From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 42F9FC77B60 for ; Fri, 31 Mar 2023 08:00:17 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pi9fR-00025o-Fb; Fri, 31 Mar 2023 03:59:25 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pi9fP-00025Z-AC for qemu-devel@nongnu.org; Fri, 31 Mar 2023 03:59:23 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pi9fN-0002ET-PN for qemu-devel@nongnu.org; Fri, 31 Mar 2023 03:59:22 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1680249560; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=QPwEq0GxE3CalZGt5YBJz3du7IQERp2K95XK7ALMVvw=; b=Fhqsr9eEOuzJtqUDGU9bVCVv1y6rrsCSyOgklbP4emvst+f6QT5u/+wMU6mypR1MOYfI21 I0a5qyG60kRaq0XyCSN4DQPKTAyYu085Xitkajpfo5S3vzkxE4M1/qOQEN5sZSYbB3Bi1/ P6Uf61LmL8LKG8SwKn8kn6a12ZlKI2Q= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-297-DqlOM4fYMzOUch0xjc3B4A-1; Fri, 31 Mar 2023 03:59:16 -0400 X-MC-Unique: DqlOM4fYMzOUch0xjc3B4A-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 5CE8F281424F; Fri, 31 Mar 2023 07:59:16 +0000 (UTC) Received: from redhat.com (unknown [10.33.36.67]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 10EB1202701E; Fri, 31 Mar 2023 07:59:13 +0000 (UTC) Date: Fri, 31 Mar 2023 08:59:11 +0100 From: Daniel =?utf-8?B?UC4gQmVycmFuZ8Op?= To: Jason Wang Cc: Andrew Melnychenko , mst@redhat.com, pbonzini@redhat.com, marcandre.lureau@redhat.com, thuth@redhat.com, philmd@linaro.org, armbru@redhat.com, eblake@redhat.com, qemu-devel@nongnu.org, toke@redhat.com, mprivozn@redhat.com, yuri.benditovich@daynix.com, yan@daynix.com Subject: Re: [RFC PATCH 3/5] ebpf: Added declaration/initialization routines. Message-ID: References: <20230330001522.120774-1-andrew@daynix.com> <20230330001522.120774-4-andrew@daynix.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/2.2.9 (2022-11-12) X-Scanned-By: MIMEDefang 3.1 on 10.11.54.4 Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Daniel =?utf-8?B?UC4gQmVycmFuZ8Op?= Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org On Fri, Mar 31, 2023 at 03:48:18PM +0800, Jason Wang wrote: > On Thu, Mar 30, 2023 at 4:34 PM Daniel P. Berrangé wrote: > > > > On Thu, Mar 30, 2023 at 02:54:32PM +0800, Jason Wang wrote: > > > On Thu, Mar 30, 2023 at 8:33 AM Andrew Melnychenko wrote: > > > > > > Who or how the ABI compatibility is preserved between libvirt and Qemu? > > > > There's no real problem with binary compatibility to solve any more. > > > > When libvirt first launches a QEMU VM, it will fetch the eBPF programs > > it needs from that running QEMU using QMP. WHen it later needs to > > enable features that use eBPF, it already has the program data that > > matches the running QEMU > > Ok, then who will validate the eBPF program? I don't think libvirt can > trust what is received from Qemu otherwise arbitrary eBPF programs > could be executed by Qemu in this way. One example is that when guests > escape to Qemu it can modify the rss_bpf__elf_bytes. Though > BPF_PROG_TYPE_SOCKET_FILTER gives some of the restrictions, we still > need to evaluate side effects of this. Or we need to find other ways > like using the binary in libvirt or use rx filter events. As I mentioned, when libvirt first launches QEMU it will fetch the eBPF programs and keep them for later use. At that point the guest CPUs haven't started running, and so QEMU it still sufficiently trustworthy. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|