Re: [RFC -next v0 1/3] bpf: modular maps

2018-11-28 Thread Alexei Starovoitov
On Wed, Nov 28, 2018 at 01:51:42PM -0500, Aaron Conole wrote: > Alexei Starovoitov writes: > > > On Tue, Nov 27, 2018 at 09:24:05AM -0500, Aaron Conole wrote: > >> > >> 1. Introduce flowmap again, this time, basically having it close to a > >>

Re: [RFC PATCH 1/5] x86: introduce preemption disable prefix

2018-10-19 Thread Alexei Starovoitov
On Fri, Oct 19, 2018 at 1:22 AM Peter Zijlstra wrote: > > On Thu, Oct 18, 2018 at 10:00:53PM -0700, Alexei Starovoitov wrote: > > > > > > > > > > > Another example is __BPF_PROG_RUN_ARRAY(), which also uses > > > > preempt_enable_no_resched().

Re: [RFC PATCH 1/5] x86: introduce preemption disable prefix

2018-10-18 Thread Alexei Starovoitov
> > > > > Another example is __BPF_PROG_RUN_ARRAY(), which also uses > > preempt_enable_no_resched(). > > Alexei, I think this code is just wrong. why 'just wrong' ? > Do you know why it uses > preempt_enable_no_resched()? dont recall precisely. we could be preemptable at the point where

Re: [PATCH v3 bpf-next 10/10] selftests/bpf: cgroup local storage-based network counters

2018-09-28 Thread Alexei Starovoitov
On Fri, Sep 28, 2018 at 11:37:26AM +0100, Roman Gushchin wrote: > > > > > + > > > > > + /* Let's check that bytes counter value is reasonable */ > > > > > + if (netcnt.bytes < packets * 500 || netcnt.bytes > packets * > > > > > 1500) { > > > > > > > > since packet count is accurate why

Re: [PATCH] tracing: Add SPDX License format to bpf_trace.c

2018-08-16 Thread Alexei Starovoitov
mpliance management. > > Cc: Alexei Starovoitov ohh. did you get a reply from that address? ;) > Cc: Daniel Borkmann > Signed-off-by: Steven Rostedt (VMware) Acked-by: Alexei Starovoitov

Re: [PATCH bpf-next 0/4] Convert filter.txt to RST

2018-08-10 Thread Alexei Starovoitov
On Fri, Aug 10, 2018 at 5:57 AM Jonathan Corbet wrote: > > The objective actually is to have SPDX tags in all files in the kernel. > That includes documentation, even though people, as always, care less > about the docs than they do the code. right, but let's do that as a separate patch set. In

Re: bpf-next boot error: KASAN: use-after-free Write in call_usermodehelper_exec_work

2018-06-07 Thread Alexei Starovoitov
On Thu, Jun 07, 2018 at 02:19:16PM +0200, Dmitry Vyukov wrote: > On Mon, Jun 4, 2018 at 10:21 PM, syzbot > wrote: > > Hello, > > > > syzbot found the following crash on: > > > > HEAD commit:69b450789136 Merge branch 'misc-BPF-improvements' > > git tree: bpf-next > > console output:

Re: [PATCH v4 2/3] media: rc: introduce BPF_PROG_LIRC_MODE2

2018-05-25 Thread Alexei Starovoitov
On Fri, May 18, 2018 at 03:07:29PM +0100, Sean Young wrote: > Add support for BPF_PROG_LIRC_MODE2. This type of BPF program can call > rc_keydown() to reported decoded IR scancodes, or rc_repeat() to report > that the last key should be repeated. > > The bpf program can be attached to using the

Re: [PATCH bpf-next v2 0/3] bpf: add boot parameters for sysctl knobs

2018-05-25 Thread Alexei Starovoitov
On Fri, May 25, 2018 at 06:50:09PM +0200, Eugene Syromiatnikov wrote: > On Thu, May 24, 2018 at 04:34:51PM -0700, Alexei Starovoitov wrote: > > On Thu, May 24, 2018 at 09:41:08AM +0200, Jesper Dangaard Brouer wrote: > > > On Wed, 23 May 2018 15:02:45 -0700 > > > Alexei S

Re: [PATCH net-next] bpfilter: fix a build err

2018-05-25 Thread Alexei Starovoitov
On Fri, May 25, 2018 at 06:17:57PM +0800, YueHaibing wrote: > gcc-7.3.0 report following err: > > HOSTCC net/bpfilter/main.o > In file included from net/bpfilter/main.c:9:0: > ./include/uapi/linux/bpf.h:12:10: fatal error: linux/bpf_common.h: No such > file or directory > #include > >

Re: [PATCH bpf-next v2 0/3] bpf: add boot parameters for sysctl knobs

2018-05-24 Thread Alexei Starovoitov
On Thu, May 24, 2018 at 09:41:08AM +0200, Jesper Dangaard Brouer wrote: > On Wed, 23 May 2018 15:02:45 -0700 > Alexei Starovoitov <alexei.starovoi...@gmail.com> wrote: > > > On Wed, May 23, 2018 at 02:18:19PM +0200, Eugene Syromiatnikov wrote: > > > Some BPF sysctl k

Re: [PATCH v3 net-next 0/2] bpfilter

2018-05-23 Thread Alexei Starovoitov
On 5/23/18 6:50 PM, Jakub Kicinski wrote: On Wed, 23 May 2018 18:33:52 -0700, Jakub Kicinski wrote: Minor glitch with Ubuntu 18.04: $ gcc --version gcc (Ubuntu 7.3.0-16ubuntu3) 7.3.0 In file included from /usr/include/fcntl.h:290:0, from ../net/bpfilter/main.c:7: In function

Re: [PATCH bpf-next v2 0/3] bpf: add boot parameters for sysctl knobs

2018-05-23 Thread Alexei Starovoitov
On Wed, May 23, 2018 at 02:18:19PM +0200, Eugene Syromiatnikov wrote: > Some BPF sysctl knobs affect the loading of BPF programs, and during > system boot/init stages these sysctls are not yet configured. > A concrete example is systemd, that has implemented loading of BPF > programs. > > Thus,

Re: [PATCH] [RFC] bpf: tracing: new helper bpf_get_current_cgroup_ino

2018-05-22 Thread Alexei Starovoitov
On Tue, May 22, 2018 at 08:33:24PM -0700, Y Song wrote: > + struct cgroup *cgrp = task_dfl_cgroup(current); > + if (!cgrp) > + return -EINVAL; why this check is needed?

