From: Jann Horn <jannh@google.com>
To: Andrii Nakryiko <andrii.nakryiko@gmail.com>
Cc: bpf <bpf@vger.kernel.org>,
Alexei Starovoitov <alexei.starovoitov@gmail.com>,
Daniel Borkmann <daniel@iogearbox.net>,
Matthew Garrett <mjg59@google.com>, KP Singh <kpsingh@google.com>
Subject: Re: BPF map freezing is unreliable; can we instead just inline constants?
Date: Wed, 15 Apr 2020 22:03:51 +0200 [thread overview]
Message-ID: <CAG48ez1Bs8_3_+uUB69Qe3RN7tDgD8PcBrzv1H0fqbvd0f4jPw@mail.gmail.com> (raw)
In-Reply-To: <CAG48ez0G5q8CouLsTDHjkOcJ7WKJE09OB9FHFPQJUzQrCmZG1w@mail.gmail.com>
On Wed, Apr 15, 2020 at 9:07 PM Jann Horn <jannh@google.com> wrote:
> On Wed, Apr 15, 2020 at 6:59 AM Andrii Nakryiko
> <andrii.nakryiko@gmail.com> wrote:
> > On Tue, Apr 14, 2020 at 3:50 PM Jann Horn <jannh@google.com> wrote:
> > > On Tue, Apr 14, 2020 at 9:46 PM Andrii Nakryiko
> > > <andrii.nakryiko@gmail.com> wrote:
> > > > On Tue, Apr 14, 2020 at 9:07 AM Jann Horn <jannh@google.com> wrote:
> > > > > On Fri, Apr 10, 2020 at 10:48 PM Andrii Nakryiko
> > > > > <andrii.nakryiko@gmail.com> wrote:
> > > > > > On Fri, Apr 10, 2020 at 1:47 AM Jann Horn <jannh@google.com> wrote:
> > > > > > > On Fri, Apr 10, 2020 at 1:33 AM Andrii Nakryiko
> > > > > > > <andrii.nakryiko@gmail.com> wrote:
> > > > > > > > On Wed, Apr 8, 2020 at 12:42 PM Jann Horn <jannh@google.com> wrote:
> > > > > > > > >
> > > > > > > > > Hi!
> > > > > > > > >
> > > > > > > > > I saw that BPF allows root to create frozen maps, for which the
> > > > > > > > > verifier then assumes that they contain constant values. However, map
> > > > > > > > > freezing is pretty wobbly:
[...]
> > > > I'd say
> > > > the better way would be to implement immutable BPF maps from the time
> > > > they are created. E.g., at the time of creating map, you specify extra
> > > > flag BPF_F_IMMUTABLE and specify pointer to a blob of memory with
> > > > key/value pairs in it.
> > >
> > > It seems a bit hacky to me to add a new special interface for
> > > populating an immutable map. Wouldn't it make more sense to add a flag
> > > for "you can't use mmap on this map", or "I plan to freeze this map",
> > > or something like that, and keep the freezing API?
> >
> > "you can't use mmap on this map" is default behavior, unless you
> > specify BPF_F_MMAPABLE.
>
> Ah, right.
>
> > "I plan to freeze this map" could be added,
> > but how that would help existing users that freeze and mmap()?
> > Disallowing those now would be a breaking change.
> > Currently, libbpf is using freezing for .rodata variables, but it
> > doesn't mmap() before freezing.
>
> Okay, so it sounds like there are probably no actual users that use
> both BPF_F_MMAPABLE and freezing, and so we can just forbid that
> combination? That sounds great.
kpsingh pointed out to me that bpf_object__load_skeleton() has code
specifically for mmap()ing BPF_F_RDONLY_PROG maps, so this might not
work... but perhaps we could make `BPF_F_RDONLY_PROG|BPF_F_MMAPABLE`
imply "you can only map with PROT_READ, not with PROT_WRITE"?
bpf_object__load_skeleton() only maps BPF_F_RDONLY_PROG maps with
PROT_READ.
next prev parent reply other threads:[~2020-04-15 20:04 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-08 16:56 BPF map freezing is unreliable; can we instead just inline constants? Jann Horn
2020-04-09 23:33 ` Andrii Nakryiko
2020-04-10 8:46 ` Jann Horn
2020-04-10 20:48 ` Andrii Nakryiko
2020-04-14 16:07 ` Jann Horn
2020-04-14 19:46 ` Andrii Nakryiko
2020-04-14 22:50 ` Jann Horn
2020-04-15 4:59 ` Andrii Nakryiko
2020-04-15 19:07 ` Jann Horn
2020-04-15 20:03 ` Jann Horn [this message]
2020-04-16 5:42 ` Andrii Nakryiko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAG48ez1Bs8_3_+uUB69Qe3RN7tDgD8PcBrzv1H0fqbvd0f4jPw@mail.gmail.com \
--to=jannh@google.com \
--cc=alexei.starovoitov@gmail.com \
--cc=andrii.nakryiko@gmail.com \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=kpsingh@google.com \
--cc=mjg59@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).