From: Roberto Sassu <roberto.sassu@huawei.com> To: Andrii Nakryiko <andrii.nakryiko@gmail.com> Cc: Jonathan Corbet <corbet@lwn.net>, Al Viro <viro@zeniv.linux.org.uk>, Alexei Starovoitov <ast@kernel.org>, Daniel Borkmann <daniel@iogearbox.net>, Andrii Nakryiko <andrii@kernel.org>, KP Singh <kpsingh@kernel.org>, "Shuah Khan" <shuah@kernel.org>, "mcoquelin.stm32@gmail.com" <mcoquelin.stm32@gmail.com>, "alexandre.torgue@foss.st.com" <alexandre.torgue@foss.st.com>, Mimi Zohar <zohar@linux.ibm.com>, "Linux Doc Mailing List" <linux-doc@vger.kernel.org>, "linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>, Networking <netdev@vger.kernel.org>, bpf <bpf@vger.kernel.org>, "open list:KERNEL SELFTEST FRAMEWORK" <linux-kselftest@vger.kernel.org>, "linux-stm32@st-md-mailman.stormreply.com" <linux-stm32@st-md-mailman.stormreply.com>, linux-arm-kernel <linux-arm-kernel@lists.infradead.org>, "linux-integrity@vger.kernel.org" <linux-integrity@vger.kernel.org>, "linux-security-module@vger.kernel.org" <linux-security-module@vger.kernel.org>, open list <linux-kernel@vger.kernel.org> Subject: RE: [PATCH 00/18] bpf: Secure and authenticated preloading of eBPF programs Date: Wed, 30 Mar 2022 07:21:03 +0000 [thread overview] Message-ID: <7574e95fb2304db7b8d64be5d2553b20@huawei.com> (raw) In-Reply-To: <CAEf4BzZNs-DYzQcE5LPxNzXDa+9A7QFszw99fnd2=cq9SuWsLg@mail.gmail.com> > From: Andrii Nakryiko [mailto:andrii.nakryiko@gmail.com] > Sent: Wednesday, March 30, 2022 1:51 AM > On Mon, Mar 28, 2022 at 10:51 AM Roberto Sassu > <roberto.sassu@huawei.com> wrote: [...] > > Patches 1-2 export some definitions, to build out-of-tree kernel modules > > with eBPF programs to preload. Patches 3-4 allow eBPF programs to pin > > objects by themselves. Patches 5-10 automatically generate the methods > for > > preloading in the light skeleton. Patches 11-14 make it possible to preload > > multiple eBPF programs. Patch 15 automatically generates the kernel > module > > for preloading an eBPF program, patch 16 does a kernel mount of the bpf > > filesystem, and finally patches 17-18 test the functionality introduced. > > > > This approach of moving tons of pretty generic code into codegen of > lskel seems suboptimal. Why so much code has to be codegenerated? > Especially that tiny module code? Hi Andrii the main goal of this patch set is to use the preloading mechanism to plug in securely LSMs implemented as eBPF programs. I have a use case, I want to plug in my eBPF program, DIGLIM eBPF. I started to modify the preloading code manually, and I realized how complicated the process is if you want to add something more than the existing iterators_bpf program. First, you have to look at which objects you want to preload, then write code for each of them. This process is repetitive and deterministic, this is why I immediately thought that it is a good case for automatic code generation. My idea is that, if this mechanism is accepted, an implementer of an LSM wishing to be preloaded at the very beginning, only has to write his eBPF code, the kernel and bpftool take care of the rest. Generation of the preloading code is optional, and need to be enabled with the -P option, in addition to -L. The light skeleton of DIGLIM eBPF looks like: