Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp2633066imu;
        Thu, 29 Nov 2018 07:58:05 -0800 (PST)
X-Google-Smtp-Source: AFSGD/V+lbRRnLCN4MvANvgEy/aUawd2hJLTqplFivQqy0dFMGcBcCEVxT33wy90t7czkmlq/snx
X-Received: by 2002:a62:178f:: with SMTP id 137mr1893405pfx.226.1543507084970;
        Thu, 29 Nov 2018 07:58:04 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1543507084; cv=none;
        d=google.com; s=arc-20160816;
        b=ue6KvBdPV8+RNGcMBKJE3YjF9aqgWWYCvxOrAXP1SPAPzSWvQ+VmcPLVNsLRfyEn7D
         q4NPq6I2EabhU5nAM2yOwhjqRXFEQFayA2vyfHuWtScskaNBG9cUougpoAbwFHI2mgt2
         O02giid5CVL+65M8HnANBE7WRNrtpjY7Dgl1XOxi6fV9bBmSGu3xiA90+wdmRG3Zp/WH
         mgWX+snjXQyO2S4hpPAvv62ApZqjJMpGwqOom+dgDjxGufu3omAKQDvg0S+ZPRuZVdk/
         IfmCC/wEiDR7jug1b2xHJMK87PS1e1yo0yn8DhDalvf0gsDZhS0UsYWUO+OZJXyPM5Hy
         jHGA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :organization:references:in-reply-to:date:cc:to:from:subject
         :message-id;
        bh=NXHud0dRYCTTyTqwW8h/55aJDX3633WpJmY9uOxVii4=;
        b=quH1moLQElc6P2p80yH+OEWp9XCEU8cbt/Z2S8UJrAmGO7fjAu9k5leyCS6XW3+um+
         sUfAnxFDyWx3UGs+2HcOx7TVV4qjGelkX9QuBvbCMjnG3d/waYkcubFIsfdeXn5GK1wJ
         MuLrNIV90i8ZIGC6WBlcDi1cgqKzE6k5b4aiV7+O+IFNDeiMl/KIWKfNyUnnkkXVtOMp
         BKSVZAka6c955f+WKtp5/cbMQpk0w2uckC0EaFqPjVTBnGVCFAkuOzHrgyADyLcWXsFo
         dincwvl+3n3JWVSA7JtEbN+0x/72SEE9/sIX7GRRJrYig65NXryMgbyUng0nyQwY1PRN
         uxrg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=codethink.co.uk
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id m8si2543272plt.171.2018.11.29.07.57.46;
        Thu, 29 Nov 2018 07:58:04 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=codethink.co.uk
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729104AbeK3DBu (ORCPT <rfc822;xuyizhaos@gmail.com> + 99 others);
        Thu, 29 Nov 2018 22:01:50 -0500
Received: from imap1.codethink.co.uk ([176.9.8.82]:54631 "EHLO
        imap1.codethink.co.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1728363AbeK3DBt (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 29 Nov 2018 22:01:49 -0500
Received: from office.codethink.co.uk ([148.252.241.226] helo=xylophone)
        by imap1.codethink.co.uk with esmtpsa (Exim 4.84_2 #1 (Debian))
        id 1gSOfU-0006EJ-59; Thu, 29 Nov 2018 15:55:56 +0000
Message-ID: <1543506955.2867.10.camel@codethink.co.uk>
Subject: Re: [PATCH 1/3] bpf/verifier: Log instruction patching when verbose
 logging is enabled
From:   Ben Hutchings <ben.hutchings@codethink.co.uk>
To:     Daniel Borkmann <daniel@iogearbox.net>,
        Alexei Starovoitov <ast@kernel.org>
Cc:     netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Date:   Thu, 29 Nov 2018 15:55:55 +0000
In-Reply-To: <b1d395a1-076a-054d-09ae-9d9242b1c29a@iogearbox.net>
References: <20181123183356.5q4bu47zpj5wdufb@xylophone.i.decadent.org.uk>
         <20181123183455.qjokyt6zpa2yck6s@xylophone.i.decadent.org.uk>
         <b1d395a1-076a-054d-09ae-9d9242b1c29a@iogearbox.net>
Organization: Codethink Ltd.
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.22.6-1+deb9u1 
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, 2018-11-23 at 21:10 +0100, Daniel Borkmann wrote:
> On 11/23/2018 07:34 PM, Ben Hutchings wrote:
> > User-space does not have access to the patched eBPF code, but we
> > need to be able to test that patches are being applied.  Therefore
> > log distinct messages for each case that requires patching.
> 
> Thanks for the patches, Ben! Above is actually not the case, e.g. privileged
> admin can use something like 'bpftool prog dump xlated id <id>' and then the
> BPF insns are dumped to user space for the program /after/ the verification,
> so the rewrites can then be seen.

Oh that's good.

> test_verifier temporarily drops caps to
> load and run the unprivileged cases, but we can extend the test suite to
> retrieve and check the final insns after that happened. I think this would be
> a nice extension to the test suite for cases like these and would also provide
> better insight than verbose() statement saying that something has been
> patched (but not the actual result of it).

Agreed; I'll look into doing this instead.

Ben.

-- 
Ben Hutchings, Software Developer                         Codethink Ltd
https://www.codethink.co.uk/                 Dale House, 35 Dale Street
                                     Manchester, M1 2HF, United Kingdom