[PATCH v3 net-next 2/2] net: add skeleton of bpfilter kernel module

2018-05-21 Thread Alexei Starovoitov
that umh is healthy. If not it will kill it via pid. Later bpfilter_process_sockopt() will be called from bpfilter hooks in get/setsockopt() to pass iptable commands into umh via bpfilter.ko If admin does 'rmmod bpfilter' the __exit code bpfilter.ko will kill umh as well. Signed-off-by: Alexei

[PATCH v3 net-next 0/2] bpfilter

2018-05-21 Thread Alexei Starovoitov
roduce fork_usermode_blob() helper Alexei Starovoitov (2): umh: introduce fork_usermode_blob() helper net: add skeleton of bpfilter kernel module fs/exec.c | 38 ++--- include/linux/binfmts.h | 1 + include/linux/bpfilter.h | 15 + include/linux/umh.h

[PATCH v3 net-next 1/2] umh: introduce fork_usermode_blob() helper

2018-05-21 Thread Alexei Starovoitov
the corresponding umh. Just like if the kernel module does kmalloc() it should kfree() it in the exit code. Signed-off-by: Alexei Starovoitov <a...@kernel.org> --- fs/exec.c | 38 +++ include/linux/binfmts.h | 1 + include/linux/umh.h | 12 + kernel

[PATCH] bpf: prevent memory disambiguation attack

2018-05-21 Thread Alexei Starovoitov
$0xff28,%rdx ef: mov0x0(%r13),%r14 f3: movq $0x0,-0x48(%rbp) fb: mov%rdx,0x0(%r14) ff: mov0x0(%rbx),%rdi 103: movzbq 0x0(%rdi),%rsi Signed-off-by: Alexei Starovoitov <a...@kernel.org> --- include/linux/bpf_verifier.h | 1 + kernel/bpf/verifier.c

Re: [PATCH 0/3] bpf: add boot parameters for sysctl knobs

2018-05-21 Thread Alexei Starovoitov
On Mon, May 21, 2018 at 02:29:30PM +0200, Eugene Syromiatnikov wrote: > Hello. > > This patch set adds ability to set default values for > kernel.unprivileged_bpf_disable, net.core.bpf_jit_harden, > net.core.bpf_jit_kallsyms sysctl knobs as well as option to override > them via a boot-time kernel

Re: [PATCH] [RFC] bpf: tracing: new helper bpf_get_current_cgroup_ino

2018-05-21 Thread Alexei Starovoitov
On Sun, May 13, 2018 at 07:33:18PM +0200, Alban Crequy wrote: > > +BPF_CALL_2(bpf_get_current_cgroup_ino, u32, hierarchy, u64, flags) > +{ > + // TODO: pick the correct hierarchy instead of the mem controller > + struct cgroup *cgrp = task_cgroup(current, memory_cgrp_id); > + > + if

[tip:x86/urgent] x86/cpufeature: Guard asm_volatile_goto usage for BPF compilation

2018-05-13 Thread tip-bot for Alexei Starovoitov
Commit-ID: b1ae32dbab50ed19cfc16d225b0fb0114fb13025 Gitweb: https://git.kernel.org/tip/b1ae32dbab50ed19cfc16d225b0fb0114fb13025 Author: Alexei Starovoitov <a...@kernel.org> AuthorDate: Sun, 13 May 2018 12:32:22 -0700 Committer: Thomas Gleixner <t...@linutronix.de> CommitDate:

Re: [PATCH bpf v3] x86/cpufeature: bpf hack for clang not supporting asm goto

2018-05-13 Thread Alexei Starovoitov
On Sat, May 12, 2018 at 10:30:02PM +0200, Thomas Gleixner wrote: > On Sat, 12 May 2018, Alexei Starovoitov wrote: > > On Thu, May 10, 2018 at 10:58 AM, Alexei Starovoitov > > <alexei.starovoi...@gmail.com> wrote: > > > I see no option, but to fix the kernel. > &

Re: [PATCH bpf v3] x86/cpufeature: bpf hack for clang not supporting asm goto

2018-05-12 Thread Alexei Starovoitov
On Thu, May 10, 2018 at 10:58 AM, Alexei Starovoitov <alexei.starovoi...@gmail.com> wrote: > I see no option, but to fix the kernel. > Regardless whether it's called user space breakage or kernel breakage. Peter, could you please ack the patch or better yet take it into tip t

Re: [PATCH] coredump: rename umh_pipe_setup() to coredump_pipe_setup()

2018-05-10 Thread Alexei Starovoitov
On Mon, May 07, 2018 at 04:30:02PM -0700, Luis R. Rodriguez wrote: > This makes it clearer this code is part of the coredump code, and > is not an exported generic helper from kernel/umh.c. > > Signed-off-by: Luis R. Rodriguez > --- > fs/coredump.c | 9 + > 1 file

Re: [PATCH v2 net-next 1/4] umh: introduce fork_usermode_blob() helper

2018-05-10 Thread Alexei Starovoitov
. > > Me too, please. And likely linux-security-module@ and Jessica too. > > > On Wed, May 02, 2018 at 09:36:01PM -0700, Alexei Starovoitov wrote: > >> Introduce helper: > >> int fork_usermode_blob(void *data, size_t len, struct umh_info *info); >

