From: Markus Armbruster <armbru@redhat.com>
To: "Daniel P. Berrangé" <berrange@redhat.com>
Cc: Andrew Melnychenko <andrew@daynix.com>,
jasowang@redhat.com, mst@redhat.com, eblake@redhat.com,
qemu-devel@nongnu.org, yuri.benditovich@daynix.com,
yan@daynix.com
Subject: Re: [PATCH v2 5/6] qmp: Added new command to retrieve eBPF blob.
Date: Tue, 16 May 2023 12:23:28 +0200 [thread overview]
Message-ID: <87ilcsshgf.fsf@pond.sub.org> (raw)
In-Reply-To: <ZGNE0bk2zCDpUkYS@redhat.com> ("Daniel P. Berrangé"'s message of "Tue, 16 May 2023 09:54:41 +0100")
Daniel P. Berrangé <berrange@redhat.com> writes:
> On Tue, May 16, 2023 at 10:47:52AM +0200, Markus Armbruster wrote:
[...]
>> So, this is basically a way to retrieve an eBPF program by some
>> well-known name.
>>
>> Ignorant question: how are these programs desposited?
>
> The eBPF code blob is linked into QEMU at build time. THis API lets
> libvirt fetch it from QEMU, in base64 format. When libvirt later
> creates NICs, it can attach the eBPF code blob to the TAP device (which
> requires elevated privilleges that QEMU lacks). NB, libvirt would fetch
> the eBPF code from QEMU when probing capabilities, as once a VM is
> running it is untrusted.
Okay, I can see how that helps. I trust the blob is in a read-only
segment. Ideally, libvirt fetches it before the guest runs.
Please improve the QAPI schema doc comments to explain why and how the
feature is to be used in a bit more detail. The existing text
Function returns eBPF object that can be loaded with libbpf.
Management applications (g.e. libvirt) may load it and pass file
descriptors to QEMU. Which allows running QEMU without BPF capabilities.
is too terse.
next prev parent reply other threads:[~2023-05-16 10:23 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-12 12:28 [PATCH v2 0/6] eBPF RSS through QMP support Andrew Melnychenko
2023-05-12 12:28 ` [PATCH v2 1/6] ebpf: Added eBPF map update through mmap Andrew Melnychenko
2023-05-15 9:34 ` Daniel P. Berrangé
2023-05-12 12:28 ` [PATCH v2 2/6] ebpf: Added eBPF initialization by fds Andrew Melnychenko
2023-05-15 9:35 ` Daniel P. Berrangé
2023-05-12 12:28 ` [PATCH v2 3/6] virtio-net: Added property to load eBPF RSS with fds Andrew Melnychenko
2023-05-15 9:38 ` Daniel P. Berrangé
2023-05-15 10:53 ` Andrew Melnichenko
2023-05-16 21:21 ` Eric Blake
2023-05-12 12:29 ` [PATCH v2 4/6] ebpf: Added declaration/initialization routines Andrew Melnychenko
2023-05-15 9:44 ` Daniel P. Berrangé
2023-05-12 12:29 ` [PATCH v2 5/6] qmp: Added new command to retrieve eBPF blob Andrew Melnychenko
2023-05-15 9:50 ` Daniel P. Berrangé
2023-05-16 8:47 ` Markus Armbruster
2023-05-16 8:54 ` Daniel P. Berrangé
2023-05-16 10:23 ` Markus Armbruster [this message]
2023-05-16 10:29 ` Daniel P. Berrangé
2023-05-16 14:04 ` Markus Armbruster
2023-05-16 14:35 ` Daniel P. Berrangé
2023-05-16 15:06 ` Markus Armbruster
2023-05-16 15:18 ` Daniel P. Berrangé
2023-05-22 10:50 ` Markus Armbruster
2023-05-12 12:29 ` [PATCH v2 6/6] ebpf: Updated eBPF program and skeleton Andrew Melnychenko
2023-05-15 9:53 ` Daniel P. Berrangé
2023-05-16 21:29 ` Eric Blake
2023-05-12 12:31 ` [PATCH v2 0/6] eBPF RSS through QMP support Andrew Melnichenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ilcsshgf.fsf@pond.sub.org \
--to=armbru@redhat.com \
--cc=andrew@daynix.com \
--cc=berrange@redhat.com \
--cc=eblake@redhat.com \
--cc=jasowang@redhat.com \
--cc=mst@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=yan@daynix.com \
--cc=yuri.benditovich@daynix.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).