lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Thu, 24 Jul 2014 12:25:02 -0700
From:	Alexei Starovoitov <>
To:	Andy Lutomirski <>
Cc:	"David S. Miller" <>,
	Ingo Molnar <>,
	Linus Torvalds <>,
	Steven Rostedt <>,
	Daniel Borkmann <>,
	Chema Gonzalez <>,
	Eric Dumazet <>,
	Peter Zijlstra <>,
	Arnaldo Carvalho de Melo <>,
	Jiri Olsa <>,
	Thomas Gleixner <>,
	"H. Peter Anvin" <>,
	Andrew Morton <>,
	Kees Cook <>,
	Linux API <>,
	Network Development <>,
	"" <>
Subject: Re: [PATCH RFC v2 net-next 10/16] bpf: add eBPF verifier

On Thu, Jul 24, 2014 at 11:25 AM, Andy Lutomirski <> wrote:
> On Thu, Jul 17, 2014 at 9:20 PM, Alexei Starovoitov <> wrote:
>> Safety of eBPF programs is statically determined by the verifier, which detects:
>> - loops
>> - out of range jumps
>> - unreachable instructions
>> - invalid instructions
>> - uninitialized register access
>> - uninitialized stack access
>> - misaligned stack access
>> - out of range stack access
>> - invalid calling convention
> Is there something that documents exactly what conditions an eBPF
> program must satisfy in order to be considered valid?

I did a writeup in the past on things that verifiers checks and gave it
to internal folks to review. Guys have said that now they understand very
well how it works, but in reality it didn't help at all to write valid programs.
What worked is 'verification trace' = the instruction by instruction dump
of verifier state while it's analyzing the program.
I gave few simple examples of it in
'Understanding eBPF verifier messages' section:
Every example there is what "program must satisfy to be valid"...

Therefore I'm addressing two things:
1. how verifier works and what it checks for.
  that is described in 'eBPF verifier' section of the doc and
  in 200 lines of comments inside verifier.c
2. how to write valid programs
 that's more important one, since it's a key to happy users.
 'verification trace' is the first step. I'm planning to add debug info and
 user space tool that points out to line in C instead of assembler trace.
 In other words to bring errors to user as early as possible during
 compilation process.
 This is not a concern when programs are written in assembler,
 since the programs will be much shorter and thought through by
 the author. However I don't think there will be too many users
 willing to understand ebpf assembler.

I suspect you're more concerned about #1 at this point whereas
I'm concerned about #2.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

Powered by blists - more mailing lists