Re: [PATCH bpf v3] x86/cpufeature: bpf hack for clang not supporting asm goto

2018-05-10 Thread Alexei Starovoitov
On Thu, May 10, 2018 at 06:20:28PM +0200, Borislav Petkov wrote: > On Thu, May 10, 2018 at 08:52:42AM -0700, Alexei Starovoitov wrote: > > That makes me wonder what happened with "we do not break user space" rule? > > As someone already pointed out on IRC, arch/x86

Re: [PATCH bpf v3] x86/cpufeature: bpf hack for clang not supporting asm goto

2018-05-10 Thread Alexei Starovoitov
On Thu, May 10, 2018 at 12:06:34PM +0200, Peter Zijlstra wrote: > On Thu, May 03, 2018 at 08:31:19PM -0700, Yonghong Song wrote: > > > This approach is preferred since the already deployed bcc scripts, or > > any other bpf applicaitons utilizing LLVM JIT compilation functionality, > > will

Re: [PATCH v2 net-next 2/4] net: add skeleton of bpfilter kernel module

2018-05-08 Thread Alexei Starovoitov
On Mon, May 07, 2018 at 06:51:24PM +, Luis R. Rodriguez wrote: > > Notice that _binary_net_bpfilter_bpfilter_umh_start - end > > is placed into .init.rodata section, so it's freed as soon as __init > > function of bpfilter.ko is finished. > > As part of __init the bpfilter.ko does first

Re: [PATCH v2 net-next 1/4] umh: introduce fork_usermode_blob() helper

2018-05-08 Thread Alexei Starovoitov
On Mon, May 07, 2018 at 06:39:31PM +, Luis R. Rodriguez wrote: > > > Are you saying make 'static struct vfsmount *shm_mnt;' > > global and use it here? so no init_tmpfs() necessary? > > I think that can work, but feels that having two > > tmpfs mounts (one for shmem and one for umh) is

Re: [PATCH v2 net-next 1/4] umh: introduce fork_usermode_blob() helper

2018-05-05 Thread Alexei Starovoitov
On Sat, May 05, 2018 at 12:48:24AM -0400, Jann Horn wrote: > On Thu, May 3, 2018 at 12:36 AM, Alexei Starovoitov <a...@kernel.org> wrote: > > Introduce helper: > > int fork_usermode_blob(void *data, size_t len, struct umh_info *info); > > struct umh_info { > >

Re: [PATCH v2 net-next 1/4] umh: introduce fork_usermode_blob() helper

2018-05-04 Thread Alexei Starovoitov
On Fri, May 04, 2018 at 07:56:43PM +, Luis R. Rodriguez wrote: > What a mighty short list of reviewers. Adding some more. My review below. > I'd appreciate a Cc on future versions of these patches. sure. > On Wed, May 02, 2018 at 09:36:01PM -0700, Alexei Starovoitov wrote: >

Re: [PATCH v2 net-next 2/4] net: add skeleton of bpfilter kernel module

2018-05-04 Thread Alexei Starovoitov
On Thu, May 03, 2018 at 03:23:55PM +0100, Edward Cree wrote: > On 03/05/18 05:36, Alexei Starovoitov wrote: > > bpfilter.ko consists of bpfilter_kern.c (normal kernel module code) > > and user mode helper code that is embedded into bpfilter.ko > > > > The

[PATCH RFC v2 net-next 3/4] bpfilter: add iptable get/set parsing

2018-05-02 Thread Alexei Starovoitov
From: "David S. Miller" <da...@davemloft.net> parse iptable binary blobs into bpfilter internal data structures bpfilter.ko only passing the [gs]etsockopt commands from kernel to umh All parsing is done inside umh Signed-off-by: David S. Miller <da...@davemloft.net>

[PATCH v2 net-next 1/4] umh: introduce fork_usermode_blob() helper

2018-05-02 Thread Alexei Starovoitov
the kernel module will cleanup the corresponding umh. Just like if the kernel module does kmalloc() it should kfree() it in the exit code. Signed-off-by: Alexei Starovoitov <a...@kernel.org> --- fs/exec.c | 38 --- include/linux/binfmts.h | 1 + include/linux

[PATCH RFC v2 net-next 4/4] bpfilter: rough bpfilter codegen example hack

2018-05-02 Thread Alexei Starovoitov
From: Daniel Borkmann Signed-off-by: Daniel Borkmann --- net/bpfilter/Makefile | 2 +- net/bpfilter/bpfilter_mod.h | 285 ++- net/bpfilter/ctor.c | 57 + net/bpfilter/gen.c |

[PATCH v2 net-next 0/4] bpfilter

2018-05-02 Thread Alexei Starovoitov
d 4 are still rough. They were mainly used for testing and to demonstrate how bpfilter is building on top. The patch 4 approach of converting one iptable rule to few bpf instructions will certainly change in the future, since it doesn't scale to thousands of rules. Alexei Starovoitov (2): umh: introd

[PATCH v2 net-next 2/4] net: add skeleton of bpfilter kernel module

2018-05-02 Thread Alexei Starovoitov
that umh is healthy. If not it will kill it via pid. Later bpfilter_process_sockopt() will be called from bpfilter hooks in get/setsockopt() to pass iptable commands into umh via bpfilter.ko If admin does 'rmmod bpfilter' the __exit code bpfilter.ko will kill umh as well. Signed-off-by: Alexei

Re: WARNING in perf_trace_buf_alloc (2)

2018-04-27 Thread Alexei Starovoitov
On Sat, Apr 21, 2018 at 12:37:01PM -0700, Eric Biggers wrote: > [+bpf maintainers and netdev] > > On Mon, Nov 06, 2017 at 03:56:01AM -0800, syzbot wrote: > > Hello, > > > > syzkaller hit the following crash on > > 5cb0512c02ecd7e6214e912e4c150f4219ac78e0 > >

