| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 17 Jan 2018 02:01:28 +0100
From: Daniel Borkmann <daniel@...earbox.net>
To: davem@...emloft.net
Cc: daniel@...earbox.net, ast@...nel.org, netdev@...r.kernel.org
Subject: pull-request: bpf-next 2018-01-17
Hi David,
The following pull-request contains BPF updates for your *net-next* tree.
The main changes are:
1) Add initial BPF map offloading for nfp driver. Currently only
programs were supported so far w/o being able to access maps.
Offloaded programs are right now only allowed to perform map
lookups, and control path is responsible for populating the
maps. BPF core infrastructure along with nfp implementation is
provided, from Jakub.
2) Various follow-ups to Josef's BPF error injections. More
specifically that includes: properly check whether the error
injectable event is on function entry or not, remove the percpu
bpf_kprobe_override and rather compare instruction pointer
with original one, separate error-injection from kprobes since
it's not limited to it, add injectable error types in order to
specify what is the expected type of failure, and last but not
least also support the kernel's fault injection framework, all
from Masami.
3) Various misc improvements and cleanups to the libbpf Makefile.
That is, fix permissions when installing BPF header files, remove
unused variables and functions, and also install the libbpf.h
header, from Jesper.
4) When offloading to nfp JIT and the BPF insn is unsupported in the
JIT, then reject right at verification time. Also fix libbpf with
regards to ELF section name matching by properly treating the
program type as prefix. Both from Quentin.
5) Add -DPACKAGE to bpftool when including bfd.h for the disassembler.
This is needed, for example, when building libfd from source as
bpftool doesn't supply a config.h for bfd.h. Fix from Jiong.
6) xdp_convert_ctx_access() is simplified since it doesn't need to
set target size during verification, from Jesper.
7) Let bpftool properly recognize BPF_PROG_TYPE_CGROUP_DEVICE
program types, from Roman.
8) Various functions in BPF cpumap were not declared static, from Wei.
9) Fix a double semicolon in BPF samples, from Luis.
Please consider pulling these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git
Thanks a lot!
----------------------------------------------------------------
The following changes since commit 6bd39bc3da0f4a301fae69c4a32db2768f5118be:
Merge branch 'hns3-add-some-new-features-and-fix-some-bugs' (2018-01-12 10:12:33 -0500)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git
for you to fetch changes up to e8a9d9683c8a62f917c19e57f1618363fb9ed04e:
Merge branch 'bpf-libbpf-cleanups' (2018-01-17 01:18:12 +0100)
----------------------------------------------------------------
Alexei Starovoitov (1):
Merge branch 'error-injection'
Daniel Borkmann (3):
Merge branch 'bpf-nfp-map-offload'
Merge branch 'bpf-various-improvements'
Merge branch 'bpf-libbpf-cleanups'
Jakub Kicinski (18):
bpf: add map_alloc_check callback
bpf: hashtab: move attribute validation before allocation
bpf: hashtab: move checks out of alloc function
bpf: add helper for copying attrs to struct bpf_map
bpf: rename bpf_dev_offload -> bpf_prog_offload
bpf: offload: factor out netdev checking at allocation time
bpf: offload: add map offload infrastructure
nfp: bpf: add map data structure
nfp: bpf: add basic control channel communication
nfp: bpf: implement helpers for FW map ops
nfp: bpf: parse function call and map capabilities
nfp: bpf: add helpers for updating immediate instructions
nfp: bpf: add verification and codegen for map lookups
nfp: bpf: add support for reading map memory
nfp: bpf: implement bpf map offload
bpf: offload: make bpf_offload_dev_match() reject host+host case
