Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[gentoo-user] libbpf? BTF? blinking urxvt/fish?
212 views
Skip to first unread message
caveman رَجُلُ الْكَهْفِ 穴居人
Jul 10, 2021, 8:50:03 AM7/10/21
to
i have 2 odd isuses that i observe:
(1) i get this error when i reboot my kernel:
> libbpf: failed to find valid kernel BTF
> libbpf: error loading vmlinux BTF: -3
> libbpf: failed to load object 'iterators_bpf'
> libbpf: failed to load BPF skeleton 'iterators_bpf': -3
> Failed load could be due to wrong endianness
(2) plus all white texts are blinking in my
urxvt/fish terminal
any idea what are these things? never heard of
BTF. never seen terminals blink like this.
what's going on?
ty,
cm.
(1) i get this error when i reboot my kernel:
> libbpf: failed to find valid kernel BTF
> libbpf: error loading vmlinux BTF: -3
> libbpf: failed to load object 'iterators_bpf'
> libbpf: failed to load BPF skeleton 'iterators_bpf': -3
> Failed load could be due to wrong endianness
(2) plus all white texts are blinking in my
urxvt/fish terminal
any idea what are these things? never heard of
BTF. never seen terminals blink like this.
what's going on?
ty,
cm.
Nils Freydank
Jul 11, 2021, 9:20:04 AM7/11/21
to
Hi caveman,
you should really train your search skills :-P
(1) Just searching for "libbpf" and then for "bpf BTF" gives plenty webpages and
links. In short:
BPF: Berkeley packet filter, e.g.: https://en.wikipedia.org/wiki/Berkeley_Packet_Filter
libbpf: a library to use it, e.g.: https://github.com/libbpf/libbpf
BPF Type Format (BTF) https://www.kernel.org/doc/html/v5.9/bpf/btf.html
(2) "urxvt text blink ANSI": https://bbs.archlinux.org/viewtopic.php?id=150531
Kind regards,
Nils
you should really train your search skills :-P
(1) Just searching for "libbpf" and then for "bpf BTF" gives plenty webpages and
links. In short:
BPF: Berkeley packet filter, e.g.: https://en.wikipedia.org/wiki/Berkeley_Packet_Filter
libbpf: a library to use it, e.g.: https://github.com/libbpf/libbpf
BPF Type Format (BTF) https://www.kernel.org/doc/html/v5.9/bpf/btf.html
(2) "urxvt text blink ANSI": https://bbs.archlinux.org/viewtopic.php?id=150531
Kind regards,
Nils
caveman رَجُلُ الْكَهْفِ 穴居人
Jul 11, 2021, 9:50:03 AM7/11/21
to
On Sunday, July 11th, 2021 at 13:11, Nils Freydank <nils.f...@posteo.de> wrote:
> Hi caveman,
>
> you should really train your search skills :-P
lel. more like train my cognition.
> Hi caveman,
>
> you should really train your search skills :-P
> (1) Just searching for "libbpf" and then for "bpf BTF" gives plenty webpages and
>
> links. In short:
>
> BPF: Berkeley packet filter, e.g.: https://en.wikipedia.org/wiki/Berkeley_Packet_Filter
>
> libbpf: a library to use it, e.g.: https://github.com/libbpf/libbpf
>
> BPF Type Format (BTF) https://www.kernel.org/doc/html/v5.9/bpf/btf.html
get it.
wiki seems to say that it's for speeding up packer
filtering by having apps supply a filtering
program into the kernel, so that the whole thing
is done inside the kernel for speed.
but i also read elsewhere that it's being used to
generally run any apps inside the kernel,
ultimately making linux to slowly become into some
kind of a micro-kernel design. didn't fully get
it.
but either way, this feature sort of freaks me.
is it harming my security? how can i know which
app is running its code inside my kernel?
also, which apps would benefit from this? and why
did i end up having it? e.g. any idea which app
brought this feature?
or did gentoo generally go to ship BTF by default?
without any app needing it?
fixed it by enabling 24-bit-color USE flag.