Re: [PATCH] bpf: fix misaligned access for BPF_PROG_TYPE_PERF_EVENT program type on x86_32 platform

2018-04-27 Thread Alexei Starovoitov
On Thu, Apr 26, 2018 at 05:57:49PM +0800, Wang YanQing wrote: > All the testcases for BPF_PROG_TYPE_PERF_EVENT program type in > test_verifier(kselftest) report below errors on x86_32: > " > 172/p unpriv: spill/fill of different pointers ldx FAIL > Unexpected error message! > 0: (bf) r6 = r10 > 1:

arch/x86/net/bpf_jit_comp conflicts. was: [tip:x86/cleanups] x86/bpf: Clean up non-standard comments, to make the code more readable

2018-04-27 Thread Alexei Starovoitov
On 4/27/18 5:13 AM, Daniel Borkmann wrote: Hi Ingo, On 04/27/2018 01:00 PM, tip-bot for Ingo Molnar wrote: Commit-ID: 5f26c50143f58f256535bee8d93a105f36d4d2da Gitweb: https://git.kernel.org/tip/5f26c50143f58f256535bee8d93a105f36d4d2da Author: Ingo Molnar AuthorDate:

Re: [PATCH 0/3] bpf: Store/dump license string for loaded program

2018-04-25 Thread Alexei Starovoitov
On Wed, Apr 25, 2018 at 12:17:13PM +0200, Jiri Olsa wrote: > On Mon, Apr 23, 2018 at 02:11:36PM -0600, Alexei Starovoitov wrote: > > On Mon, Apr 23, 2018 at 08:59:24AM +0200, Jiri Olsa wrote: > > > hi, > > > sending the change to store and dump the license > > >

Re: [PATCH bpf-next] bpf: Allow bpf_jit_enable = 2 with BPF_JIT_ALWAYS_ON config

2018-04-25 Thread Alexei Starovoitov
On Wed, Apr 25, 2018 at 05:25:47PM +0800, Leo Yan wrote: > > If we have concern for security issue, should we remove support for > 'bpf_jit_enable = 2' and modify the doc to reflect this change? I suggest to fix the doc.

Re: [PATCH 0/3] bpf: Store/dump license string for loaded program

2018-04-23 Thread Alexei Starovoitov
On Mon, Apr 23, 2018 at 08:59:24AM +0200, Jiri Olsa wrote: > hi, > sending the change to store and dump the license > info for loaded BPF programs. It's important for > us get the license info, when investigating on > screwed up machine. hmm. boolean flag whether bpf prog is gpl or not is already

Re: [PATCH bpf-next 4/5] samples/bpf: Refine printing symbol for sampleip

2018-04-18 Thread Alexei Starovoitov
On Thu, Apr 19, 2018 at 01:12:49PM +0800, Leo Yan wrote: > On Wed, Apr 18, 2018 at 09:47:45PM -0700, Alexei Starovoitov wrote: > > On Thu, Apr 19, 2018 at 09:34:05AM +0800, Leo Yan wrote: > > > The code defines macro 'PAGE_OFFSET' and uses it to decide if the > > >

Re: [PATCH bpf-next 4/5] samples/bpf: Refine printing symbol for sampleip

2018-04-18 Thread Alexei Starovoitov
On Thu, Apr 19, 2018 at 09:34:05AM +0800, Leo Yan wrote: > The code defines macro 'PAGE_OFFSET' and uses it to decide if the > address is in kernel space or not. But different architecture has > different 'PAGE_OFFSET' so this program cannot be used for all > platforms. > > This commit changes

Re: [PATCH net-next] net: introduce a new tracepoint for tcp_rcv_space_adjust

2018-04-17 Thread Alexei Starovoitov
On Mon, Apr 16, 2018 at 08:43:31AM -0700, Eric Dumazet wrote: > > > On 04/16/2018 08:33 AM, Yafang Shao wrote: > > tcp_rcv_space_adjust is called every time data is copied to user space, > > introducing a tcp tracepoint for which could show us when the packet is > > copied to user. > > This

Re: [PATCH] x86/cpufeature: guard asm_volatile_goto usage with CC_HAVE_ASM_GOTO

2018-04-13 Thread Alexei Starovoitov
On 4/13/18 11:19 AM, Peter Zijlstra wrote: On Tue, Apr 10, 2018 at 02:28:04PM -0700, Alexei Starovoitov wrote: Instead of #ifdef CC_HAVE_ASM_GOTO we can replace it with #ifndef __BPF__ or some other name, I would prefer the BPF specific hack; otherwise we might be encouraging people to build

Re: Build error for samples/bpf/ due to commit d0266046ad54 ("x86: Remove FAST_FEATURE_TESTS")

2018-04-13 Thread Alexei Starovoitov
On Fri, Apr 13, 2018 at 03:22:37PM +0200, Jesper Dangaard Brouer wrote: > Hi Peter, > > Your commit d0266046ad54 ("x86: Remove FAST_FEATURE_TESTS") broke build > for several samples/bpf programs. I'm unsure what the best way forward > is to unbreak these... > > The issue is that these samples

Re: [PATCH] x86/cpufeature: guard asm_volatile_goto usage with CC_HAVE_ASM_GOTO

2018-04-10 Thread Alexei Starovoitov
On 4/10/18 2:07 PM, Peter Zijlstra wrote: On Tue, Apr 10, 2018 at 01:42:59PM -0700, Yonghong Song wrote: Commit d0266046ad54 ("x86: Remove FAST_FEATURE_TESTS") removed X86_FAST_FEATURE_TESTS and make macro static_cpu_has() always use __always_inline function _static_cpu_has() funciton. The