https://github.com/robertosassu/linux/blob/bpf-preload-v1/kernel/bpf/preload/diglim/diglim.lskel.h The preloading interface is very similar to the one used by the security subsystem: an ordered list of eBPF programs to preload set in the kernel configuration, that can be overwritten with the kernel option bpf_preload_list=. The changes that would be required to preload DIGLIM eBPF look like: https://github.com/robertosassu/linux/commit/c07e1a78584ee688aeb812f07dc7ab3060ac6152 Thanks Roberto HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063 Managing Director: Li Peng, Zhong Ronghua > Can you please elaborate on why it can't be done in a way that doesn't > require such extensive light skeleton codegen changes? > > > > Roberto Sassu (18): > > bpf: Export bpf_link_inc() > > bpf-preload: Move bpf_preload.h to include/linux > > bpf-preload: Generalize object pinning from the kernel > > bpf-preload: Export and call bpf_obj_do_pin_kernel() > > bpf-preload: Generate static variables > > bpf-preload: Generate free_objs_and_skel() > > bpf-preload: Generate preload() > > bpf-preload: Generate load_skel() > > bpf-preload: Generate code to pin non-internal maps > > bpf-preload: Generate bpf_preload_ops > > bpf-preload: Store multiple bpf_preload_ops structures in a linked > > list > > bpf-preload: Implement new registration method for preloading eBPF > > programs > > bpf-preload: Move pinned links and maps to a dedicated directory in > > bpffs > > bpf-preload: Switch to new preload registration method > > bpf-preload: Generate code of kernel module to preload > > bpf-preload: Do kernel mount to ensure that pinned objects don't > > disappear > > bpf-preload/selftests: Add test for automatic generation of preload > > methods > > bpf-preload/selftests: Preload a test eBPF program and check pinned > > objects > > please use proper prefixes: bpf (for kernel-side changes), libbpf, > bpftool, selftests/bpf, etc > > > > > > .../admin-guide/kernel-parameters.txt | 8 + > > fs/namespace.c | 1 + > > include/linux/bpf.h | 5 + > > include/linux/bpf_preload.h | 37 ++ > > init/main.c | 2 + > > kernel/bpf/inode.c | 295 +++++++++-- > > kernel/bpf/preload/Kconfig | 25 +- > > kernel/bpf/preload/bpf_preload.h | 16 - > > kernel/bpf/preload/bpf_preload_kern.c | 85 +--- > > kernel/bpf/preload/iterators/Makefile | 9 +- > > .../bpf/preload/iterators/iterators.lskel.h | 466 +++++++++++------- > > kernel/bpf/syscall.c | 1 + > > .../bpf/bpftool/Documentation/bpftool-gen.rst | 13 + > > tools/bpf/bpftool/bash-completion/bpftool | 6 +- > > tools/bpf/bpftool/gen.c | 331 +++++++++++++ > > tools/bpf/bpftool/main.c | 7 +- > > tools/bpf/bpftool/main.h | 1 + > > tools/testing/selftests/bpf/Makefile | 32 +- > > .../bpf/bpf_testmod_preload/.gitignore | 7 + > > .../bpf/bpf_testmod_preload/Makefile | 20 + > > .../gen_preload_methods.expected.diff | 97 ++++ > > .../bpf/prog_tests/test_gen_preload_methods.c | 27 + > > .../bpf/prog_tests/test_preload_methods.c | 69 +++ > > .../selftests/bpf/progs/gen_preload_methods.c | 23 + > > 24 files changed, 1246 insertions(+), 337 deletions(-) > > create mode 100644 include/linux/bpf_preload.h > > delete mode 100644 kernel/bpf/preload/bpf_preload.h > > create mode 100644 > tools/testing/selftests/bpf/bpf_testmod_preload/.gitignore > > create mode 100644 > tools/testing/selftests/bpf/bpf_testmod_preload/Makefile > > create mode 100644 > tools/testing/selftests/bpf/prog_tests/gen_preload_methods.expected.diff > > create mode 100644 > tools/testing/selftests/bpf/prog_tests/test_gen_preload_methods.c > > create mode 100644 > tools/testing/selftests/bpf/prog_tests/test_preload_methods.c > > create mode 100644 > tools/testing/selftests/bpf/progs/gen_preload_methods.c > > > > -- > > 2.32.0 > >