Michael
Jul 14, 2021, 12:10:04 PM7/14/21
to
On Sunday, 11 July 2021 14:41:08 BST caveman رَجُلُ الْكَهْفِ 穴居人 wrote:
> On Sunday, July 11th, 2021 at 13:11, Nils Freydank <nils.f...@posteo.de>
wrote:
> > Hi caveman,
> >
> > you should really train your search skills :-P
>
> lel. more like train my cognition.
I could do with a bit of the same! ;-)
> On Sunday, July 11th, 2021 at 13:11, Nils Freydank <nils.f...@posteo.de>
wrote:
> > Hi caveman,
> >
> > you should really train your search skills :-P
>
> lel. more like train my cognition.
> > (1) Just searching for "libbpf" and then for "bpf BTF" gives plenty
> > webpages and
> >
> > links. In short:
> >
> > BPF: Berkeley packet filter, e.g.:
> > https://en.wikipedia.org/wiki/Berkeley_Packet_Filter
> >
> > libbpf: a library to use it, e.g.: https://github.com/libbpf/libbpf
> >
> > BPF Type Format (BTF) https://www.kernel.org/doc/html/v5.9/bpf/btf.html
>
> i did this before asking here, but didn't fully
> get it.
>
> wiki seems to say that it's for speeding up packer
> filtering by having apps supply a filtering
> program into the kernel, so that the whole thing
> is done inside the kernel for speed.
used in networking and security functions. However, from what I have
understood so far, the BPF instruction set and architecture was deemed
flexible enough to be extended for other functions, acting as if it were a
virtual-machine within the Linux kernel to allow bytecode to run at various
hook points in a safe manner. So think of BPF as a framework to leverage
kernel functionality by various programs, safely and fast. BPF is used e.g.
to implement networking policies early, hooking deep into the NIC driver,
without moving packets in-out of kernel-user space.
> but i also read elsewhere that it's being used to
> generally run any apps inside the kernel,
> ultimately making linux to slowly become into some
> kind of a micro-kernel design. didn't fully get
> it.
the kernel as such. It allows apps to utilise *programmable* functionality
like XDP (eXpress Data Path) to access kernel data at an earlier state than
would otherwise be accessible; e.g. close to bare metal packet processing,
before such data reaches the network stack for conventional processing. This
is convenient for applying network policies for containers at an earlier stage
than would be the case without BPF infrastructure and constraining kernel data
and memory access in a secure way.
BPF may have expanded into micro-kernel design, I can see how the BPF
functionality would be desirable for this purpose, but I'm not sure BPF would
reduce the kernel size as such. TBH, this is not a field I have looked into
to be able to add anything useful.
> but either way, this feature sort of freaks me.
> is it harming my security? how can i know which
> app is running its code inside my kernel?
>
> also, which apps would benefit from this? and why
> did i end up having it? e.g. any idea which app
> brought this feature?
>
> or did gentoo generally go to ship BTF by default?
> without any app needing it?
executable binaries, so as to utilise the BPF ABI. LLVM, Clang and others
utilise BPF to generate object files which can be loaded and run in the
kernel. This is meant to happen securely following verification of
instructions to establish they are legitimate, so that kernel and hardware is
not compromised by loose coding. Apps like iproute2, suricata, network
accounting/monitoring apps, etc. make use of BPF. However, I'm no dev so I
have no idea what the potential for BPF harming Linux security might be.
Other more knowledgeable M/L contributors may chime in to explain better.
antlists
Jul 14, 2021, 8:20:04 PM7/14/21
to
On 14/07/2021 17:02, Michael wrote:
> However, I'm no dev so I
> have no idea what the potential for BPF harming Linux security might be.
> Other more knowledgeable M/L contributors may chime in to explain better.
The main thing I know is that the verifier enforces "forward progress".
> However, I'm no dev so I
> have no idea what the potential for BPF harming Linux security might be.
> Other more knowledgeable M/L contributors may chime in to explain better.
If it can't *prove* that the BPF program will terminate, it fails
verification and is blocked, so it can't be used for a "denial of
service" attack.
Cheers,
Wol
0 new messages