Re: [RFC PATCH 00/12] Introduce QEMU userspace ebpf support

[Andrew Melnichenko]

Hi all,
Nice idea.
It would be great if future patches would add the BPF map support(if
uBPF allows it).

On Fri, Jun 17, 2022 at 10:51 AM Zhang Chen <chen.zhang@intel.com> wrote:
>
> Hi All,
>
>     The goal of this series is to bring the power of ebpf to QEMU.
> It makes QEMU have the ability to extend the capabilities without
> requiring changing source code. Just need to load the eBPF binary
> file even at VM runtime. And already have some userspace ebpf
> implementation like: Intel DPDK eBPF, windows eBPF, etc..
> The original idea suggested by Jason Wang.
>
>     eBPF is a revolutionary technology with origins in the Linux kernel
> that can run sandboxed programs in an operating system kernel. It is
> used to safely and efficiently extend the capabilities of the kernel
> without requiring to change kernel source code or load kernel
> modules.(from https://ebpf.io/)
>
>     KVM already got benefits from it, but QEMU did not. Hence we want
> to bring the power of eBPF to QEMU. It can load binary eBPF program
> even when VM running. At the same time, add some hooks in QEMU as
> the user space eBPF load point. Do the things on different layers.
>
>    That’s the advantages of kernel eBPF. Most of the functions can be
> implemented in QEMU. This series just a start of the Power of Programmability.
>
>     1). Safety:
>
>     Building on the foundation of seeing and understanding all system
>     calls and combining that with a packet and socket-level view of all
>     networking operations allows for revolutionary new approaches to
>     securing systems.
>
>     2). Tracing & Profiling:
>
>     The ability to attach eBPF programs to trace points as well as kernel
>     and user application probe points allows unprecedented visibility into
>     the runtime behavior of applications and the system itself.
>
>     3). Networking:
>
>     The combination of programmability and efficiency makes eBPF a natural
>     fit for all packet processing requirements of networking solutions.
>
>     4). Observability & Monitoring:
>
>     Instead of relying on static counters and gauges exposed by the
>     perating system, eBPF enables the collection & in-kernel aggregation
>     of custom metrics and generation of visibility events based on a wide
>     range of possible sources.
>
>     QEMU userspace ebpf design based on ubpf project 
> (https://github.com/iovisor/ubpf).
> The most mature userspace ebpf implementation. This project officially
> support by iovisor(Like BCC and bpftrace). This project includes an eBPF
> assembler, disassembler, interpreter (for all platforms), and JIT compiler
> (for x86-64 and Arm64 targets). Qemu userspace ebpf make the ubpf project
> as the git submodule.
>
>     Current implementation support load ebpf program and run it in
> net/filter-ubpf module, this filter can support any user defined rules
> to hanle network packet. At the same time, it's easy for other developers
> to use the ubpf infrastructue in QEMU's other modules from the function
> in /ebpf/ubpf.c, and it support JIT.
>
>     For the uBPF License is Apache License 2.0, It's OK to compatible
> with QEMU’s GPLv2 LICENSE same as mason.
>
>     TODO: Need to add more comments and test-case for ubpf, current
> implementation not include ebpf verifier. But I think maybe it's not
> a big problem, current ebpf load/unload API exposed by QMP command.
> Qemu is a userspace program, if someone want to hack QEMU, no need to
> load a malicious ubpf program, it can hack QEMU code or crash QEMU on
> host directly(different from kernel ebpf needs strict inspection, but
> yes, it still need basic check).
>
> Any comments are welcome.
>
> Thanks
> Chen
>
>
> Zhang Chen (12):
>   configure: Add iovisor/ubpf project as a submodule for QEMU
>   meson: Add ubpf build config and misc
>   ebpf/uBPF: Introduce userspace ebpf data structure
>   ebpf/uBPF: Introduce ubpf initialize functions
>   ebpf/uBPF: Add qemu_prepare_ubpf to load ebpf binary
>   ebpf/uBPF: Add qemu_ubpf_run_once excute real ebpf program
>   net/filter: Introduce filter-ubpf module
>   qapi: Add FilterUbpfProperties and qemu-options
>   softmmu/vl.c: Add filter-ubpf for netdev as other netfilters
>   net/filter-ubpf.c: run the ubpf program to handle network packet
>   docs/devel: Add userspace-ebpf.rst
>   test/qtest: Add ubpf basic test case
>
>  .gitmodules                         |   3 +
>  configure                           |  20 +++
>  docs/devel/userspace-ebpf.rst       | 106 ++++++++++++++
>  ebpf/meson.build                    |   1 +
>  ebpf/ubpf-stub.c                    |  35 +++++
>  ebpf/ubpf.c                         | 217 ++++++++++++++++++++++++++++
>  ebpf/ubpf.h                         |  44 ++++++
>  meson.build                         |  47 ++++++
>  meson_options.txt                   |   3 +
>  net/filter-ubpf.c                   | 185 ++++++++++++++++++++++++
>  net/meson.build                     |   1 +
>  qapi/qom.json                       |  18 +++
>  qemu-options.hx                     |   6 +
>  scripts/coverity-scan/COMPONENTS.md |   3 +
>  scripts/meson-buildoptions.sh       |   5 +
>  softmmu/vl.c                        |   3 +-
>  tests/qtest/demo_ubpf.o             | Bin 0 -> 544 bytes
>  tests/qtest/integer_5.mem           | Bin 0 -> 4 bytes
>  tests/qtest/meson.build             |   3 +-
>  tests/qtest/ubpf-test.c             |  64 ++++++++
>  ubpf                                |   1 +
>  21 files changed, 763 insertions(+), 2 deletions(-)
>  create mode 100644 docs/devel/userspace-ebpf.rst
>  create mode 100644 ebpf/ubpf-stub.c
>  create mode 100644 ebpf/ubpf.c
>  create mode 100644 ebpf/ubpf.h
>  create mode 100644 net/filter-ubpf.c
>  create mode 100644 tests/qtest/demo_ubpf.o
>  create mode 100644 tests/qtest/integer_5.mem
>  create mode 100644 tests/qtest/ubpf-test.c
>  create mode 160000 ubpf
>
> --
> 2.25.1
>