| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20180605163916.2922-1-daniel@iogearbox.net>
Date: Tue, 5 Jun 2018 18:39:16 +0200
From: Daniel Borkmann <daniel@...earbox.net>
To: davem@...emloft.net
Cc: daniel@...earbox.net, ast@...nel.org, netdev@...r.kernel.org
Subject: pull-request: bpf-next 2018-06-05
Hi David,
The following pull-request contains BPF updates for your *net-next* tree.
The main changes are:
1) Add a new BPF hook for sendmsg similar to existing hooks for bind and
connect: "This allows to override source IP (including the case when it's
set via cmsg(3)) and destination IP:port for unconnected UDP (slow path).
TCP and connected UDP (fast path) are not affected. This makes UDP support
complete, that is, connected UDP is handled by connect hooks, unconnected
by sendmsg ones.", from Andrey.
2) Rework of the AF_XDP API to allow extending it in future for type writer
model if necessary. In this mode a memory window is passed to hardware
and multiple frames might be filled into that window instead of just one
that is the case in the current fixed frame-size model. With the new
changes made this can be supported without having to add a new descriptor
format. Also, core bits for the zero-copy support for AF_XDP have been
merged as agreed upon, where i40e bits will be routed via Jeff later on.
Various improvements to documentation and sample programs included as
well, all from Björn and Magnus.
3) Given BPF's flexibility, a new program type has been added to implement
infrared decoders. Quote: "The kernel IR decoders support the most
widely used IR protocols, but there are many protocols which are not
supported. [...] There is a 'long tail' of unsupported IR protocols,
for which lircd is need to decode the IR. IR encoding is done in such
a way that some simple circuit can decode it; therefore, BPF is ideal.
[...] user-space can define a decoder in BPF, attach it to the rc
device through the lirc chardev.", from Sean.
4) Several improvements and fixes to BPF core, among others, dumping map
and prog IDs into fdinfo which is a straight forward way to correlate
BPF objects used by applications, removing an indirect call and therefore
retpoline in all map lookup/update/delete calls by invoking the callback
directly for 64 bit archs, adding a new bpf_skb_cgroup_id() BPF helper
for tc BPF programs to have an efficient way of looking up cgroup v2 id
for policy or other use cases. Fixes to make sure we zero tunnel/xfrm
state that hasn't been filled, to allow context access wrt pt_regs in
32 bit archs for tracing, and last but not least various test cases
for fixes that landed in bpf earlier, from Daniel.
5) Get rid of the ndo_xdp_flush API and extend the ndo_xdp_xmit with
a XDP_XMIT_FLUSH flag instead which allows to avoid one indirect
call as flushing is now merged directly into ndo_xdp_xmit(), from Jesper.
6) Add a new bpf_get_current_cgroup_id() helper that can be used in
tracing to retrieve the cgroup id from the current process in order
to allow for e.g. aggregation of container-level events, from Yonghong.
7) Two follow-up fixes for BTF to reject invalid input values and
related to that also two test cases for BPF kselftests, from Martin.
8) Various API improvements to the bpf_fib_lookup() helper, that is,
dropping MPLS bits which are not fully hashed out yet, rejecting
invalid helper flags, returning error for unsupported address
families as well as renaming flowlabel to flowinfo, from David.
9) Various fixes and improvements to sockmap BPF kselftests in particular
in proper error detection and data verification, from Prashant.
10) Two arm32 BPF JIT improvements. One is to fix imm range check with
regards to whether immediate fits into 24 bits, and a naming cleanup
to get functions related to rsh handling consistent to those handling
lsh, from Wang.
11) Two compile warning fixes in BPF, one for BTF and a false positive
to silent gcc in stack_map_get_build_id_offset(), from Arnd.
12) Add missing seg6.h header into tools include infrastructure in order
to fix compilation of BPF kselftests, from Mathieu.
13) Several formatting cleanups in the BPF UAPI helper description that
also fix an error during rst2man compilation, from Quentin.
14) Hide an unused variable in sk_msg_convert_ctx_access() when IPv6 is
not built into the kernel, from Yue.
15) Remove a useless double assignment in dev_map_enqueue(), from Colin.
Please consider pulling these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git
Thanks a lot!
