Re: [PATCH RFC net-next 03/14] bpf: introduce syscall(BPF, ...) and BPF maps

[PATCH RFC net-next 00/14] BPF syscall, maps, verifier, samples · Alexei Starovoitov <hidden> · 2014-06-28
[PATCH RFC net-next 01/14] net: filter: split filter.c into two files · Alexei Starovoitov <hidden> · 2014-06-28
[PATCH RFC net-next 05/14] bpf: add lookup/update/delete/iterate methods to BPF maps · Alexei Starovoitov <hidden> · 2014-06-28
[PATCH RFC net-next 06/14] bpf: add hashtable type of BPF maps · Alexei Starovoitov <hidden> · 2014-06-28
[PATCH RFC net-next 08/14] bpf: add eBPF verifier · Alexei Starovoitov <hidden> · 2014-06-28
Re: [PATCH RFC net-next 08/14] bpf: add eBPF verifier · Andy Lutomirski <luto@amacapital.net> · 2014-06-28
Re: [PATCH RFC net-next 08/14] bpf: add eBPF verifier · Alexei Starovoitov <hidden> · 2014-06-28
Re: [PATCH RFC net-next 08/14] bpf: add eBPF verifier · Andy Lutomirski <luto@amacapital.net> · 2014-06-29
Re: [PATCH RFC net-next 08/14] bpf: add eBPF verifier · Alexei Starovoitov <hidden> · 2014-06-29
Re: [PATCH RFC net-next 08/14] bpf: add eBPF verifier · Daniel Borkmann <hidden> · 2014-07-01
Re: [PATCH RFC net-next 08/14] bpf: add eBPF verifier · Alexei Starovoitov <hidden> · 2014-07-01
RE: [PATCH RFC net-next 08/14] bpf: add eBPF verifier · David Laight <hidden> · 2014-07-02
Re: [PATCH RFC net-next 08/14] bpf: add eBPF verifier · Alexei Starovoitov <hidden> · 2014-07-02
Re: [PATCH RFC net-next 08/14] bpf: add eBPF verifier · Chema Gonzalez <hidden> · 2014-07-02
Re: [PATCH RFC net-next 08/14] bpf: add eBPF verifier · Alexei Starovoitov <hidden> · 2014-07-02
Re: [PATCH RFC net-next 08/14] bpf: add eBPF verifier · Chema Gonzalez <hidden> · 2014-07-02
Re: [PATCH RFC net-next 08/14] bpf: add eBPF verifier · Alexei Starovoitov <hidden> · 2014-07-03
RE: [PATCH RFC net-next 08/14] bpf: add eBPF verifier · David Laight <hidden> · 2014-07-03
Re: [PATCH RFC net-next 08/14] bpf: add eBPF verifier · Alexei Starovoitov <hidden> · 2014-07-03
[PATCH RFC net-next 10/14] net: sock: allow eBPF programs to be attached to sockets · Alexei Starovoitov <hidden> · 2014-06-28
[PATCH RFC net-next 14/14] samples: bpf: example of tracing filters with eBPF · Alexei Starovoitov <hidden> · 2014-06-28
[PATCH RFC net-next 13/14] samples: bpf: example of stateful socket filtering · Alexei Starovoitov <hidden> · 2014-06-28
Re: [PATCH RFC net-next 13/14] samples: bpf: example of stateful socket filtering · Andy Lutomirski <luto@amacapital.net> · 2014-06-28
Re: [PATCH RFC net-next 13/14] samples: bpf: example of stateful socket filtering · Alexei Starovoitov <hidden> · 2014-06-28
[PATCH RFC net-next 12/14] samples: bpf: add mini eBPF library to manipulate maps and programs · Alexei Starovoitov <hidden> · 2014-06-28
[PATCH RFC net-next 11/14] tracing: allow eBPF programs to be attached to events · Alexei Starovoitov <hidden> · 2014-06-28
Re: [PATCH RFC net-next 11/14] tracing: allow eBPF programs to be attached to events · Daniel Borkmann <hidden> · 2014-07-01
Re: [PATCH RFC net-next 11/14] tracing: allow eBPF programs to be attached to events · Alexei Starovoitov <hidden> · 2014-07-01
[PATCH RFC net-next 09/14] bpf: allow eBPF programs to use maps · Alexei Starovoitov <hidden> · 2014-06-28
[PATCH RFC net-next 07/14] bpf: expand BPF syscall with program load/unload · Alexei Starovoitov <hidden> · 2014-06-28
Re: [PATCH RFC net-next 07/14] bpf: expand BPF syscall with program load/unload · Andy Lutomirski <luto@amacapital.net> · 2014-06-28
Re: [PATCH RFC net-next 07/14] bpf: expand BPF syscall with program load/unload · Alexei Starovoitov <hidden> · 2014-06-28