Re: [PATCH v5 0/6] enable creating [k,u]probe with perf_event_open

2018-04-09 Thread Alexei Starovoitov
On 4/9/18 9:45 PM, Ravi Bangoria wrote: Hi Song, On 12/07/2017 04:15 AM, Song Liu wrote: With current kernel, user space tools can only create/destroy [k,u]probes with a text-based API (kprobe_events and uprobe_events in tracefs). This approach relies on user space to clean up the [k,u]probe

Re: [PATCH bpf-next v8 05/11] seccomp,landlock: Enforce Landlock programs per process hierarchy

2018-04-09 Thread Alexei Starovoitov
;> > >>> On 27/02/2018 17:39, Andy Lutomirski wrote: > >>>> On Tue, Feb 27, 2018 at 5:32 AM, Alexei Starovoitov > >>>> <alexei.starovoi...@gmail.com> wrote: > >>>>> On Tue, Feb 27, 2018 at 05:20:55AM +, Andy Lutomirski

Re: [GIT PULL] Kernel lockdown for secure boot

2018-04-08 Thread Alexei Starovoitov
On Sun, Apr 08, 2018 at 04:07:42PM +0800, joeyli wrote: > > > If the only thing that folks are paranoid about is reading > > arbitrary kernel memory with bpf_probe_read() helper > > then preferred patch would be to disable it during verification > > when in lockdown mode > > Sorry for I didn't

Re: [RFC 0/9] bpf: Add buildid check support

2018-04-05 Thread Alexei Starovoitov
On Thu, Apr 05, 2018 at 05:16:36PM +0200, Jiri Olsa wrote: > hi, > eBPF programs loaded for kprobes are allowed to read kernel > internal structures. We check the provided kernel version > to ensure that the program is loaded for the proper kernel. > > The problem is that the version check is

Re: [GIT PULL] Kernel lockdown for secure boot

2018-04-03 Thread Alexei Starovoitov
On Tue, Apr 3, 2018 at 9:26 AM, Andy Lutomirski <l...@kernel.org> wrote: > On Tue, Apr 3, 2018 at 8:41 AM, Alexei Starovoitov > <alexei.starovoi...@gmail.com> wrote: >> On Tue, Apr 03, 2018 at 08:11:07AM -0700, Andy Lutomirski wrote: >>> > >>> >>

Re: [GIT PULL] Kernel lockdown for secure boot

2018-04-03 Thread Alexei Starovoitov
On Tue, Apr 03, 2018 at 08:11:07AM -0700, Andy Lutomirski wrote: > > > >> "bpf: Restrict kernel image access functions when the kernel is locked > >> down": > >> This patch just sucks in general. > > > > Yes - but that's what Alexei Starovoit

Re: [PATCH 4/4] selftests/bpf: fix compiling errors

2018-03-26 Thread Alexei Starovoitov
On Tue, Mar 27, 2018 at 10:20:10AM +0800, Du, Changbin wrote: > On Mon, Mar 26, 2018 at 07:55:13AM -0700, Alexei Starovoitov wrote: > > On Mon, Mar 26, 2018 at 05:23:28PM +0800, changbin...@intel.com wrote: > > > Signed-off-by: Changbin Du <changbin...@intel.com> > &

Re: [RFC PATCH] tracepoint: Provide tracepoint_kernel_find_by_name

2018-03-26 Thread Alexei Starovoitov
> WARN_ON_ONCE() to stay on the safe side. > > Signed-off-by: Mathieu Desnoyers <mathieu.desnoy...@efficios.com> > CC: Steven Rostedt <rost...@goodmis.org> > CC: Alexei Starovoitov <a...@kernel.org> > CC: Peter Zijlstra <pet...@infradead.org> > CC: Ingo Moln

Re: [PATCH 4/4] selftests/bpf: fix compiling errors

2018-03-26 Thread Alexei Starovoitov
On Mon, Mar 26, 2018 at 05:23:28PM +0800, changbin...@intel.com wrote: > From: Changbin Du > > This patch fixed below errors of missing head files. > > tools/testing/selftests$ make > ... > clang -I. -I./include/uapi -I../../../include/uapi >

Re: [PATCH net-next] modules: allow modprobe load regular elf binaries

2018-03-22 Thread Alexei Starovoitov
On 3/22/18 3:15 PM, Andy Lutomirski wrote: On Thu, Mar 22, 2018 at 8:54 PM, Luis R. Rodriguez wrote: If we can ensure that these usermode modules don't take *any time at all* on their init *from the start*, it would be wonderful and we'd end up avoiding some really odd

Re: [RFC PATCH 0/3] kernel: add support for 256-bit IO access

2018-03-22 Thread Alexei Starovoitov
On Thu, Mar 22, 2018 at 10:33:43AM +0100, Ingo Molnar wrote: > > - I think the BPF JIT, whose byte code machine languge is used by an >increasing number of kernel subsystems, could benefit from having vector > ops. >It would possibly allow the handling of floating point types. this is

Re: [PATCH] kbuild: disable clang's default use of -fmerge-all-constants

2018-03-20 Thread Alexei Starovoitov
On Wed, Mar 21, 2018 at 01:38:45AM +0100, Daniel Borkmann wrote: > On 03/21/2018 01:36 AM, Linus Torvalds wrote: > > On Tue, Mar 20, 2018 at 5:18 PM, Daniel Borkmann > > wrote: > >> Prasad reported that he has seen crashes in BPF subsystem with netd > >> on Android with

Re: [PATCH 11/13] perf bpf: Add helper header files

2018-03-12 Thread Alexei Starovoitov
On Mon, Mar 12, 2018 at 10:43:11AM +0100, Jiri Olsa wrote: > diff --git a/tools/perf/util/bpf-userapi.h b/tools/perf/util/bpf-userapi.h > new file mode 100644 > index ..63f2b4c13a5c > --- /dev/null > +++ b/tools/perf/util/bpf-userapi.h > @@ -0,0 +1,11 @@ > +#ifndef __BPF_USERAPI_H >

