Hi all, Nice idea. It would be great if future patches would add the BPF map support(if uBPF allows it).
On Fri, Jun 17, 2022 at 10:51 AM Zhang Chen <chen.zh...@intel.com> wrote: > > Hi All, > > The goal of this series is to bring the power of ebpf to QEMU. > It makes QEMU have the ability to extend the capabilities without > requiring changing source code. Just need to load the eBPF binary > file even at VM runtime. And already have some userspace ebpf > implementation like: Intel DPDK eBPF, windows eBPF, etc.. > The original idea suggested by Jason Wang. > > eBPF is a revolutionary technology with origins in the Linux kernel > that can run sandboxed programs in an operating system kernel. It is > used to safely and efficiently extend the capabilities of the kernel > without requiring to change kernel source code or load kernel > modules.(from https://ebpf.io/) > > KVM already got benefits from it, but QEMU did not. Hence we want > to bring the power of eBPF to QEMU. It can load binary eBPF program > even when VM running. At the same time, add some hooks in QEMU as > the user space eBPF load point. Do the things on different layers. > > That’s the advantages of kernel eBPF. Most of the functions can be > implemented in QEMU. This series just a start of the Power of Programmability. > > 1). Safety: > > Building on the foundation of seeing and understanding all system > calls and combining that with a packet and socket-level view of all > networking operations allows for revolutionary new approaches to > securing systems. > > 2). Tracing & Profiling: > > The ability to attach eBPF programs to trace points as well as kernel > and user application probe points allows unprecedented visibility into > the runtime behavior of applications and the system itself. > > 3). Networking: > > The combination of programmability and efficiency makes eBPF a natural > fit for all packet processing requirements of networking solutions. > > 4). Observability & Monitoring: > > Instead of relying on static counters and gauges exposed by the > perating system, eBPF enables the collection & in-kernel aggregation > of custom metrics and generation of visibility events based on a wide > range of possible sources. > > QEMU userspace ebpf design based on ubpf project > (https://github.com/iovisor/ubpf). > The most mature userspace ebpf implementation. This project officially > support by iovisor(Like BCC and bpftrace). This project includes an eBPF > assembler, disassembler, interpreter (for all platforms), and JIT compiler > (for x86-64 and Arm64 targets). Qemu userspace ebpf make the ubpf project > as the git submodule. > > Current implementation support load ebpf program and run it in > net/filter-ubpf module, this filter can support any user defined rules > to hanle network packet. At the same time, it's easy for other developers > to use the ubpf infrastructue in QEMU's other modules from the function > in /ebpf/ubpf.c, and it support JIT. > > For the uBPF License is Apache License 2.0, It's OK to compatible > with QEMU’s GPLv2 LICENSE same as mason. > > TODO: Need to add more comments and test-case for ubpf, current > implementation not include ebpf verifier. But I think maybe it's not > a big problem, current ebpf load/unload API exposed by QMP command. > Qemu is a userspace program, if someone want to hack QEMU, no need to > load a malicious ubpf program, it can hack QEMU code or crash QEMU on > host directly(different from kernel ebpf needs strict inspection, but > yes, it still need basic check). > > Any comments are welcome. > > Thanks > Chen > > > Zhang Chen (12): > configure: Add iovisor/ubpf project as a submodule for QEMU > meson: Add ubpf build config and misc > ebpf/uBPF: Introduce userspace ebpf data structure > ebpf/uBPF: Introduce ubpf initialize functions > ebpf/uBPF: Add qemu_prepare_ubpf to load ebpf binary > ebpf/uBPF: Add qemu_ubpf_run_once excute real ebpf program > net/filter: Introduce filter-ubpf module > qapi: Add FilterUbpfProperties and qemu-options > softmmu/vl.c: Add filter-ubpf for netdev as other netfilters > net/filter-ubpf.c: run the ubpf program to handle network packet > docs/devel: Add userspace-ebpf.rst > test/qtest: Add ubpf basic test case > > .gitmodules | 3 + > configure | 20 +++ > docs/devel/userspace-ebpf.rst | 106 ++++++++++++++ > ebpf/meson.build | 1 + > ebpf/ubpf-stub.c | 35 +++++ > ebpf/ubpf.c | 217 ++++++++++++++++++++++++++++ > ebpf/ubpf.h | 44 ++++++ > meson.build | 47 ++++++ > meson_options.txt | 3 + > net/filter-ubpf.c | 185 ++++++++++++++++++++++++ > net/meson.build | 1 + > qapi/qom.json | 18 +++ > qemu-options.hx | 6 + > scripts/coverity-scan/COMPONENTS.md | 3 + > scripts/meson-buildoptions.sh | 5 + > softmmu/vl.c | 3 +- > tests/qtest/demo_ubpf.o | Bin 0 -> 544 bytes > tests/qtest/integer_5.mem | Bin 0 -> 4 bytes > tests/qtest/meson.build | 3 +- > tests/qtest/ubpf-test.c | 64 ++++++++ > ubpf | 1 + > 21 files changed, 763 insertions(+), 2 deletions(-) > create mode 100644 docs/devel/userspace-ebpf.rst > create mode 100644 ebpf/ubpf-stub.c > create mode 100644 ebpf/ubpf.c > create mode 100644 ebpf/ubpf.h > create mode 100644 net/filter-ubpf.c > create mode 100644 tests/qtest/demo_ubpf.o > create mode 100644 tests/qtest/integer_5.mem > create mode 100644 tests/qtest/ubpf-test.c > create mode 160000 ubpf > > -- > 2.25.1 >