| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 18 Dec 2017 01:33:07 +0100
From: Daniel Borkmann <daniel@...earbox.net>
To: davem@...emloft.net
Cc: daniel@...earbox.net, ast@...nel.org, netdev@...r.kernel.org
Subject: pull-request: bpf-next 2017-12-18
Hi David,
The following pull-request contains BPF updates for your *net-next* tree.
The main changes are:
1) Allow arbitrary function calls from one BPF function to another BPF function.
As of today when writing BPF programs, __always_inline had to be used in
the BPF C programs for all functions, unnecessarily causing LLVM to inflate
code size. Handle this more naturally with support for BPF to BPF calls
such that this __always_inline restriction can be overcome. As a result,
it allows for better optimized code and finally enables to introduce core
BPF libraries in the future that can be reused out of different projects.
x86 and arm64 JIT support was added as well, from Alexei.
2) Add infrastructure for tagging functions as error injectable and allow for
BPF to return arbitrary error values when BPF is attached via kprobes on
those. This way of injecting errors generically eases testing and debugging
without having to recompile or restart the kernel. Tags for opting-in for
this facility are added with BPF_ALLOW_ERROR_INJECTION(), from Josef.
3) For BPF offload via nfp JIT, add support for bpf_xdp_adjust_head() helper
call for XDP programs. First part of this work adds handling of BPF
capabilities included in the firmware, and the later patches add support
to the nfp verifier part and JIT as well as some small optimizations,
from Jakub.
4) The bpftool now also gets support for basic cgroup BPF operations such
as attaching, detaching and listing current BPF programs. As a requirement
for the attach part, bpftool can now also load object files through
'bpftool prog load'. This reuses libbpf which we have in the kernel tree
as well. bpftool-cgroup man page is added along with it, from Roman.
5) Back then commit e87c6bc3852b ("bpf: permit multiple bpf attachments for
a single perf event") added support for attaching multiple BPF programs
to a single perf event. Given they are configured through perf's ioctl()
interface, the interface has been extended with a PERF_EVENT_IOC_QUERY_BPF
command in this work in order to return an array of one or multiple BPF
prog ids that are currently attached, from Yonghong.
6) Various minor fixes and cleanups to the bpftool's Makefile as well
as a new 'uninstall' and 'doc-uninstall' target for removing bpftool
itself or prior installed documentation related to it, from Quentin.
7) Add CONFIG_CGROUP_BPF=y to the BPF kernel selftest config file which is
required for the test_dev_cgroup test case to run, from Naresh.
8) Fix reporting of XDP prog_flags for nfp driver, from Jakub.
9) Fix libbpf's exit code from the Makefile when libelf was not found in
the system, also from Jakub.
Please consider pulling these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git
Thanks a lot!
----------------------------------------------------------------
The following changes since commit 62cd277039a3413604f486f0ca87faec810d7bb7:
Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next (2017-12-08 10:48:25 -0500)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git
for you to fetch changes up to 46df3d209db080395a98fc0875bd05e45e8f44e0:
trace: reenable preemption if we modify the ip (2017-12-17 20:47:32 +0100)
----------------------------------------------------------------
Alexei Starovoitov (14):
Merge branch 'bpf-tracing-multiprog-tp-query'
Merge branch 'bpf-override-return'
bpf: introduce function calls (function boundaries)
bpf: introduce function calls (verification)
selftests/bpf: add verifier tests for bpf_call
bpf: teach verifier to recognize zero initialized stack
selftests/bpf: add tests for stack_zero tracking
libbpf: add support for bpf_call
selftests/bpf: add bpf_call test
selftests/bpf: add xdp noinline test
bpf: add support for bpf_call to interpreter
bpf: fix net.core.bpf_jit_enable race
bpf: x64: add JIT support for multi-function programs
bpf: arm64: add JIT support for multi-function programs
Daniel Borkmann (5):
Merge branch 'bpf-bpftool-makefile-cleanups'
Merge branch 'bpf-bpftool-cgroup-ops'
Merge branch 'bpf-nfp-jit-adjust-head-support'
selftests/bpf: additional bpf_call tests
Merge branch 'bpf-to-bpf-function-calls'
Jakub Kicinski (8):
nfp: add nfp_cpp_area_size() accessor
nfp: bpf: prepare for parsing BPF FW capabilities
nfp: bpf: prepare for call support
nfp: bpf: add basic support for adjust head call
nfp: bpf: optimize the adjust_head calls in trivial cases