Re: [PATCH RFC net-next 07/14] bpf: expand BPF syscall with program load/unload · Andy Lutomirski <luto@amacapital.net> · 2014-06-28
Re: [PATCH RFC net-next 07/14] bpf: expand BPF syscall with program load/unload · Alexei Starovoitov <hidden> · 2014-06-28
Re: [PATCH RFC net-next 07/14] bpf: expand BPF syscall with program load/unload · Greg KH <gregkh@linuxfoundation.org> · 2014-06-28
Re: [PATCH RFC net-next 07/14] bpf: expand BPF syscall with program load/unload · Andy Lutomirski <luto@amacapital.net> · 2014-06-28
Re: [PATCH RFC net-next 07/14] bpf: expand BPF syscall with program load/unload · Alexei Starovoitov <hidden> · 2014-06-30
RE: [PATCH RFC net-next 07/14] bpf: expand BPF syscall with program load/unload · David Laight <hidden> · 2014-06-30
[PATCH RFC net-next 04/14] bpf: update MAINTAINERS entry · Alexei Starovoitov <hidden> · 2014-06-28
Re: [PATCH RFC net-next 04/14] bpf: update MAINTAINERS entry · Joe Perches <joe@perches.com> · 2014-06-28
Re: [PATCH RFC net-next 04/14] bpf: update MAINTAINERS entry · Alexei Starovoitov <hidden> · 2014-06-28
[PATCH RFC net-next 03/14] bpf: introduce syscall(BPF, ...) and BPF maps · Alexei Starovoitov <hidden> · 2014-06-28
Re: [PATCH RFC net-next 03/14] bpf: introduce syscall(BPF, ...) and BPF maps · Andy Lutomirski <luto@amacapital.net> · 2014-06-28
Re: [PATCH RFC net-next 03/14] bpf: introduce syscall(BPF, ...) and BPF maps · Alexei Starovoitov <hidden> · 2014-06-28
Re: [PATCH RFC net-next 03/14] bpf: introduce syscall(BPF, ...) and BPF maps · Andy Lutomirski <luto@amacapital.net> · 2014-06-28
Re: [PATCH RFC net-next 03/14] bpf: introduce syscall(BPF, ...) and BPF maps · Alexei Starovoitov <hidden> · 2014-06-28
Re: [PATCH RFC net-next 03/14] bpf: introduce syscall(BPF, ...) and BPF maps · Andy Lutomirski <luto@amacapital.net> · 2014-06-28
Re: [PATCH RFC net-next 03/14] bpf: introduce syscall(BPF, ...) and BPF maps · Alexei Starovoitov <hidden> · 2014-06-28
Re: [PATCH RFC net-next 03/14] bpf: introduce syscall(BPF, ...) and BPF maps · Andy Lutomirski <luto@amacapital.net> · 2014-06-29
Re: [PATCH RFC net-next 03/14] bpf: introduce syscall(BPF, ...) and BPF maps · Alexei Starovoitov <hidden> · 2014-06-29
Re: [PATCH RFC net-next 03/14] bpf: introduce syscall(BPF, ...) and BPF maps · Andy Lutomirski <luto@amacapital.net> · 2014-06-30
Re: [PATCH RFC net-next 03/14] bpf: introduce syscall(BPF, ...) and BPF maps · Alexei Starovoitov <hidden> · 2014-07-01
Re: [PATCH RFC net-next 03/14] bpf: introduce syscall(BPF, ...) and BPF maps · Andy Lutomirski <luto@amacapital.net> · 2014-07-01
Re: [PATCH RFC net-next 03/14] bpf: introduce syscall(BPF, ...) and BPF maps · Alexei Starovoitov <hidden> · 2014-07-02
Re: [PATCH RFC net-next 03/14] bpf: introduce syscall(BPF, ...) and BPF maps · Andy Lutomirski <luto@amacapital.net> · 2014-07-03
Re: [PATCH RFC net-next 03/14] bpf: introduce syscall(BPF, ...) and BPF maps · Alexei Starovoitov <hidden> · 2014-07-03
Re: [PATCH RFC net-next 03/14] bpf: introduce syscall(BPF, ...) and BPF maps · Andy Lutomirski <luto@amacapital.net> · 2014-07-04
Re: [PATCH RFC net-next 03/14] bpf: introduce syscall(BPF, ...) and BPF maps · Alexei Starovoitov <hidden> · 2014-07-05
[PATCH RFC net-next 02/14] net: filter: split filter.h and expose eBPF to user space · Alexei Starovoitov <hidden> · 2014-06-28
Re: [PATCH RFC net-next 00/14] BPF syscall, maps, verifier, samples · Kees Cook <hidden> · 2014-06-30
Re: [PATCH RFC net-next 00/14] BPF syscall, maps, verifier, samples · Daniel Borkmann <hidden> · 2014-07-01
Re: [PATCH RFC net-next 00/14] BPF syscall, maps, verifier, samples · Kees Cook <hidden> · 2014-07-02

