lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 19 Dec 2018 10:29:11 -0800
From:   Jakub Kicinski <jakub.kicinski@...ronome.com>
To:     alexei.starovoitov@...il.com, daniel@...earbox.net
Cc:     oss-drivers@...ronome.com, netdev@...r.kernel.org,
        Jakub Kicinski <jakub.kicinski@...ronome.com>
Subject: [PATCH bpf-next 00/19] bpf: JSET tests and dead code elimination

Hi!

This set starts with adding functional tests for JSET instruction.
Next verifier's understanding of JSET is improved and relevant tests
follow.  These changes allow for better dead code elimination.

Dead code removal is the next part.  For root user only all code deemed
dead by the verifier path walk is removed.  Conditional branches which
land on dead code are converted to unconditional jumps, and unconditional
jumps by 0 are removed (these most likely result from earlier dead code
elimination).

Advanced JITs need to be informed about those optimizations, as they
build up their state prior to verification.

First nfp patch is a slight clarification to the code, to avoid
confusion.  Next skip marking is split per reason.  We use skip flag
to mark BPF instructions which won't be reflected in NFP machine code.
There are safety checks which should only apply to some types of skips
so we need a way to express the reason instruction is skipped.  Next
JSET code gen is improved.  And finally we take advantage of the dead
code elimination added to the verifier.

Jakub Kicinski (19):
  selftests: bpf: add trivial JSET tests
  bpf: verifier: teach the verifier to reason about the BPF_JSET
    instruction
  selftests: bpf: verifier: add tests for JSET interpretation
  bpf: verifier: reorder stack size check with dead code sanitization
  bpf: change parameters of call/branch offset adjustment
  bpf: verifier: hard wire branches to dead code
  bpf: verifier: remove dead code
  bpf: verifier: remove unconditional branches by 0
  selftests: bpf: add tests for dead code removal
  selftests: bpf: add missing executables to .gitignore
  bpf: verifier: record original instruction index
  bpf: notify offload JITs about optimizations
  nfp: bpf: don't use instruction number for jump target
  nfp: bpf: split up the skip flag
  nfp: bpf: remove the trivial JSET optimization
  nfp: bpf: optimize codegen for JSET with a constant
  nfp: bpf: save original program length
  nfp: bpf: support optimizing dead branches
  nfp: bpf: support removing dead code

 drivers/net/ethernet/netronome/nfp/bpf/jit.c  |  69 ++-
 drivers/net/ethernet/netronome/nfp/bpf/main.h |  33 +-
 .../net/ethernet/netronome/nfp/bpf/offload.c  |   5 +-
 .../net/ethernet/netronome/nfp/bpf/verifier.c |  63 ++-
 include/linux/bpf.h                           |   7 +
 include/linux/bpf_verifier.h                  |   6 +
 include/linux/filter.h                        |   1 +
 kernel/bpf/core.c                             |  52 +-
 kernel/bpf/offload.c                          |  35 ++
 kernel/bpf/verifier.c                         | 241 ++++++++-
 tools/testing/selftests/bpf/.gitignore        |   1 +
 tools/testing/selftests/bpf/test_btf.c        | 138 +++++-
 tools/testing/selftests/bpf/test_verifier.c   | 465 ++++++++++++++++--
 13 files changed, 1006 insertions(+), 110 deletions(-)

-- 
2.19.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