| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 10 Sep 2014 11:08:40 -0700 From: Alexei Starovoitov <ast@...mgrid.com> To: Daniel Borkmann <dborkman@...hat.com> Cc: "David S. Miller" <davem@...emloft.net>, Ingo Molnar <mingo@...nel.org>, Linus Torvalds <torvalds@...uxfoundation.org>, Andy Lutomirski <luto@...capital.net>, Steven Rostedt <rostedt@...dmis.org>, Hannes Frederic Sowa <hannes@...essinduktion.org>, Chema Gonzalez <chema@...gle.com>, Eric Dumazet <edumazet@...gle.com>, Peter Zijlstra <a.p.zijlstra@...llo.nl>, Pablo Neira Ayuso <pablo@...filter.org>, "H. Peter Anvin" <hpa@...or.com>, Andrew Morton <akpm@...uxfoundation.org>, Kees Cook <keescook@...omium.org>, Linux API <linux-api@...r.kernel.org>, Network Development <netdev@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org> Subject: Re: [PATCH v11 net-next 12/12] bpf: mini eBPF library, test stubs and verifier testsuite On Wed, Sep 10, 2014 at 4:35 AM, Daniel Borkmann <dborkman@...hat.com> wrote: > > Since we already have an extensive BPF test suite, that is, lib/test_bpf.c, > which currently also does sanity checks for the classic BPF verifier, is > there a reason these verifier test cases cannot be extended/integrated there > as well but have to go to kernel/bpf/test_stub.c resp. > samples/bpf/test_verifier.c ? > I don't like that we put testing code into kernel/bpf/ whereas we already > have a BPF test infrastructure in the kernel elsewhere. yes. there is a reason. Verifier needs to be tested from user space, since it works on fds. Process local map_fd are part of the eBPF programs. Therefore one is testing things from kernel and another from userspace. We definitely need both. Currently there is no use case to call verifier from inside the kernel. I'm not sure there will be one. Verifier's main purpose is to check user supplied programs and provide humans an understandable error messages of what is 'unsafe' in particular program. Eventually we will integrate this verifier messages with program compilation. Like, the user would write a program in C then invoke a wrapper of compiler and verifier, which will point to lines in C code which are doing something wrong like loops or out of bounds access. Currently verifier complains about particular 'unsafe' instruction, but humans have hard time correlating asm to C. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists