| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20180331235112.24146-1-daniel@iogearbox.net>
Date: Sun, 1 Apr 2018 01:51:12 +0200
From: Daniel Borkmann <daniel@...earbox.net>
To: davem@...emloft.net
Cc: daniel@...earbox.net, ast@...nel.org, netdev@...r.kernel.org
Subject: pull-request: bpf-next 2018-03-31
Hi David,
The following pull-request contains BPF updates for your *net-next* tree.
The main changes are:
1) Add raw BPF tracepoint API in order to have a BPF program type that
can access kernel internal arguments of the tracepoints in their
raw form similar to kprobes based BPF programs. This infrastructure
also adds a new BPF_RAW_TRACEPOINT_OPEN command to BPF syscall which
returns an anon-inode backed fd for the tracepoint object that allows
for automatic detach of the BPF program resp. unregistering of the
tracepoint probe on fd release, from Alexei.
2) Add new BPF cgroup hooks at bind() and connect() entry in order to
allow BPF programs to reject, inspect or modify user space passed
struct sockaddr, and as well a hook at post bind time once the port
has been allocated. They are used in FB's container management engine
for implementing policy, replacing fragile LD_PRELOAD wrapper
intercepting bind() and connect() calls that only works in limited
scenarios like glibc based apps but not for other runtimes in
containerized applications, from Andrey.
3) BPF_F_INGRESS flag support has been added to sockmap programs for
their redirect helper call bringing it in line with cls_bpf based
programs. Support is added for both variants of sockmap programs,
meaning for tx ULP hooks as well as recv skb hooks, from John.
4) Various improvements on BPF side for the nfp driver, besides others
this work adds BPF map update and delete helper call support from
the datapath, JITing of 32 and 64 bit XADD instructions as well as
offload support of bpf_get_prandom_u32() call. Initial implementation
of nfp packet cache has been tackled that optimizes memory access
(see merge commit for further details), from Jakub and Jiong.
5) Removal of struct bpf_verifier_env argument from the print_bpf_insn()
API has been done in order to prepare to use print_bpf_insn() soon
out of perf tool directly. This makes the print_bpf_insn() API more
generic and pushes the env into private data. bpftool is adjusted
as well with the print_bpf_insn() argument removal, from Jiri.
6) Couple of cleanups and prep work for the upcoming BTF (BPF Type
Format). The latter will reuse the current BPF verifier log as
well, thus bpf_verifier_log() is further generalized, from Martin.
7) For bpf_getsockopt() and bpf_setsockopt() helpers, IPv4 IP_TOS read
and write support has been added in similar fashion to existing
IPv6 IPV6_TCLASS socket option we already have, from Nikita.
8) Fixes in recent sockmap scatterlist API usage, which did not use
sg_init_table() for initialization thus triggering a BUG_ON() in
scatterlist API when CONFIG_DEBUG_SG was enabled. This adds and
uses a small helper sg_init_marker() to properly handle the affected
cases, from Prashant.
9) Let the BPF core follow IDR code convention and therefore use the
idr_preload() and idr_preload_end() helpers, which would also help
idr_alloc_cyclic() under GFP_ATOMIC to better succeed under memory
pressure, from Shaohua.
10) Last but not least, a spelling fix in an error message for the
BPF cookie UID helper under BPF sample code, from Colin.
Please consider pulling these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git
Thanks a lot!
----------------------------------------------------------------
The following changes since commit ae06c70b135886d7d6252f3090146f01a3f3b80c:
intel: add SPDX identifiers to all the Intel drivers (2018-03-23 12:18:21 -0400)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git
for you to fetch changes up to 7828f20e3779e4e85e55371e0e43f5006a15fb41:
Merge branch 'bpf-cgroup-bind-connect' (2018-03-31 02:18:07 +0200)
----------------------------------------------------------------
Alexei Starovoitov (10):
treewide: remove large struct-pass-by-value from tracepoint arguments
net/mediatek: disambiguate mt76 vs mt7601u trace events
net/mac802154: disambiguate mac80215 vs mac802154 trace events
net/wireless/iwlwifi: fix iwlwifi_dev_ucode_error tracepoint
macro: introduce COUNT_ARGS() macro
bpf: introduce BPF_RAW_TRACEPOINT
libbpf: add bpf_raw_tracepoint_open helper
samples/bpf: raw tracepoint test
selftests/bpf: test for bpf_get_stackid() from raw tracepoints
Merge branch 'nfp-bpf-updates'
Andrey Ignatov (9):
bpf: Check attach type at prog load time
libbpf: Support expected_attach_type at prog load
bpf: Hooks for sys_bind
selftests/bpf: Selftest for sys_bind hooks
net: Introduce __inet_bind() and __inet6_bind
bpf: Hooks for sys_connect
selftests/bpf: Selftest for sys_connect hooks
bpf: Post-hooks for sys_bind
selftests/bpf: Selftest for sys_bind post-hooks.