nfp: bpf: correct printk formats for size_t
libbpf: fix Makefile exit code if libelf not found
nfp: set flags in the correct member of netdev_bpf
Josef Bacik (6):
add infrastructure for tagging functions as error injectable
btrfs: make open_ctree error injectable
bpf: add a bpf_override_function helper
samples/bpf: add a test for bpf_override_return
btrfs: allow us to inject errors at io_ctl_init
trace: reenable preemption if we modify the ip
Naresh Kamboju (1):
selftests: bpf: Adding config fragment CONFIG_CGROUP_BPF=y
Quentin Monnet (2):
tools: bpftool: harmonise Makefile and Documentation/Makefile
tools: bpftool: create "uninstall", "doc-uninstall" make targets
Roman Gushchin (4):
libbpf: add ability to guess program type based on section name
libbpf: prefer global symbols as bpf program name source
bpftool: implement prog load command
bpftool: implement cgroup bpf operations
Yonghong Song (3):
bpf/tracing: allow user space to query prog array on the same tp
bpf/tracing: add a bpf test for new ioctl query interface
bpf/tracing: fix kernel/events/core.c compilation error
arch/Kconfig | 3 +
arch/arm/net/bpf_jit_32.c | 2 +-
arch/arm64/net/bpf_jit_comp.c | 70 +-
arch/mips/net/ebpf_jit.c | 2 +-
arch/powerpc/net/bpf_jit_comp64.c | 2 +-
arch/s390/net/bpf_jit_comp.c | 2 +-
arch/sparc/net/bpf_jit_comp_64.c | 2 +-
arch/x86/Kconfig | 1 +
arch/x86/include/asm/kprobes.h | 4 +
arch/x86/include/asm/ptrace.h | 5 +
arch/x86/kernel/kprobes/ftrace.c | 14 +
arch/x86/net/bpf_jit_comp.c | 49 +-
drivers/net/ethernet/netronome/nfp/bpf/fw.h | 54 +
drivers/net/ethernet/netronome/nfp/bpf/jit.c | 107 ++
drivers/net/ethernet/netronome/nfp/bpf/main.c | 115 ++
drivers/net/ethernet/netronome/nfp/bpf/main.h | 30 +
drivers/net/ethernet/netronome/nfp/bpf/offload.c | 2 +
drivers/net/ethernet/netronome/nfp/bpf/verifier.c | 70 +
drivers/net/ethernet/netronome/nfp/nfp_asm.h | 2 +
.../net/ethernet/netronome/nfp/nfp_net_common.c | 2 +-
.../net/ethernet/netronome/nfp/nfpcore/nfp_cpp.h | 1 +
.../ethernet/netronome/nfp/nfpcore/nfp_cppcore.c | 11 +
fs/btrfs/disk-io.c | 2 +
fs/btrfs/free-space-cache.c | 2 +
include/asm-generic/vmlinux.lds.h | 10 +
include/linux/bpf.h | 18 +
include/linux/bpf_verifier.h | 45 +-
include/linux/filter.h | 16 +-
include/linux/kprobes.h | 1 +
include/linux/module.h | 5 +
include/linux/trace_events.h | 7 +
include/uapi/linux/bpf.h | 13 +-
include/uapi/linux/perf_event.h | 22 +
kernel/bpf/core.c | 128 +-
kernel/bpf/disasm.c | 8 +-
kernel/bpf/syscall.c | 3 +-
kernel/bpf/verifier.c | 1122 +++++++++++---
kernel/events/core.c | 10 +
kernel/kprobes.c | 163 ++
kernel/module.c | 6 +-
kernel/trace/Kconfig | 11 +
kernel/trace/bpf_trace.c | 58 +
kernel/trace/trace_kprobe.c | 64 +-
kernel/trace/trace_probe.h | 12 +
samples/bpf/Makefile | 4 +
samples/bpf/test_override_return.sh | 15 +
samples/bpf/tracex7_kern.c | 16 +
samples/bpf/tracex7_user.c | 28 +
tools/bpf/bpftool/Documentation/Makefile | 30 +-
tools/bpf/bpftool/Documentation/bpftool-cgroup.rst | 118 ++
tools/bpf/bpftool/Documentation/bpftool-map.rst | 2 +-
tools/bpf/bpftool/Documentation/bpftool-prog.rst | 12 +-
tools/bpf/bpftool/Documentation/bpftool.rst | 8 +-
tools/bpf/bpftool/Makefile | 61 +-
tools/bpf/bpftool/cgroup.c | 307 ++++
tools/bpf/bpftool/common.c | 71 +-
tools/bpf/bpftool/main.c | 3 +-
tools/bpf/bpftool/main.h | 2 +
tools/bpf/bpftool/prog.c | 29 +-
tools/include/uapi/linux/bpf.h | 13 +-
tools/include/uapi/linux/perf_event.h | 22 +
tools/lib/bpf/Makefile | 4 +-
tools/lib/bpf/bpf.h | 2 +-
tools/lib/bpf/libbpf.c | 199 ++-
tools/scripts/Makefile.include | 1 +
tools/testing/selftests/bpf/Makefile | 12 +-
tools/testing/selftests/bpf/bpf_helpers.h | 3 +-
tools/testing/selftests/bpf/config | 1 +
tools/testing/selftests/bpf/test_l4lb_noinline.c | 473 ++++++
tools/testing/selftests/bpf/test_progs.c | 228 ++-
tools/testing/selftests/bpf/test_tracepoint.c | 26 +
tools/testing/selftests/bpf/test_verifier.c | 1624 +++++++++++++++++++-
tools/testing/selftests/bpf/test_xdp_noinline.c | 833 ++++++++++
73 files changed, 6071 insertions(+), 352 deletions(-)
create mode 100644 drivers/net/ethernet/netronome/nfp/bpf/fw.h
create mode 100755 samples/bpf/test_override_return.sh
create mode 100644 samples/bpf/tracex7_kern.c
create mode 100644 samples/bpf/tracex7_user.c
create mode 100644 tools/bpf/bpftool/Documentation/bpftool-cgroup.rst
create mode 100644 tools/bpf/bpftool/cgroup.c
create mode 100644 tools/testing/selftests/bpf/test_l4lb_noinline.c
create mode 100644 tools/testing/selftests/bpf/test_tracepoint.c
create mode 100644 tools/testing/selftests/bpf/test_xdp_noinline.c
Powered by blists - more mailing lists