WARNING: multiple messages have this Message-ID (diff)
From: Roberto Sassu <roberto.sassu@huawei.com> To: Andrii Nakryiko <andrii.nakryiko@gmail.com> Cc: Jonathan Corbet <corbet@lwn.net>, Al Viro <viro@zeniv.linux.org.uk>, Alexei Starovoitov <ast@kernel.org>, Daniel Borkmann <daniel@iogearbox.net>, Andrii Nakryiko <andrii@kernel.org>, KP Singh <kpsingh@kernel.org>, "Shuah Khan" <shuah@kernel.org>, "mcoquelin.stm32@gmail.com" <mcoquelin.stm32@gmail.com>, "alexandre.torgue@foss.st.com" <alexandre.torgue@foss.st.com>, Mimi Zohar <zohar@linux.ibm.com>, "Linux Doc Mailing List" <linux-doc@vger.kernel.org>, "linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>, Networking <netdev@vger.kernel.org>, bpf <bpf@vger.kernel.org>, "open list:KERNEL SELFTEST FRAMEWORK" <linux-kselftest@vger.kernel.org>, "linux-stm32@st-md-mailman.stormreply.com" <linux-stm32@st-md-mailman.stormreply.com>, linux-arm-kernel <linux-arm-kernel@lists.infradead.org>, "linux-integrity@vger.kernel.org" <linux-integrity@vger.kernel.org>, "linux-security-module@vger.kernel.org" <linux-security-module@vger.kernel.org>, open list <linux-kernel@vger.kernel.org> Subject: RE: [PATCH 00/18] bpf: Secure and authenticated preloading of eBPF programs Date: Wed, 30 Mar 2022 07:21:03 +0000 [thread overview] Message-ID: <7574e95fb2304db7b8d64be5d2553b20@huawei.com> (raw) In-Reply-To: <CAEf4BzZNs-DYzQcE5LPxNzXDa+9A7QFszw99fnd2=cq9SuWsLg@mail.gmail.com> > From: Andrii Nakryiko [mailto:andrii.nakryiko@gmail.com] > Sent: Wednesday, March 30, 2022 1:51 AM > On Mon, Mar 28, 2022 at 10:51 AM Roberto Sassu > <roberto.sassu@huawei.com> wrote: [...] > > Patches 1-2 export some definitions, to build out-of-tree kernel modules > > with eBPF programs to preload. Patches 3-4 allow eBPF programs to pin > > objects by themselves. Patches 5-10 automatically generate the methods > for > > preloading in the light skeleton. Patches 11-14 make it possible to preload > > multiple eBPF programs. Patch 15 automatically generates the kernel > module > > for preloading an eBPF program, patch 16 does a kernel mount of the bpf > > filesystem, and finally patches 17-18 test the functionality introduced. > > > > This approach of moving tons of pretty generic code into codegen of > lskel seems suboptimal. Why so much code has to be codegenerated? > Especially that tiny module code? Hi Andrii the main goal of this patch set is to use the preloading mechanism to plug in securely LSMs implemented as eBPF programs. I have a use case, I want to plug in my eBPF program, DIGLIM eBPF. I started to modify the preloading code manually, and I realized how complicated the process is if you want to add something more than the existing iterators_bpf program. First, you have to look at which objects you want to preload, then write code for