Colin Ian King (1):
samples/bpf: fix spelling mistake: "revieve" -> "receive"
Daniel Borkmann (6):
Merge branch 'bpf-print-insns-api'
Merge branch 'bpf-verifier-log-btf-prep'
Merge branch 'bpf-raw-tracepoints'
Merge branch 'bpf-sockmap-ingress'
Merge branch 'bpf-sockmap-sg-api-fixes'
Merge branch 'bpf-cgroup-bind-connect'
Jakub Kicinski (11):
nfp: bpf: rename map_lookup_stack() to map_call_stack_common()
nfp: bpf: add helper for validating stack pointers
nfp: bpf: add helper for basic map call checks
nfp: bpf: add map updates from the datapath
nfp: bpf: add map deletes from the datapath
bpf: add parenthesis around argument of BPF_LDST_BYTES()
nfp: bpf: add basic support for atomic adds
nfp: bpf: expose command delay slots
nfp: bpf: add support for atomic add of unknown values
nfp: bpf: add support for bpf_get_prandom_u32()
nfp: bpf: improve wrong FW response warnings
Jiong Wang (3):
nfp: bpf: read from packet data cache for PTR_TO_PACKET
nfp: bpf: support unaligned read offset
nfp: bpf: detect packet reads could be cached, enable the optimisation
Jiri Olsa (2):
bpf: Remove struct bpf_verifier_env argument from print_bpf_insn
bpftool: Adjust to new print_bpf_insn interface
John Fastabend (4):
bpf: sockmap redirect ingress support
bpf: sockmap, add BPF_F_INGRESS tests
bpf: sockmap, BPF_F_INGRESS flag for BPF_SK_SKB_STREAM_VERDICT:
bpf: sockmap, more BPF_SK_SKB_STREAM_VERDICT tests
Martin KaFai Lau (2):
bpf: Rename bpf_verifer_log
bpf: Add bpf_verifier_vlog() and bpf_verifier_log_needed()
Nikita V. Shirokov (1):
bpf: Add sock_ops R/W access to ipv4 tos
Prashant Bhole (2):
lib/scatterlist: add sg_init_marker() helper
bpf: sockmap: initialize sg table entries properly
Shaohua Li (1):
bpf: follow idr code convention
drivers/infiniband/hw/hfi1/file_ops.c | 2 +-
drivers/infiniband/hw/hfi1/trace_ctxts.h | 12 +-
drivers/net/ethernet/netronome/nfp/bpf/cmsg.c | 12 +-
drivers/net/ethernet/netronome/nfp/bpf/fw.h | 1 +
drivers/net/ethernet/netronome/nfp/bpf/jit.c | 462 ++++++++++++++--
drivers/net/ethernet/netronome/nfp/bpf/main.c | 18 +
drivers/net/ethernet/netronome/nfp/bpf/main.h | 85 ++-
drivers/net/ethernet/netronome/nfp/bpf/offload.c | 45 +-
drivers/net/ethernet/netronome/nfp/bpf/verifier.c | 217 ++++++--
drivers/net/ethernet/netronome/nfp/nfp_asm.c | 2 +
drivers/net/ethernet/netronome/nfp/nfp_asm.h | 7 +
drivers/net/wireless/intel/iwlwifi/dvm/main.c | 7 +-
.../wireless/intel/iwlwifi/iwl-devtrace-iwlwifi.h | 39 +-
drivers/net/wireless/intel/iwlwifi/iwl-devtrace.c | 1 +
drivers/net/wireless/intel/iwlwifi/mvm/utils.c | 7 +-
drivers/net/wireless/mediatek/mt7601u/trace.h | 6 +-
include/asm-generic/vmlinux.lds.h | 10 +
