On Thu, 17 Oct 2019, David Miller wrote: > From: Sebastian Andrzej Siewior <bigeasy@xxxxxxxxxxxxx> > Date: Thu, 17 Oct 2019 17:40:21 +0200 > > > On 2019-10-17 16:53:58 [+0200], Daniel Borkmann wrote: > >> On Thu, Oct 17, 2019 at 11:05:01AM +0200, Sebastian Andrzej Siewior wrote: > >> > Disable BPF on PREEMPT_RT because > >> > - it allocates and frees memory in atomic context > >> > - it uses up_read_non_owner() > >> > - BPF_PROG_RUN() expects to be invoked in non-preemptible context > >> > >> For the latter you'd also need to disable seccomp-BPF and everything > >> cBPF related as they are /all/ invoked via BPF_PROG_RUN() ... > > > > I looked at tracing and it depended on BPF_SYSCALL so I assumed they all > > do… Now looking for BPF_PROG_RUN() there is PPP_FILTER, > > NET_TEAM_MODE_LOADBALANCE and probably more. I didn't find a symbol for > > seccomp-BPF. > > Would it make sense to override BPF_PROG_RUN() and make each caller fail > > instead? Other recommendations? > > I hope you understand that basically you are disabling any packet sniffing > on the system with this patch you are proposing. > > This means no tcpdump, not wireshark, etc. They will all become > non-functional. Just for the record. tcpdump and wireshark work perfectly fine on a BPF disabled kernel at least in the limited way I am using them. They might become non functional in a decade from now but I assume that we find a solution for those problems until then. Thanks, tglx