Re: [PATCH net-next] modules: allow modprobe load regular elf binaries

2018-03-12 Thread Alexei Starovoitov
On 3/12/18 5:02 AM, Edward Cree wrote: On 09/03/18 18:58, Alexei Starovoitov wrote: It's not waiting for the whole thing, because once bpfilter starts it stays running/sleeping because it's stateful. So, this has been bugging me a bit. If bpfilter takes a signal and crashes, all that state

Re: [PATCH net-next] modules: allow modprobe load regular elf binaries

2018-03-12 Thread Alexei Starovoitov
On 3/10/18 7:34 AM, Luis R. Rodriguez wrote: Also, Alexei you never answered my questions out aliases with the umh modules. Long term this important to consider. aliases always felt like a crutch to me. I can see an argument when they're used as 'alias pci:* foo' but the way it's used in

Re: [PATCH net-next] modules: allow modprobe load regular elf binaries

2018-03-09 Thread Alexei Starovoitov
On 3/9/18 11:38 AM, Linus Torvalds wrote: On Fri, Mar 9, 2018 at 11:12 AM, Linus Torvalds wrote: How are you going to handle five processes doing the same setup concurrently? Side note: it's not just serialization. It's also "is it actually up and running".

Re: [PATCH net-next] modules: allow modprobe load regular elf binaries

2018-03-09 Thread Alexei Starovoitov
On 3/9/18 11:37 AM, Andy Lutomirski wrote: On Fri, Mar 9, 2018 at 6:55 PM, David Miller <da...@davemloft.net> wrote: From: Alexei Starovoitov <a...@fb.com> Date: Fri, 9 Mar 2018 10:50:49 -0800 On 3/9/18 10:23 AM, Andy Lutomirski wrote: It might not be totally crazy to back

Re: [PATCH net-next] modules: allow modprobe load regular elf binaries

2018-03-09 Thread Alexei Starovoitov
On 3/9/18 10:50 AM, Linus Torvalds wrote: On Fri, Mar 9, 2018 at 10:43 AM, Kees Cook wrote: Module loading (via kernel_read_file()) already uses deny_write_access(), and so does do_open_execat(). As long as module loading doesn't call allow_write_access() before the

Re: [PATCH net-next] modules: allow modprobe load regular elf binaries

2018-03-09 Thread Alexei Starovoitov
On 3/9/18 10:23 AM, Andy Lutomirski wrote: On Mar 9, 2018, at 10:15 AM, Greg KH wrote: Oh, and for the record, I like Andy's proposal as well as dumping this into a kernel module "blob" with the exception that this now would take up unswapable memory, which

Re: [PATCH net-next] modules: allow modprobe load regular elf binaries

2018-03-09 Thread Alexei Starovoitov
On 3/9/18 8:24 AM, Andy Lutomirski wrote: On Fri, Mar 9, 2018 at 3:39 PM, Alexei Starovoitov <a...@fb.com> wrote: On 3/9/18 7:16 AM, Andy Lutomirski wrote: On Mar 8, 2018, at 9:08 PM, Alexei Starovoitov <a...@fb.com> wrote: On 3/8/18 7:54 PM, Andy Lutomirski wrote: On Mar 8

Re: [PATCH net-next] modules: allow modprobe load regular elf binaries

2018-03-09 Thread Alexei Starovoitov
On 3/9/18 7:16 AM, Andy Lutomirski wrote: On Mar 8, 2018, at 9:08 PM, Alexei Starovoitov <a...@fb.com> wrote: On 3/8/18 7:54 PM, Andy Lutomirski wrote: On Mar 8, 2018, at 7:06 PM, Linus Torvalds <torva...@linux-foundation.org> wrote: Honestly, that "read twice" thin

Re: [PATCH net-next] modules: allow modprobe load regular elf binaries

2018-03-08 Thread Alexei Starovoitov
On 3/8/18 7:54 PM, Andy Lutomirski wrote: On Mar 8, 2018, at 7:06 PM, Linus Torvalds wrote: Honestly, that "read twice" thing may be what scuttles this. Initially, I thought it was a non-issue, because anybody who controls the module subdirectory enough to

Re: [PATCH net-next] modules: allow modprobe load regular elf binaries

2018-03-08 Thread Alexei Starovoitov
On Fri, Mar 09, 2018 at 02:12:24AM +, Andy Lutomirski wrote: > On Fri, Mar 9, 2018 at 1:20 AM, Alexei Starovoitov > <alexei.starovoi...@gmail.com> wrote: > > On Fri, Mar 09, 2018 at 12:59:36AM +, Andy Lutomirski wrote: > >> > >> Alexei, can you give

Re: [PATCH net-next] modules: allow modprobe load regular elf binaries

2018-03-08 Thread Alexei Starovoitov
On Fri, Mar 09, 2018 at 01:04:39AM +, Andy Lutomirski wrote: > On Fri, Mar 9, 2018 at 12:57 AM, Alexei Starovoitov <a...@fb.com> wrote: > > On 3/8/18 4:24 PM, Kees Cook wrote: > >> > >> As Andy asked earlier, why not DYN too to catch PIE executables? Seem

Re: [PATCH net-next] modules: allow modprobe load regular elf binaries

2018-03-08 Thread Alexei Starovoitov
On Fri, Mar 09, 2018 at 12:59:36AM +, Andy Lutomirski wrote: > > Alexei, can you give an example use case? I'm sure it's upthread > somewhere, but I'm having trouble finding it. at the time of iptable's setsockopt() the kernel will do err = request_module("bpfilter"); once. The rough POC

Re: [PATCH net-next] modules: allow modprobe load regular elf binaries

2018-03-08 Thread Alexei Starovoitov
On 3/8/18 4:24 PM, Kees Cook wrote: How is this not marked [RFC]? :) On Mon, Mar 5, 2018 at 5:34 PM, Alexei Starovoitov <a...@kernel.org> wrote: As the first step in development of bpfilter project [1] the request_module() code is extended to allow user mode helpers to be invoked

