Announcement

Collapse
No announcement yet.

Fedora 40 Looks To bpfman For Managing eBPF Programs

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Fedora 40 Looks To bpfman For Managing eBPF Programs

    Phoronix: Fedora 40 Looks To bpfman For Managing eBPF Programs

    Fedora 40 is looking at bpfman for serving as the default eBPF program manager to simplify the deployment and administration of said eBPF programs...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite

  • #2
    Worst superhero ever

    Comment


    • #3
      i get that bpfman is meant to help enable/disable eBPFs that you have available locally...

      ...and that it allows loading custom-built eBPFs so each user can make and use their own (only for their turf)...

      ...and that it seems to focus on making it possible for a user to interact with sandboxed stuff like kubernetes...

      ...but given how far ranging eBPFs applications can be, i wonder if eBPF installs and updates can be integrated into a distro's "apps store" and "updates manager" GUIs

      i say this because i use linux mint, where flatpaks can be installed from Software Manager along and (auto)updated from Updates Manager along apt packages, kernels and iirc also firmware (lvfs)... so it's only natural to want the same to happen to this new thing...

      ...and i also wonder if some of them can get distributed via apt from a distro's repos without complications


      on a slightly different focus i also wonder if eBPF can be easily signed by their devs then verified for integrity and chain-of-trust by a user... it seems like an easy-to-fetch-and-deply file that executes close-to-kernel functions and touts customized app loading as a welcome feature is inviting malware actors to flood the internet with convenience eBPFs that do more than they should along easy to follow instructions that cater to naive users and the classic bad windows habit of "installing .exe from website"

      maybe something like flathub.org is gonna be needed to combat such bad habits, along practical verification tooling?


      edit: in a third related note, I also don't know how it's gonna work if an eBPF is flawed... it can probably crash the OS, right? what happens on next boot? does a crash cause the system to boot without the offending eBPF? or without any eBPFs?bor will it try again and again? and if the later, will there be a safety boot mode where they don't get loaded? an interactive boot mode where you can choose some?
      Last edited by marlock; 22 January 2024, 07:39 AM.

      Comment


      • #4
        What are the advantages of running anything with this level of privilege? Performance?

        Comment


        • #5
          Originally posted by jorgepl View Post
          What are the advantages of running anything with this level of privilege? Performance?
          Yes, especially for firewall and sandbox, and there are plans to use it for userspace scheduler.

          IIRC some Linux devs are discussing moving one-line driver (mostly workarounds) to eBPF.

          Comment


          • #6
            Originally posted by marlock View Post
            i
            ...but given how far ranging eBPFs applications can be, i wonder if eBPF installs and updates can be integrated into a distro's "apps store" and "updates manager" GUIs

            on a slightly different focus i also wonder if eBPF can be easily signed by their devs then verified for integrity and chain-of-trust by a user...
            IMO eBPF is often distributed along with the app as read-only data, so if the app is managed by distro then eBPF would also be managed by distro.

            Thus signing would just be signing the application.


            Originally posted by marlock View Post
            i
            it seems like an easy-to-fetch-and-deply file that executes close-to-kernel functions and touts customized app loading as a welcome feature is inviting malware actors to flood the internet with convenience eBPFs that do more than they should along easy to follow instructions that cater to naive users and the classic bad windows habit of "installing .exe from website"

            edit: in a third related note, I also don't know how it's gonna work if an eBPF is flawed... it can probably crash the OS, right? what happens on next boot? does a crash cause the system to boot without the offending eBPF? or without any eBPFs?bor will it try again and again? and if the later, will there be a safety boot mode where they don't get loaded? an interactive boot mode where you can choose some?
            AFAIK eBPF has a verifier, which checks the program before it is compiled and run (or interpreted).

            It disallows loop, out-of-bound access, and only allow calling into lists of functions specified by the kernel.

            There's a CVE discovered for eBPF verifier though:

            • Challenge: The eBPF verifier, which plays a crucial role in ensuring the safety and security of eBPF programs, has been associated with a number of Common Vulnerabilities and Exposures (CVEs), a list of publicly disclosed information security flaws. Exposing a Linux system to eBPF opens it up to a range of vulnerabilities, including an out-of-bounds access flaw and a missing indicator for insufficient resources, which could potentially be exploited by attackers.

            • Mitigation Technique: Regularly update and patch your system to address vulnerabilities found in the eBPF verifier. Keeping the system up-to-date can address CVEs and enhance overall system security.
            From https://www.forbes.com/sites/forbest...h=49ba61e919b9

            Comment


            • #7
              Originally posted by marlock View Post
              edit: in a third related note, I also don't know how it's gonna work if an eBPF is flawed... it can probably crash the OS, right? what happens on next boot? does a crash cause the system to boot without the offending eBPF? or without any eBPFs?bor will it try again and again? and if the later, will there be a safety boot mode where they don't get loaded? an interactive boot mode where you can choose some?
              Well, it's not supposed to, but I've managed to hang my machine by doing something stupid in bpftrace modifying non-percpu maps from kfunc traces before, so...

              It's a lot harder to crash the OS than it is by writing a kernel module, though.

              Comment

              Working...
              X