each of them. This process is repetitive and deterministic, this is why I immediately thought that it is a good case for automatic code generation. My idea is that, if this mechanism is accepted, an implementer of an LSM wishing to be preloaded at the very beginning, only has to write his eBPF code, the kernel and bpftool take care of the rest. Generation of the preloading code is optional, and need to be enabled with the -P option, in addition to -L. The light skeleton of DIGLIM eBPF looks like: https://github.com/robertosassu/linux/blob/bpf-preload-v1/kernel/bpf/preload/diglim/diglim.lskel.h The preloading interface is very similar to the one used by the security subsystem: an ordered list of eBPF programs to preload set in the kernel configuration, that can be overwritten with the kernel option bpf_preload_list=. The changes that would be required to preload DIGLIM eBPF look like: https://github.com/robertosassu/linux/commit/c07e1a78584ee688aeb812f07dc7ab3060ac6152 Thanks Roberto HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063 Managing Director: Li Peng, Zhong Ronghua > Can you please elaborate on why it can't be done in a way that doesn't > require such extensive light skeleton codegen changes? > > > > Roberto Sassu (18): > > bpf: Export bpf_link_inc() > > bpf-preload: Move bpf_preload.h to include/linux > > bpf-preload: Generalize object pinning from the kernel > > bpf-preload: Export and call bpf_obj_do_pin_kernel() > > bpf-preload: Generate static variables > > bpf-preload: Generate free_objs_and_skel() > > bpf-preload: Generate preload() > > bpf-preload: Generate load_skel() > > bpf-preload: Generate code to pin non-internal maps > > bpf-preload: Generate bpf_preload_ops > > bpf-preload: Store multiple bpf_preload_ops structures in a linked > > list > > bpf-preload: Implement new registration method for preloading eBPF > > programs > > bpf-preload: Move pinned links and maps to a dedicated directory in > > bpffs > > bpf-preload: Switch to new preload registration method > > bpf-preload: Generate code of kernel module to preload > > bpf-preload: Do kernel mount to ensure that pinned objects don't > > disappear > > bpf-preload/selftests: Add test for automatic generation of preload > > methods > > bpf-preload/selftests: Preload a test eBPF program and check pinned > > objects > > please use proper prefixes: bpf (for kernel-side changes), libbpf, > bpftool, selftests/bpf, etc > > > > > > .../admin-guide/kernel-parameters.txt | 8 + > > fs/namespace.c | 1 + > > include/linux/bpf.h | 5 + > > include/linux/bpf_preload.h | 37 ++ > > init/main.c | 2 + > > kernel/bpf/inode.c | 295 +++++++++-- > > kernel/bpf/preload/Kconfig | 25 +- > > kernel/bpf/preload/bpf_preload.h | 16 - > > kernel/bpf/preload/bpf_preload_kern.c | 85 +--- > > kernel/bpf/preload/iterators/Makefile | 9 +- > > .../bpf/preload/iterators/iterators.lskel.h | 466 +++++++++++------- > > kernel/bpf/syscall.c | 1 + > > .../bpf/bpftool/Documentation/bpftool-gen.rst | 13 + > > tools/bpf/bpftool/bash-completion/bpftool | 6 +- > > tools/bpf/bpftool/gen.c | 331 +++++++++++++ > > tools/bpf/bpftool/main.c | 7 +- > > tools/bpf/bpftool/main.h | 1 + > > tools/testing/selftests/bpf/Makefile | 32 +- > > .../bpf/bpf_testmod_preload/.gitignore | 7 + > > .../bpf/bpf_testmod_preload/Makefile | 20 + > > .../gen_preload_methods.expected.diff | 97 ++++ > > .../bpf/prog_tests/test_gen_preload_methods.c | 27 + > > .../bpf/prog_tests/test_preload_methods.c | 69 +++ > > .../selftests/bpf/progs/gen_preload_methods.c | 23 + > > 24 files changed, 1246 insertions(+), 337 deletions(-) > > create mode 100644 include/linux/bpf_preload.h > > delete mode 100644 kernel/bpf/preload/bpf_preload.h > > create mode 100644 > tools/testing/selftests/bpf/bpf_testmod_preload/.gitignore > > create mode 100644 > tools/testing/selftests/bpf/bpf_testmod_preload/Makefile > > create mode 100644 > tools/testing/selftests/bpf/prog_tests/gen_preload_methods.expected.diff > > create mode 100644 > tools/testing/selftests/bpf/prog_tests/test_gen_preload_methods.c > > create mode 100644 > tools/testing/selftests/bpf/prog_tests/test_preload_methods.c > > create mode 100644 > tools/testing/selftests/bpf/progs/gen_preload_methods.c > > > > -- > > 2.32.0 > > _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2022-03-30 7:22 UTC|newest] Thread overview: 90+ messages / expand[flat|nested] mbox.gz Atom feed top 2022-03-28 17:50 [PATCH 00/18] bpf: Secure and authenticated preloading of eBPF programs Roberto Sassu 2022-03-28 17:50 ` Roberto Sassu 2022-03-28 17:50 ` [PATCH 01/18] bpf: Export bpf_link_inc() Roberto Sassu 2022-03-28 17:50 ` Roberto Sassu 2022-03-28 17:50 ` [PATCH 02/18] bpf-preload: Move bpf_preload.h to include/linux Roberto Sassu 2022-03-28 17:50 ` Roberto Sassu 2022-03-28 17:50 ` [PATCH 03/18] bpf-preload: Generalize object pinning from the kernel Roberto Sassu 2022-03-28 17:50 ` Roberto Sassu 2022-03-28 17:50 ` [PATCH 04/18] bpf-preload: Export and call bpf_obj_do_pin_kernel() Roberto Sassu 2022-03-28 17:50 ` Roberto Sassu 2022-03-28 17:50 ` [PATCH 05/18] bpf-preload: Generate static variables Roberto Sassu 2022-03-28 17:50 ` Roberto Sassu 2022-03-29 23:51 ` Andrii Nakryiko 2022-03-29 23:51 ` Andrii Nakryiko 2022-03-30 7:44 ` Roberto Sassu 2022-03-30 7:44 ` Roberto Sassu 2022-04-04 0:22 ` Andrii Nakryiko 2022-04-04 0:22 ` Andrii Nakryiko 2022-03-30 15:12 ` Roberto Sassu 2022-03-30 15:12 ` Roberto Sassu 2022-03-28 17:50 ` [PATCH 06/18] bpf-preload: Generate free_objs_and_skel() Roberto Sassu 2022-03-28 17:50 ` Roberto Sassu 2022-03-28 17:50 ` [PATCH 07/18] bpf-preload: Generate preload() Roberto Sassu 2022-03-28 17:50 ` Roberto Sassu 2022-03-28 17:50 ` [PATCH 08/18] bpf-preload: Generate load_skel() Roberto Sassu 2022-03-28 17:50 ` Roberto Sassu 2022-03-28 17:50 ` [PATCH 09/18] bpf-preload: Generate code to pin non-internal maps Roberto Sassu 2022-03-28 17:50 ` Roberto Sassu 2022-03-28 17:50 ` [PATCH 10/18] bpf-preload: Generate bpf_preload_ops Roberto Sassu 2022-03-28 17:50 ` Roberto Sassu 2022-03-28 17:50 ` [PATCH 11/18] bpf-preload: Store multiple bpf_preload_ops structures in a linked list Roberto Sassu 2022-03-28 17:50 ` Roberto Sassu 2022-03-28 17:50 ` [PATCH 12/18] bpf-preload: Implement new registration method for preloading eBPF programs Roberto Sassu 2022-03-28 17:50 ` Roberto Sassu 2022-03-28 17:50 ` [PATCH 13/18] bpf-preload: Move pinned links and maps to a dedicated directory in bpffs Roberto Sassu 2022-03-28 17:50 ` Roberto Sassu 2022-03-28 17:50 ` [PATCH 