lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <e3e3e6b6-2ce5-2567-2d1c-b006522389bc@fb.com> Date: Fri, 19 May 2017 17:20:58 -0700 From: Alexei Starovoitov <ast@...com> To: David Miller <davem@...emloft.net> CC: <ecree@...arflare.com>, <daniel@...earbox.net>, <alexei.starovoitov@...il.com>, <netdev@...r.kernel.org> Subject: Re: [PATCH v2 1/3] bpf: Use 1<<16 as ceiling for immediate alignment in verifier. On 5/19/17 4:16 PM, David Miller wrote: > From: Alexei Starovoitov <ast@...com> > Date: Fri, 19 May 2017 14:37:56 -0700 > >> On 5/19/17 1:41 PM, David Miller wrote: >>> From: Edward Cree <ecree@...arflare.com> >>> Date: Fri, 19 May 2017 18:17:42 +0100 >>> >>>> One question: is there a way to build the verifier as userland code >>>> (or at least as a module), or will I have to reboot every time I >>>> want to test a change? >>> >>> There currently is no such machanism, you will have to reboot every >>> time. >>> >>> I have considered working on making the code buildable outside of the >>> kernel. It shouldn't be too hard. >> >> it's not hard. >> We did it twice and both times abandoned. >> First time to have 'user space verifier' to check programs before >> loading and second time for fuzzing via llvm. >> Abandoned since it diverges very quickly from kernel. >> > > Well, my idea was the create an environment in which kernel verifier.c > could be built as-is. > > Maybe there would be some small compromises in verifier.c such as an > ifdef test or two, but that should be it. that's exactly what we did the first time. Added few ifdef to verifier.c Second time we went even further by compiling kernel/bpf/verifier.c as-is and linking everything magically via user space hooks all the way that test_verifier.c runs as-is but calling bpf_check() function that was compiled for user space via clang. That code is here: https://github.com/iovisor/bpf-fuzzer It's definitely possible to refresh it and make it work again. My point that unless we put such 'lets build verifier.c for user space' as part of tools/testing/selftests/ or something, such project is destined to bit rot.
Powered by blists - more mailing lists