Thorsten Leemhuis (1/4) · @kernellogger
1998 followers · 1619 posts · Server fosstodon.org

TWIMC, the discussion about the extensible class for the that Peterz rejected[1] slowly continues:

Mel Gorman recently shared his view and is "opposed to it conceptually": lore.kernel.org/all/2023081712

Josh Don meanwhile "reiterated Google’s support for this proposal": lore.kernel.org/all/CABk29Nt_i

[1] lore.kernel.org/all/2023072609

#bpf #linux #kernel #linuxkernel #scheduler

Last updated 1 year ago

Djalal Harouni · @djalaltix
14 followers · 7 posts · Server fosstodon.org

Kernel Patching with Yaml!

Short post: preventing last overlayfs privilege escalations CVE-2023-2640 with Yaml (bpf) on Ubuntu kernels

djalal.opendz.org/post/prevent

#Tetragon #bpf

Last updated 1 year ago

Peter Czanik · @PCzanik
294 followers · 518 posts · Server fosstodon.org

I just pushed syslog-ng 4.3.0 to @fedora Rawhide. Thanks to @bazsi, the dependency on the long time EoL pcre was finally replaced with pcre2. Along the way support for accelerated UDP source and @opentelemetry support were added:

github.com/syslog-ng/syslog-ng

#bpf #fedora

Last updated 1 year ago

donaldh · @donaldh
9 followers · 222 posts · Server hachyderm.io
Thorsten Leemhuis (1/4) · @kernellogger
1833 followers · 1408 posts · Server fosstodon.org

LOL:

```But the mptcpize (LD_PRELOAD technique) command has some limitations […]

- it is not in , we cannot talk about it at netdev conf. […]```

/me wonders what this kind of argument should be called; "appeal to cool technology" maybe?

Source: "[RFC bpf-next 0/8] BPF 'force to MPTCP'"
lore.kernel.org/mptcp/cover.16

#bpf #linux #kernel #ebpf #linuxkernel #mptcp

Last updated 1 year ago

Thorsten Leemhuis (1/4) · @kernellogger
1833 followers · 1408 posts · Server fosstodon.org

Introducing bpftune for lightweight, always-on auto-tuning of system behaviour – blogs.oracle.com/linux/post/in

Alan Maguire writes:

```Introducing bpftune, an automatic configurator that monitors your workloads and sets the correct [] parameter values! […] using […] pluggable infrastructure that is open to contributions. […]```

#linux #kernel #bpf #ebpf #linuxkernel

Last updated 1 year ago

Dave Marquardt · @davemq
61 followers · 421 posts · Server fosstodon.org

Oh, as a long time TCP/IP guy who used and ported the original , it's a little annoying that the original BPF in BSD and other systems is ignored in most information about . @brendangregg's books give BPF its due, though.

#bpf #ebpf

Last updated 1 year ago

Galder Zamarreño · @galderz
8 followers · 26 posts · Server tooting.ch
Stéphane Bortzmeyer · @bortzmeyer
8168 followers · 78131 posts · Server mastodon.gougere.fr

people now (running sandboxed programs in the kernel). Part of the effort to standardize BPF. Of course, at IETF, the focus is on BPF for networking.
Patches to the Linux kernel implementation.
ebpf.io/

#bpf

Last updated 2 years ago

Thorsten Leemhuis (1/4) · @kernellogger
1600 followers · 876 posts · Server fosstodon.org

Tejun posted v3 of the BPF extensible scheduler class for the , which allows scheduling policies to be implemented as /#eBPF programs.

lore.kernel.org/all/2023031721

#linux #kernel #bpf #linuxkernel

Last updated 2 years ago

Thorsten Leemhuis (1/4) · @kernellogger
1543 followers · 732 posts · Server fosstodon.org

After a backslash ~ten weeks ago HID- now was finally merged for 6.3 with the main HID merge: git.kernel.org/torvalds/c/6c71 :

- this allows to start using HID-BPF. Note that the mechanism to ship HID-BPF program through the kernel tree is still not implemented yet (but is planned).

- Logitech HID++ fixes for scroll wheel, protocol and debug

- Some new device support: Steam Deck, UClogic, Logitech G923 Xbox Edition steering wheel, EVision keyboards

#bpf #linux #kernel

Last updated 2 years ago

stribika · @stribika
24 followers · 96 posts · Server infosec.exchange

Here is the problem, as far as I can tell. There are 2 different "BPF" variants: and . What calls BPF is in fact eBPF, while only understands non-e BPF.

This was a horrible experience and a complete waste of time. If I need a compiler for security policies, you fucked up and should reconsider the design. (Remember selinux?) If I have to handcraft security policy bytecode, then my choice is between SECCOMP_MODE_STRICT or nothing.

Thank you for coming to my ted talk.

#bpf #ebpf #llvm #seccomp

Last updated 2 years ago

Thorsten Leemhuis (1/4) · @kernellogger
1501 followers · 603 posts · Server fosstodon.org

Florian Westphal submitted an RFC patchset adding "minimal support to hook programs to hooks, e.g. PREROUTING or FORWARD."

lore.kernel.org/all/2023020816

#bpf #netfilter #linux #kernel #linuxkernel #ebpf

Last updated 2 years ago

Knomfr · @stuartdi
40 followers · 182 posts · Server ioc.exchange

While this article is selling a product, it is a good explainer on how eBPF could trigger on an event in a security context. sentinelone.com/blog/the-advan my understanding of map is a little better.

I’ve put Ida study on hold while I gain a deeper understanding of BPF. As I’ve mentioned, I’m just a part time hobbyist. Feel free to critique away anything I toot.

#bpf

Last updated 2 years ago

A thinking meat · @saint
419 followers · 1226 posts · Server river.group.lt

Somehow BPF has hyped me and I want to see more usage of it, tools, teachings on how things work and people using it more for sysadmin tasks. (Reading vncz.js.org/ebpf/)

#bpf #ebpf

Last updated 2 years ago

Vincent Batts · @vbatts
664 followers · 1317 posts · Server fosstodon.org
Thorsten Leemhuis (1/4) · @kernellogger
1455 followers · 535 posts · Server fosstodon.org

Tejun posted v2 of the patchset[1] that allows influencing process scheduler decisions with /#eBPF programs:

lore.kernel.org/all/2023012800

[1] it's called the "sched_ext (SCX) patchset", which "implements BPF extensible scheduler class"

#linux #kernel #bpf #linuxkernel

Last updated 2 years ago

Knomfr · @stuartdi
41 followers · 176 posts · Server ioc.exchange

Detecting kernel exploits with youtu.be/QTZvabExQ1I from speaker points out there are multiple points of failure with this approach. Author of open source tool KRIe github.com/Gui774ume/krie

#bpf #ebpf #blackhat2022

Last updated 2 years ago

Knomfr · @stuartdi
40 followers · 174 posts · Server ioc.exchange

Harnessing the eBPF Verifier blog.trailofbits.com/2023/01/1 An interesting proof of concept for verifying interoperability with different kernel versions. Lays out challenges and solutions. Thanks for a great article.

#bpf

Last updated 2 years ago

Thorsten Leemhuis (1/4) · @kernellogger
1424 followers · 482 posts · Server fosstodon.org