----------------------------------------------------------------
The following changes since commit 5b79c2af667c0e2684f2a6dbf6439074b78f490c:
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net (2018-05-26 19:46:15 -0400)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git
for you to fetch changes up to 9fa06104a235f64d6a2bf3012cc9966e8e4be5eb:
Merge branch 'bpf-af-xdp-zc-api' (2018-06-05 15:58:07 +0200)
----------------------------------------------------------------
Alexei Starovoitov (4):
Merge branch 'btf-fixes'
Merge branch 'misc-BPF-improvements'
Merge branch 'ndo_xdp_xmit-cleanup'
Merge branch 'bpf_get_current_cgroup_id'
Andrey Ignatov (8):
libbpf: Install btf.h with libbpf
bpf: Define cgroup_bpf_enabled for CONFIG_CGROUP_BPF=n
bpf: Hooks for sys_sendmsg
bpf: Sync bpf.h to tools/
libbpf: Support guessing sendmsg{4,6} progs
selftests/bpf: Prepare test_sock_addr for extension
selftests/bpf: Selftest for sys_sendmsg hooks
bpftool: Support sendmsg{4,6} attach types
Arnd Bergmann (2):
bpf: btf: avoid -Wreturn-type warning
bpf: avoid -Wmaybe-uninitialized warning
Björn Töpel (10):
xsk: proper fill queue descriptor validation
xsk: proper Rx drop statistics update
xsk: new descriptor addressing scheme
samples/bpf: adapted to new uapi
xsk: moved struct xdp_umem definition
xsk: introduce xdp_umem_page
net: xdp: added bpf_netdev_command XDP_{QUERY, SETUP}_XSK_UMEM
xdp: add MEM_TYPE_ZERO_COPY
xsk: add zero-copy support for Rx
samples/bpf: xdpsock: use skb Tx path for XDP_SKB
Colin Ian King (1):
bpf: devmap: remove redundant assignment of dev = dev
Daniel Borkmann (17):
Merge branch 'bpf-sendmsg-hook'
Merge branch 'bpf-ir-decoder'
Merge branch 'bpf-sockmap-test-fixes'
bpf: test case for map pointer poison with calls/branches
bpf: add also cbpf long jump test cases with heavy expansion
bpf: fixup error message from gpl helpers on license mismatch
bpf: show prog and map id in fdinfo
bpf: avoid retpoline for lookup/update/delete calls on maps
bpf: add bpf_skb_cgroup_id helper
bpf: make sure to clear unused fields in tunnel/xfrm state fetch
bpf: fix cbpf parser bug for octal numbers
bpf: fix context access in tracing progs on 32 bit archs
bpf: sync bpf uapi header with tools
bpf, doc: add missing patchwork url and libbpf to maintainers
Merge branch 'bpf-af-xdp-fixes'
Merge branch 'bpf-xdp-remove-xdp-flush'
Merge branch 'bpf-af-xdp-zc-api'
David Ahern (4):
bpf: Drop mpls from bpf_fib_lookup
bpf: Verify flags in bpf_fib_lookup
bpf: Change bpf_fib_lookup to return -EAFNOSUPPORT for unsupported address families
bpf: flowlabel in bpf_fib_lookup should be flowinfo
Jesper Dangaard Brouer (13):
xdp: add flags argument to ndo_xdp_xmit API
i40e: implement flush flag for ndo_xdp_xmit
ixgbe: implement flush flag for ndo_xdp_xmit
tun: implement flush flag for ndo_xdp_xmit
virtio_net: implement flush flag for ndo_xdp_xmit
xdp: done implementing ndo_xdp_xmit flush flag for all drivers
bpf/xdp: non-map redirect can avoid calling ndo_xdp_flush
bpf/xdp: devmap can avoid calling ndo_xdp_flush
i40e: remove ndo_xdp_flush call i40e_xdp_flush
ixgbe: remove ndo_xdp_flush call ixgbe_xdp_flush
virtio_net: remove ndo_xdp_flush call virtnet_xdp_flush
tun: remove ndo_xdp_flush call tun_xdp_flush
net: remove net_device operation ndo_xdp_flush
Magnus Karlsson (3):
samples/bpf: minor *_nb_free performance fix
net: added netdevice operation for Tx
xsk: wire upp Tx zero-copy functions
Martin KaFai Lau (2):
bpf: btf: Check array t->size
bpf: btf: Ensure t->type == 0 for BTF_KIND_FWD
Mathieu Xhonneux (1):
selftests/bpf: missing headers test_lwt_seg6local
