From: Andy Lutomirski <luto@amacapital.net>
To: Alexei Starovoitov <alexei.starovoitov@gmail.com>
Cc: Tycho Andersen <tycho@tycho.ws>,
Kees Cook <keescook@chromium.org>, Will Drewry <wad@chromium.org>,
daniel@iogearbox.net, netdev@vger.kernel.org,
Linux Containers <containers@lists.linux-foundation.org>,
Sargun Dhillon <sargun@sargun.me>,
"David S. Miller" <davem@davemloft.net>,
Lorenzo Colitti <lorenzo@google.com>
Subject: Re: [PATCH net-next 0/3] eBPF Seccomp filters
Date: Thu, 15 Feb 2018 08:05:18 -0800 [thread overview]
Message-ID: <17F5A58C-AEE3-4E99-A0F9-313533109FD5@amacapital.net> (raw)
In-Reply-To: <20180215043027.zssmhvfdn7iz3rlz@ast-mbp.dhcp.thefacebook.com>
> On Feb 14, 2018, at 8:30 PM, Alexei Starovoitov <alexei.starovoitov@gmail.com> wrote:
>
> On Wed, Feb 14, 2018 at 10:32:22AM -0700, Tycho Andersen wrote:
>>>>
>>>> What's the reason for adding eBPF support? seccomp shouldn't need it,
>>>> and it only makes the code more complex. I'd rather stick with cBPF
>>>> until we have an overwhelmingly good reason to use eBPF as a "native"
>>>> seccomp filter language.
>>>>
>>>
>>> I can think of two fairly strong use cases for eBPF's ability to call
>>> functions: logging and Tycho's user notifier thing.
>>
>> Worth noting that there is one additional thing that I didn't
>> implement, but which would be nice and is probably not possible with
>> eBPF (at least, not without a bunch of additional infrastructure):
>> passing fds back to the tracee from the manager if you intercept
>> socket(), or accept() or something.
>>
>> This could again be accomplished via other means, though it would be a
>> lot nicer to have a primitive for it.
>
> there is bpf_perf_event_output() interface that allows to stream
> arbitrary data from kernel into user space via perf ring buffer.
> User space can epoll on it. We use this in both tracing and networking
> for notifications and streaming data transfers.
> I suspect this can be used for 'logging' too, since it's cheap and fast.
I think this is the right idea but we'd want to tweak it. We don't want the log messages to go to some systemwide buffer (seccomp can already so this and its annoying) -- we want them to go to the filter's creator. In fact, the seccomp listener fd concept could easily be extended to do exactly this.
>
> Also I think the argument that seccomp+eBPF will be faster than
> seccomp+cBPF is a weak one. I bet kpti on/off makes no difference
> under seccomp, since _all_ syscalls are already slow for sandboxed app.
It's been a while since I benchmarked it, but I suspect that a simple seccomp filter is quite a bit faster than a PTI transition.
next prev parent reply other threads:[~2018-02-15 16:05 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-13 15:42 [PATCH net-next 0/3] eBPF Seccomp filters Sargun Dhillon
2018-02-13 15:47 ` Kees Cook
2018-02-13 16:29 ` Sargun Dhillon
[not found] ` <CAMp4zn8VNurTjmrUtHnaK21A4hUQQz5tnarj15vmTU+TjY79XA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-02-13 17:02 ` Jessie Frazelle
2018-02-13 17:02 ` Jessie Frazelle
[not found] ` <CAEk6tEw3ty0kBH+06TYt4=Ywt-4_cHBa9f8p3ajMghtjRkHmMg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-02-13 17:07 ` Brian Goff
2018-02-13 17:31 ` Sargun Dhillon
2018-02-13 17:31 ` Sargun Dhillon
2018-02-13 20:16 ` Kees Cook
2018-02-13 21:08 ` Paul Moore
[not found] ` <CAGXu5jKv3QFVKLhok1JWiPamE0b4CqLTO-hx8sP0KWED921=6w-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-02-13 20:50 ` Tycho Andersen
2018-02-13 21:08 ` Paul Moore
[not found] ` <CAMp4zn-Lw0grNrCyjHJZUje1Aznaj03iAUWZ86ki68MZMN1-zA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-02-13 20:16 ` Kees Cook
2018-02-14 17:25 ` Andy Lutomirski
2018-02-14 17:32 ` Tycho Andersen
2018-02-15 4:30 ` Alexei Starovoitov
2018-02-15 4:30 ` Alexei Starovoitov
[not found] ` <20180215043027.zssmhvfdn7iz3rlz-+o4/htvd0TCa6kscz5V53/3mLCh9rsb+VpNB7YpNyf8@public.gmane.org>
2018-02-15 8:35 ` Lorenzo Colitti via Containers
2018-02-15 16:05 ` Andy Lutomirski
2018-02-16 18:39 ` Sargun Dhillon
2018-02-15 16:05 ` Andy Lutomirski [this message]
2018-02-16 18:39 ` Sargun Dhillon
[not found] ` <CALCETrV9xUd3XRgobTDgVNRFY_+o=pEDkfjvuxQ7w_UyH324zA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-02-14 17:32 ` Tycho Andersen
[not found] ` <CAGXu5jLiYh0rSRuJ_-2xLB03Wod5G07njpoESR4SnmsmiUnsEw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-02-13 16:29 ` Sargun Dhillon
2018-02-14 17:25 ` Andy Lutomirski
2018-02-14 0:47 ` Mickaël Salaün
[not found] ` <20180213154244.GA3292-du9IEJ8oIxHXYT48pCVpJ3c7ZZ+wIVaZYkHkVr5ML8kVGlcevz2xqA@public.gmane.org>
2018-02-13 15:47 ` Kees Cook
2018-02-14 0:47 ` Mickaël Salaün
-- strict thread matches above, loose matches on Subject: below --
2018-02-13 20:33 Tom Hromatka
2018-02-13 20:35 ` Kees Cook
2018-02-13 20:38 ` Tom Hromatka
[not found] ` <CAGXu5jJZgrgLrhkZO33RNdOds8zwnnOZh+rqwguxJM+zm=EJ7g-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-02-13 20:38 ` Tom Hromatka
[not found] ` <7eb1497e-e5f3-c5ba-e255-7f510795b51d-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
2018-02-13 20:35 ` Kees Cook
2018-02-13 15:42 Sargun Dhillon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=17F5A58C-AEE3-4E99-A0F9-313533109FD5@amacapital.net \
--to=luto@amacapital.net \
--cc=alexei.starovoitov@gmail.com \
--cc=containers@lists.linux-foundation.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=keescook@chromium.org \
--cc=lorenzo@google.com \
--cc=netdev@vger.kernel.org \
--cc=sargun@sargun.me \
--cc=tycho@tycho.ws \
--cc=wad@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.