bpf: annotate bpf_insn_print_t with __printf
nfp: bpf: print map lookup problems into verifier log
Jesper Dangaard Brouer (4):
bpf: simplify xdp_convert_ctx_access for xdp_rxq_info
libbpf: install the header file libbpf.h
libbpf: cleanup Makefile, remove unused elements
libbpf: Makefile set specified permission mode
Jiong Wang (1):
tools: bpftool: add -DPACKAGE when including bfd.h
Luis de Bethencourt (1):
samples/bpf: Fix trailing semicolon
Masami Hiramatsu (5):
tracing/kprobe: bpf: Check error injectable event is on function entry
tracing/kprobe: bpf: Compare instruction pointer with original one
error-injection: Separate error-injection from kprobe
error-injection: Add injectable error types
error-injection: Support fault injection framework
Quentin Monnet (2):
libbpf: fix string comparison for guessing eBPF program type
nfp: bpf: reject program on instructions unknown to the JIT compiler
Roman Gushchin (1):
bpftool: recognize BPF_PROG_TYPE_CGROUP_DEVICE programs
Wei Yongjun (1):
bpf: cpumap: make some functions static
Documentation/fault-injection/fault-injection.txt | 68 ++++
arch/Kconfig | 2 +-
arch/x86/Kconfig | 2 +-
arch/x86/include/asm/error-injection.h | 13 +
arch/x86/include/asm/kprobes.h | 4 +-
arch/x86/kernel/kprobes/ftrace.c | 14 -
arch/x86/lib/Makefile | 1 +
arch/x86/lib/error-inject.c | 19 +
drivers/net/ethernet/netronome/nfp/Makefile | 1 +
drivers/net/ethernet/netronome/nfp/bpf/cmsg.c | 446 +++++++++++++++++++++
drivers/net/ethernet/netronome/nfp/bpf/fw.h | 103 +++++
drivers/net/ethernet/netronome/nfp/bpf/jit.c | 168 +++++++-
drivers/net/ethernet/netronome/nfp/bpf/main.c | 60 ++-
drivers/net/ethernet/netronome/nfp/bpf/main.h | 96 ++++-
drivers/net/ethernet/netronome/nfp/bpf/offload.c | 106 ++++-
drivers/net/ethernet/netronome/nfp/bpf/verifier.c | 55 +++
drivers/net/ethernet/netronome/nfp/nfp_app.h | 9 +
drivers/net/ethernet/netronome/nfp/nfp_asm.c | 58 +++
drivers/net/ethernet/netronome/nfp/nfp_asm.h | 4 +
drivers/net/ethernet/netronome/nfp/nfp_net.h | 12 +
.../net/ethernet/netronome/nfp/nfp_net_common.c | 7 +
fs/btrfs/disk-io.c | 4 +-
fs/btrfs/free-space-cache.c | 4 +-
include/asm-generic/error-injection.h | 35 ++
include/asm-generic/vmlinux.lds.h | 14 +-
include/linux/bpf.h | 76 +++-
include/linux/error-injection.h | 27 ++
include/linux/kprobes.h | 1 -
include/linux/module.h | 7 +-
include/linux/netdevice.h | 6 +
include/uapi/linux/bpf.h | 3 +-
kernel/Makefile | 1 +
kernel/bpf/cpumap.c | 31 +-
kernel/bpf/devmap.c | 8 +-
kernel/bpf/disasm.h | 4 +-
kernel/bpf/hashtab.c | 103 +++--
kernel/bpf/lpm_trie.c | 7 +-
kernel/bpf/offload.c | 222 +++++++++-
kernel/bpf/sockmap.c | 8 +-
kernel/bpf/stackmap.c | 6 +-
kernel/bpf/syscall.c | 71 +++-
kernel/bpf/verifier.c | 7 +
kernel/fail_function.c | 349 ++++++++++++++++
kernel/kprobes.c | 163 --------
kernel/module.c | 8 +-
kernel/trace/Kconfig | 4 +-
kernel/trace/bpf_trace.c | 11 +-
kernel/trace/trace_kprobe.c | 33 +-
kernel/trace/trace_probe.h | 12 +-
lib/Kconfig.debug | 14 +
lib/Makefile | 1 +
lib/error-inject.c | 242 +++++++++++
net/core/filter.c | 7 +-
samples/bpf/xdp_monitor_kern.c | 2 +-
tools/bpf/bpftool/Makefile | 2 +-
tools/bpf/bpftool/prog.c | 1 +
tools/build/feature/Makefile | 2 +-
tools/include/uapi/linux/bpf.h | 1 +
tools/lib/bpf/Makefile | 20 +-
tools/lib/bpf/libbpf.c | 2 +-
60 files changed, 2365 insertions(+), 402 deletions(-)
create mode 100644 arch/x86/include/asm/error-injection.h
create mode 100644 arch/x86/lib/error-inject.c
create mode 100644 drivers/net/ethernet/netronome/nfp/bpf/cmsg.c
create mode 100644 include/asm-generic/error-injection.h
create mode 100644 include/linux/error-injection.h
create mode 100644 kernel/fail_function.c
create mode 100644 lib/error-inject.c
Powered by blists - more mailing lists