Re: [PATCH net-next] modules: allow modprobe load regular elf binaries

2018-03-08 Thread Alexei Starovoitov
On 3/7/18 5:23 PM, Luis R. Rodriguez wrote: request_module() has its own world though too. How often in your proof of concept is request_module() called? How many times do you envision it being called? once. +static int run_umh(struct file *file) +{ + struct subprocess_info *sub_info

Re: [PATCH net-next] modules: allow modprobe load regular elf binaries

2018-03-06 Thread Alexei Starovoitov
combining multiple answers... On 3/6/18 3:05 AM, Greg KH wrote: Any chance you can add a field to your "umh module" type such that a normal 'modinfo' program will be able to notice it is different easily? ok. handling of modinfo turned out to be straightforward. kmod tooling worked fine with

Re: [PATCH net-next] modules: allow modprobe load regular elf binaries

2018-03-05 Thread Alexei Starovoitov
On 3/5/18 6:13 PM, Randy Dunlap wrote: Hi, On 03/05/2018 05:34 PM, Alexei Starovoitov wrote: diff --git a/kernel/module.c b/kernel/module.c index ad2d420024f6..6cfa35795741 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -3669,6 +3683,17 @@ static int load_module(struct load_info

[PATCH net-next] modules: allow modprobe load regular elf binaries

2018-03-05 Thread Alexei Starovoitov
infra doesn't do any accounting of them. They don't appear in "lsmod" and cannot be "rmmod". Multiple request_module("umh") will load multiple umh.ko processes. Similar to kernel modules the kernel will be tainted if "umh module" has invalid signature. [1] https

Re: [PATCH bpf-next 3/5] bpf: introduce BPF_RAW_TRACEPOINT

2018-03-05 Thread Alexei Starovoitov
On 3/5/18 3:56 PM, Daniel Borkmann wrote: On 03/01/2018 05:19 AM, Alexei Starovoitov wrote: Introduce BPF_PROG_TYPE_RAW_TRACEPOINT bpf program type to access kernel internal arguments of the tracepoints in their raw form. From bpf program point of view the access to the arguments look like

[PATCH bpf-next 3/5] bpf: introduce BPF_RAW_TRACEPOINT

2018-02-28 Thread Alexei Starovoitov
and all attached bpf programs. In the future bpf_raw_tracepoints can be extended with query/introspection logic. Signed-off-by: Alexei Starovoitov <a...@kernel.org> --- include/linux/bpf_types.h| 1 + include/linux/trace_events.h | 57 include/trace/bpf_probe.h| 87 +++

[PATCH bpf-next 2/5] tracepoint: compute num_args at build time

2018-02-28 Thread Alexei Starovoitov
it more useful with ability to stop for_each() loop depending via callback return value. In such form it's used in subsequent patch. Signed-off-by: Alexei Starovoitov <a...@kernel.org> --- include/linux/tracepoint-defs.h | 1 + include/linux/tracepoint.h

[PATCH bpf-next 5/5] samples/bpf: raw tracepoint test

2018-02-28 Thread Alexei Starovoitov
empty raw_tracepoint bpf program to test overhead Signed-off-by: Alexei Starovoitov <a...@kernel.org> --- samples/bpf/Makefile| 1 + samples/bpf/bpf_load.c | 13 + samples/bpf/test_overhead_raw_tp_kern.c | 17 + sampl

[PATCH bpf-next 1/5] treewide: remove struct-pass-by-value from tracepoints arguments

2018-02-28 Thread Alexei Starovoitov
patch enforces that all tracepoints args are either integers or pointers and fit into 64-bit. Signed-off-by: Alexei Starovoitov <a...@kernel.org> --- arch/x86/xen/mmu_pv.c| 16 +- drivers/gpu/drm/i915/i915_trace.h| 13 +++-- drivers/infiniband/hw/hfi1/file

[PATCH bpf-next 4/5] libbpf: add bpf_raw_tracepoint_open helper

2018-02-28 Thread Alexei Starovoitov
Signed-off-by: Alexei Starovoitov <a...@kernel.org> --- tools/include/uapi/linux/bpf.h | 11 +++ tools/lib/bpf/bpf.c| 10 ++ tools/lib/bpf/bpf.h| 1 + 3 files changed, 22 insertions(+) diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi

[PATCH bpf-next 0/5] bpf, tracing: introduce bpf raw tracepoints

2018-02-28 Thread Alexei Starovoitov
89K 697K750K755K Alexei Starovoitov (5): treewide: remove struct-pass-by-value from tracepoints arguments tracepoint: compute num_args at build time bpf: introduce BPF_RAW_TRACEPOINT libbpf: add bpf_raw_tracepoint_open helper samples/bpf: raw tracepoint test arch/x86/xe

Re: [PATCH bpf-next v8 05/11] seccomp,landlock: Enforce Landlock programs per process hierarchy

2018-02-26 Thread Alexei Starovoitov
On Tue, Feb 27, 2018 at 05:20:55AM +, Andy Lutomirski wrote: > On Tue, Feb 27, 2018 at 4:54 AM, Alexei Starovoitov > <alexei.starovoi...@gmail.com> wrote: > > On Tue, Feb 27, 2018 at 04:40:34AM +, Andy Lutomirski wrote: > >> On Tue, Feb 27, 2018 at

Re: [PATCH bpf-next v8 05/11] seccomp,landlock: Enforce Landlock programs per process hierarchy

2018-02-26 Thread Alexei Starovoitov
On Tue, Feb 27, 2018 at 04:40:34AM +, Andy Lutomirski wrote: > On Tue, Feb 27, 2018 at 2:08 AM, Alexei Starovoitov > <alexei.starovoi...@gmail.com> wrote: > > On Tue, Feb 27, 2018 at 01:41:15AM +0100, Mickaël Salaün wrote: > >> The seccomp(2) syscall can be used by

