutomirski l...@amacapital.net wrote:
The downside of this approach is that compat support might be
difficult or impossible.
Would do you mean by compat? 32-bit programs on 64-bit
On Fri, Aug 15, 2014 at 10:51 AM, Alexei Starovoitov a...@plumgrid.com wrote:
On Fri, Aug 15, 2014 at 10:25 AM, Andy Lutomirski l...@amacapital.net wrote:
On Wed, Aug 13, 2014 at 12:57 AM, Alexei Starovoitov a...@plumgrid.com
wrote:
User interface:
fd =
On Fri, Aug 15, 2014 at 11:50 AM, Andy Lutomirski l...@amacapital.net wrote:
On Aug 15, 2014 10:36 AM, Alexei Starovoitov a...@plumgrid.com wrote:
On Fri, Aug 15, 2014 at 10:20 AM, Andy Lutomirski l...@amacapital.net
wrote:
The downside of this approach is that compat support might be
On Fri, Aug 15, 2014 at 11:56 AM, Alexei Starovoitov a...@plumgrid.com wrote:
On Fri, Aug 15, 2014 at 11:50 AM, Andy Lutomirski l...@amacapital.net wrote:
On Aug 15, 2014 10:36 AM, Alexei Starovoitov a...@plumgrid.com wrote:
On Fri, Aug 15, 2014 at 10:20 AM, Andy Lutomirski l...@amacapital.net
On Fri, Aug 15, 2014 at 11:53 AM, Andy Lutomirski l...@amacapital.net wrote:
On Fri, Aug 15, 2014 at 10:51 AM, Alexei Starovoitov a...@plumgrid.com
wrote:
On Fri, Aug 15, 2014 at 10:25 AM, Andy Lutomirski l...@amacapital.net
wrote:
On Wed, Aug 13, 2014 at 12:57 AM, Alexei Starovoitov
On Fri, Aug 15, 2014 at 12:07 PM, Alexei Starovoitov a...@plumgrid.com wrote:
On Fri, Aug 15, 2014 at 11:53 AM, Andy Lutomirski l...@amacapital.net wrote:
On Fri, Aug 15, 2014 at 10:51 AM, Alexei Starovoitov a...@plumgrid.com
wrote:
On Fri, Aug 15, 2014 at 10:25 AM, Andy Lutomirski
On Fri, Aug 15, 2014 at 12:16 PM, Alexei Starovoitov a...@plumgrid.com wrote:
On Fri, Aug 15, 2014 at 12:02 PM, Andy Lutomirski l...@amacapital.net wrote:
correct. eBPF program would be using 8-byte read on 64-bit kernel
and 4-byte read on 32-bit kernel. Same with access to ptrace fields
and
On Fri, Aug 15, 2014 at 12:02 PM, Andy Lutomirski l...@amacapital.net wrote:
correct. eBPF program would be using 8-byte read on 64-bit kernel
and 4-byte read on 32-bit kernel. Same with access to ptrace fields
and pretty much all other fields in the kernel. The program will be
different on
On Fri, Aug 15, 2014 at 12:20 PM, Andy Lutomirski l...@amacapital.net wrote:
I don't think that fixing this should be a prerequisite for merging,
since the risk is so small. Nonetheless, it would be nice. (This
family of attacks has lead to several root vulnerabilities in the
past.)
Ok. I
On Fri, Aug 15, 2014 at 12:29 PM, Alexei Starovoitov a...@plumgrid.com wrote:
On Fri, Aug 15, 2014 at 12:20 PM, Andy Lutomirski l...@amacapital.net wrote:
I don't think that fixing this should be a prerequisite for merging,
since the risk is so small. Nonetheless, it would be nice. (This
On Fri, Aug 15, 2014 at 12:18 PM, Andy Lutomirski l...@amacapital.net wrote:
clang/llvm has no problem with u64 :)
This bpf_context struct for tracing is trying to answer the question:
'what's the most convenient way to access tracepoint arguments
from a script'.
When kernel code has
On Wed, Aug 13, 2014 at 12:57 AM, Alexei Starovoitov wrote:
[...]
> +/* For tracing filters save first six arguments of tracepoint events.
> + * On 64-bit architectures argN fields will match one to one to arguments
> passed
> + * to tracepoint events.
> + * On 32-bit architectures u64 arguments
On Wed, Aug 13, 2014 at 12:57 AM, Alexei Starovoitov a...@plumgrid.com wrote:
[...]
+/* For tracing filters save first six arguments of tracepoint events.
+ * On 64-bit architectures argN fields will match one to one to arguments
passed
+ * to tracepoint events.
+ * On 32-bit architectures
36 matches
Mail list logo