include/linux/bpf-cgroup.h | 68 ++-
include/linux/bpf.h | 5 +-
include/linux/bpf_types.h | 2 +
include/linux/bpf_verifier.h | 13 +-
include/linux/filter.h | 15 +-
include/linux/kernel.h | 7 +
include/linux/scatterlist.h | 18 +
include/linux/trace_events.h | 42 ++
include/linux/tracepoint-defs.h | 6 +
include/net/addrconf.h | 7 +
include/net/inet_common.h | 2 +
include/net/ipv6.h | 2 +
include/net/sock.h | 4 +
include/net/udp.h | 1 +
include/trace/bpf_probe.h | 92 ++++
include/trace/define_trace.h | 1 +
include/trace/events/f2fs.h | 2 +-
include/uapi/linux/bpf.h | 62 ++-
kernel/bpf/cgroup.c | 39 +-
kernel/bpf/disasm.c | 52 +-
kernel/bpf/disasm.h | 5 +-
kernel/bpf/sockmap.c | 303 ++++++++++-
kernel/bpf/syscall.c | 184 ++++++-
kernel/bpf/verifier.c | 64 ++-
kernel/trace/bpf_trace.c | 206 +++++++-
lib/scatterlist.c | 9 +-
net/core/filter.c | 481 ++++++++++++++++-
net/ipv4/af_inet.c | 71 ++-
net/ipv4/tcp.c | 10 +-
net/ipv4/tcp_ipv4.c | 16 +
net/ipv4/udp.c | 14 +
net/ipv6/af_inet6.c | 66 ++-
net/ipv6/tcp_ipv6.c | 16 +
net/ipv6/udp.c | 20 +
net/mac802154/trace.h | 8 +-
net/wireless/trace.h | 2 +-
samples/bpf/Makefile | 1 +
samples/bpf/bpf_load.c | 14 +
samples/bpf/cookie_uid_helper_example.c | 2 +-
samples/bpf/test_overhead_raw_tp_kern.c | 17 +
samples/bpf/test_overhead_user.c | 12 +
samples/sockmap/sockmap_kern.c | 62 ++-
samples/sockmap/sockmap_test.sh | 40 +-
samples/sockmap/sockmap_user.c | 58 ++
security/apparmor/include/path.h | 7 +-
sound/firewire/amdtp-stream-trace.h | 2 +-
tools/bpf/bpftool/xlated_dumper.c | 12 +-
tools/include/uapi/linux/bpf.h | 62 ++-
tools/lib/bpf/bpf.c | 55 +-
tools/lib/bpf/bpf.h | 18 +-
tools/lib/bpf/libbpf.c | 113 +++-
tools/lib/bpf/libbpf.h | 8 +
tools/testing/selftests/bpf/Makefile | 10 +-
tools/testing/selftests/bpf/bpf_helpers.h | 2 +
tools/testing/selftests/bpf/connect4_prog.c | 45 ++
tools/testing/selftests/bpf/connect6_prog.c | 61 +++
tools/testing/selftests/bpf/test_progs.c | 91 +++-
tools/testing/selftests/bpf/test_sock.c | 479 +++++++++++++++++
tools/testing/selftests/bpf/test_sock_addr.c | 588 +++++++++++++++++++++
tools/testing/selftests/bpf/test_sock_addr.sh | 57 ++
77 files changed, 4265 insertions(+), 399 deletions(-)
create mode 100644 include/trace/bpf_probe.h
create mode 100644 samples/bpf/test_overhead_raw_tp_kern.c
create mode 100644 tools/testing/selftests/bpf/connect4_prog.c
create mode 100644 tools/testing/selftests/bpf/connect6_prog.c
create mode 100644 tools/testing/selftests/bpf/test_sock.c
create mode 100644 tools/testing/selftests/bpf/test_sock_addr.c
create mode 100755 tools/testing/selftests/bpf/test_sock_addr.sh
Powered by blists - more mailing lists