Re: [PATCH bpf-next v8 05/11] seccomp,landlock: Enforce Landlock programs per process hierarchy

2018-02-26 Thread Alexei Starovoitov
On Tue, Feb 27, 2018 at 01:41:15AM +0100, Mickaël Salaün wrote: > The seccomp(2) syscall can be used by a task to apply a Landlock program > to itself. As a seccomp filter, a Landlock program is enforced for the > current task and all its future children. A program is immutable and a > task can

Re: [PATCH] selftests/bpf/test_maps: exit child process without error in ENOMEM case

2018-02-13 Thread Alexei Starovoitov
_maps.c:955: run_parallel: Assertion `status == 0' failed. > Aborted > not ok 1..3 selftests: test_maps [FAIL] > --- > after this patch, the rest tests will be continue when it occurs a ENOMEM > failure > > CC: Alexei Starovoitov <alexei.starovoi..

Re: [tip:perf/core] perf/headers: Sync new perf_event.h with the tools/include/uapi version

2018-02-13 Thread Alexei Starovoitov
lt;pet...@infradead.org> > Reviewed-by: Yonghong Song <y...@fb.com> > Reviewed-by: Josef Bacik <jba...@fb.com> > Acked-by: Alexei Starovoitov <a...@kernel.org> > Cc: <dan...@iogearbox.net> > Cc: <da...@davemloft.net> > Cc: <kernel-t...@fb.com>

Re: [kmemleak] unreferenced object 0xcd9c1a80 (size 192):

2018-02-12 Thread Alexei Starovoitov
On Mon, Feb 12, 2018 at 09:28:33AM +0100, Daniel Borkmann wrote: > On 02/12/2018 06:47 AM, Yonghong Song wrote: > > On 2/11/18 11:18 AM, Mathieu Malaterre wrote: > >> On Sun, Feb 11, 2018 at 5:54 PM, Alexei Starovoitov > >> <alexei.starovoi...@gmail.com> wrote: &

Re: [kmemleak] unreferenced object 0xcd9c1a80 (size 192):

2018-02-11 Thread Alexei Starovoitov
On Sun, Feb 11, 2018 at 7:24 AM, Mathieu Malaterre wrote: > Alexei, > > Could you please comment on why I am seeing those memleaks being > reported on my ppc32 system ? Should they be marked as false positive > ? > > System is Mac Mini G4, git/master (4.15.0+), ppc. > > Thanks

Re: [Resend] Question: kselftests: bpf/test_maps failed

2018-02-09 Thread Alexei Starovoitov
On Fri, Feb 09, 2018 at 03:01:57PM +0100, Daniel Borkmann wrote: > On 02/09/2018 06:14 AM, Li Zhijian wrote: > > Hi > > > > INTEL 0-Day noticed that bpf/test_maps has different results at different > > platforms. > > when it fails, the details are like > > Sorry for the late reply and thanks

Re: [PATCH 00/18] [ANNOUNCE] Dynamically created function based events

2018-02-04 Thread Alexei Starovoitov
On Sun, Feb 04, 2018 at 12:57:47PM +0900, Masami Hiramatsu wrote: > > > I based some of the code from kprobes too. But I wanted this to be > > simpler, and as such, not as powerful as kprobes. More of a "poor mans" > > kprobe ;-) Where you are limited to functions and their arguments. If > > you

Re: [PATCH 00/18] [ANNOUNCE] Dynamically created function based events

2018-02-03 Thread Alexei Starovoitov
On Sat, Feb 03, 2018 at 04:17:32PM -0500, Steven Rostedt wrote: > On Sat, 3 Feb 2018 12:52:08 -0800 > Alexei Starovoitov <alexei.starovoi...@gmail.com> wrote: > > > It's a user space job. > > BTW, I asked around at DevConf.cz, and nobody I talked with (besides

Re: [PATCH 00/18] [ANNOUNCE] Dynamically created function based events

2018-02-03 Thread Alexei Starovoitov
On Sat, Feb 03, 2018 at 04:08:24PM -0500, Steven Rostedt wrote: > On Sat, 3 Feb 2018 12:52:08 -0800 > Alexei Starovoitov <alexei.starovoi...@gmail.com> wrote: > > > On Sat, Feb 03, 2018 at 02:02:17PM -0500, Steven Rostedt wrote: > > > > > > From those that

Re: [PATCH 00/18] [ANNOUNCE] Dynamically created function based events

2018-02-03 Thread Alexei Starovoitov
On Sat, Feb 03, 2018 at 02:02:17PM -0500, Steven Rostedt wrote: > > From those that were asking about having "trace markers" (ie. > Facebook), they told us they can cope with kernel changes. There is some misunderstanding here. We never asked for this interface. We're perfectly fine with

Re: [PATCH bpf-next v8 0/5] libbpf: add XDP binding support

2018-02-02 Thread Alexei Starovoitov
On Wed, Jan 31, 2018 at 05:53:13PM +0100, Daniel Borkmann wrote: > On 01/30/2018 09:50 PM, Eric Leblond wrote: > > Hello Daniel, > > > > No problem with the delay in the answer. I'm doing far worse. > > > > Here is an updated version: > > - add if_link.h in uapi and remove the definition > > -

Re: suspicious RCU usage at ./include/linux/rcupdate.h:LINE (4)

2018-02-02 Thread Alexei Starovoitov
On Fri, Feb 02, 2018 at 06:58:01AM -0800, syzbot wrote: > Hello, > > syzbot hit the following crash on bpf-next commit > b2fe5fa68642860e7de76167c3111623aa0d5de1 (Wed Jan 31 22:31:10 2018 +) > Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next > > So far this crash happened

  1   2   3   4   5   6   7   8   9   10   >