14/18] bpf-preload: Switch to new preload registration method Roberto Sassu 2022-03-28 17:50 ` Roberto Sassu 2022-03-29 2:35 ` kernel test robot 2022-03-29 2:35 ` kernel test robot 2022-03-29 3:27 ` kernel test robot 2022-03-29 3:27 ` kernel test robot 2022-03-28 17:50 ` [PATCH 15/18] bpf-preload: Generate code of kernel module to preload Roberto Sassu 2022-03-28 17:50 ` Roberto Sassu 2022-03-28 17:50 ` [PATCH 16/18] bpf-preload: Do kernel mount to ensure that pinned objects don't disappear Roberto Sassu 2022-03-28 17:50 ` Roberto Sassu 2022-03-29 2:15 ` kernel test robot 2022-03-29 2:15 ` kernel test robot 2022-03-29 4:08 ` kernel test robot 2022-03-29 4:08 ` kernel test robot 2022-03-28 17:50 ` [PATCH 17/18] bpf-preload/selftests: Add test for automatic generation of preload methods Roberto Sassu 2022-03-28 17:50 ` Roberto Sassu 2022-03-28 17:50 ` [PATCH 18/18] bpf-preload/selftests: Preload a test eBPF program and check pinned objects Roberto Sassu 2022-03-28 17:50 ` Roberto Sassu 2022-03-29 23:51 ` [PATCH 00/18] bpf: Secure and authenticated preloading of eBPF programs Andrii Nakryiko 2022-03-29 23:51 ` Andrii Nakryiko 2022-03-30 7:21 ` Roberto Sassu [this message] 2022-03-30 7:21 ` Roberto Sassu 2022-03-31 2:27 ` Alexei Starovoitov 2022-03-31 2:27 ` Alexei Starovoitov 2022-03-31 8:25 ` Roberto Sassu 2022-03-31 8:25 ` Roberto Sassu 2022-04-01 23:55 ` Alexei Starovoitov 2022-04-01 23:55 ` Alexei Starovoitov 2022-04-02 1:03 ` KP Singh 2022-04-02 1:03 ` KP Singh 2022-04-04 7:44 ` Djalal Harouni 2022-04-04 7:44 ` Djalal Harouni 2022-04-04 17:20 ` Roberto Sassu 2022-04-04 17:20 ` Roberto Sassu 2022-04-04 22:49 ` Alexei Starovoitov 2022-04-04 22:49 ` Alexei Starovoitov 2022-04-05 0:00 ` KP Singh 2022-04-05 0:00 ` KP Singh 2022-04-05 13:11 ` [POC][USER SPACE][PATCH] Introduce LSM to protect pinned objects Roberto Sassu 2022-04-05 13:11 ` Roberto Sassu 2022-04-05 22:47 ` Casey Schaufler 2022-04-05 22:47 ` Casey Schaufler 2022-04-06 6:55 ` Roberto Sassu 2022-04-06 6:55 ` Roberto Sassu 2022-04-05 14:49 ` [PATCH 00/18] bpf: Secure and authenticated preloading of eBPF programs Casey Schaufler 2022-04-05 14:49 ` Casey Schaufler 2022-04-05 15:29 ` Roberto Sassu 2022-04-05 15:29 ` Roberto Sassu 2022-04-05 16:21 ` Casey Schaufler 2022-04-05 16:21 ` Casey Schaufler 2022-04-05 16:37 ` KP Singh 2022-04-05 16:37 ` KP Singh 2022-04-04 17:41 ` Roberto Sassu 2022-04-04 17:41 ` Roberto Sassu
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=7574e95fb2304db7b8d64be5d2553b20@huawei.com \ --to=roberto.sassu@huawei.com \ --cc=alexandre.torgue@foss.st.com \ --cc=andrii.nakryiko@gmail.com \ --cc=andrii@kernel.org \ --cc=ast@kernel.org \ --cc=bpf@vger.kernel.org \ --cc=corbet@lwn.net \ --cc=daniel@iogearbox.net \ --cc=kpsingh@kernel.org \ --cc=linux-arm-kernel@lists.infradead.org \ --cc=linux-doc@vger.kernel.org \ --cc=linux-fsdevel@vger.kernel.org \ --cc=linux-integrity@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-kselftest@vger.kernel.org \ --cc=linux-security-module@vger.kernel.org \ --cc=linux-stm32@st-md-mailman.stormreply.com \ --cc=mcoquelin.stm32@gmail.com \ --cc=netdev@vger.kernel.org \ --cc=shuah@kernel.org \ --cc=viro@zeniv.linux.org.uk \ --cc=zohar@linux.ibm.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.