From: Andy Lutomirski <hidden>
Date: 2014-06-30 22:09:41
Also in: lkml, netdev

On Sat, Jun 28, 2014 at 11:36 PM, Alexei Starovoitov [off-list ref] wrote:

On Sat, Jun 28, 2014 at 6:52 PM, Andy Lutomirski [off-list ref] wrote:

quoted

On Sat, Jun 28, 2014 at 1:49 PM, Alexei Starovoitov [off-list ref] wrote:

quoted

Sorry I don't like 'fd' direction at all.
1. it will make the whole thing very socket specific and 'net' dependent.
but the goal here is to be able to use eBPF for tracing in embedded
setups. So it's gotta be net independent.
2. sockets are already overloaded with all sorts of stuff. Adding more
types of sockets will complicate it a lot.
3. and most important. read/write operations on sockets are not
done every nanosecond, whereas lookup operations on bpf maps
are done every dozen instructions, so we cannot have any overhead
when accessing maps.
In other words the verifier is done as static analyzer. I moved all
the complexity to verify time, so at run-time the programs are as
fast as possible. I'm strongly against run-time checks in critical path,
since they kill performance and make the whole approach a lot less usable.

I may have described my suggestion poorly.  I'm suggesting that all of
these global ids be replaced *for userspace's benefit* with fds.  That
is, a map would have an associated struct inode, and, when you load an
eBPF program, you'd pass fds into the kernel instead of global ids.
The kernel would still compile the eBPF program to use the global ids,
though.

Hmm. If I understood you correctly, you're suggesting to do it similar
to ipc/mqueue, shmem, sockets do. By registering and mounting
a file system and providing all superblock and inode hooks… and
probably have its own namespace type… hmm… may be. That's
quite a bit of work to put lightly. As I said in the other email the first
step is root only and all these complexity just not worth doing
at this stage.

The downside of not doing it right away is that it's harder to
retrofit in without breaking early users.

You might be able to get away with using anon_inodes.  That will
prevent repoening via /proc/self/fd from working (I think), but that's
a good thing until someone fixes the /proc reopen hole.  Sigh.

--Andy

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help