Prashant Bhole (5):
selftests/bpf: test_sockmap, check test failure
selftests/bpf: test_sockmap, join cgroup in selftest mode
selftests/bpf: test_sockmap, timing improvements
selftests/bpf: test_sockmap, fix data verification
selftests/bpf: test_sockmap, print additional test options
Quentin Monnet (1):
bpf: clean up eBPF helpers documentation
Sean Young (3):
bpf: bpf_prog_array_copy() should return -ENOENT if exclude_prog not found
media: rc: introduce BPF_PROG_LIRC_MODE2
bpf: add selftest for lirc_mode2 type program
Wang YanQing (2):
bpf, arm32: correct check_imm24
bpf, arm32: fix inconsistent naming about emit_a32_lsr_{r64,i64}
Yonghong Song (4):
bpf: implement bpf_get_current_cgroup_id() helper
tools/bpf: sync uapi bpf.h for bpf_get_current_cgroup_id() helper
tools/bpf: add a selftest for bpf_get_current_cgroup_id() helper
bpf: guard bpf_get_current_cgroup_id() with CONFIG_CGROUPS
YueHaibing (1):
bpf: hide the unused 'off' variable
Documentation/networking/af_xdp.rst | 101 +-
MAINTAINERS | 2 +
arch/arm/net/bpf_jit_32.c | 16 +-
drivers/media/rc/Kconfig | 13 +
drivers/media/rc/Makefile | 1 +
drivers/media/rc/bpf-lirc.c | 313 ++++++
drivers/media/rc/lirc_dev.c | 30 +
drivers/media/rc/rc-core-priv.h | 21 +
drivers/media/rc/rc-ir-raw.c | 12 +-
drivers/net/ethernet/intel/i40e/i40e_main.c | 1 -
drivers/net/ethernet/intel/i40e/i40e_txrx.c | 33 +-
drivers/net/ethernet/intel/i40e/i40e_txrx.h | 4 +-
drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 42 +-
drivers/net/tun.c | 44 +-
drivers/net/virtio_net.c | 22 +-
include/linux/bpf-cgroup.h | 24 +-
include/linux/bpf.h | 1 +
include/linux/bpf_lirc.h | 29 +
include/linux/bpf_types.h | 3 +
include/linux/filter.h | 44 +-
include/linux/netdevice.h | 21 +-
include/net/xdp.h | 14 +
include/net/xdp_sock.h | 44 +-
include/uapi/linux/bpf.h | 136 ++-
include/uapi/linux/if_xdp.h | 16 +-
kernel/bpf/btf.c | 28 +-
kernel/bpf/cgroup.c | 11 +-
kernel/bpf/core.c | 12 +-
kernel/bpf/devmap.c | 21 +-
kernel/bpf/hashtab.c | 12 +-
kernel/bpf/helpers.c | 15 +
kernel/bpf/stackmap.c | 7 +-
kernel/bpf/syscall.c | 27 +-
kernel/bpf/verifier.c | 73 +-
kernel/trace/bpf_trace.c | 16 +-
lib/test_bpf.c | 63 ++
net/core/filter.c | 91 +-
net/core/xdp.c | 19 +-
net/ipv4/udp.c | 20 +-
net/ipv6/udp.c | 24 +
net/xdp/xdp_umem.c | 151 ++-
net/xdp/xdp_umem.h | 45 +-
net/xdp/xdp_umem_props.h | 4 +-
net/xdp/xsk.c | 199 +++-
net/xdp/xsk_queue.c | 2 +-
net/xdp/xsk_queue.h | 98 +-
samples/bpf/xdp_fwd_kern.c | 2 +-
samples/bpf/xdpsock_user.c | 97 +-
tools/bpf/bpf_exp.l | 2 +-
tools/bpf/bpftool/Documentation/bpftool-cgroup.rst | 9 +-
tools/bpf/bpftool/bash-completion/bpftool | 5 +-
tools/bpf/bpftool/cgroup.c | 4 +-
tools/bpf/bpftool/prog.c | 1 +
tools/include/linux/filter.h | 10 +
tools/include/uapi/linux/bpf.h | 134 ++-
tools/include/uapi/linux/lirc.h | 217 ++++
tools/include/uapi/linux/seg6.h | 55 +
tools/include/uapi/linux/seg6_local.h | 80 ++
tools/lib/bpf/Makefile | 1 +
tools/lib/bpf/libbpf.c | 3 +
tools/testing/selftests/bpf/.gitignore | 2 +
tools/testing/selftests/bpf/Makefile | 9 +-
tools/testing/selftests/bpf/bpf_helpers.h | 7 +
tools/testing/selftests/bpf/cgroup_helpers.c | 57 +
tools/testing/selftests/bpf/cgroup_helpers.h | 1 +
tools/testing/selftests/bpf/get_cgroup_id_kern.c | 28 +
tools/testing/selftests/bpf/get_cgroup_id_user.c | 141 +++
tools/testing/selftests/bpf/sendmsg4_prog.c | 49 +
tools/testing/selftests/bpf/sendmsg6_prog.c | 60 +
tools/testing/selftests/bpf/test_btf.c | 45 +
tools/testing/selftests/bpf/test_lirc_mode2.sh | 28 +
tools/testing/selftests/bpf/test_lirc_mode2_kern.c | 23 +
tools/testing/selftests/bpf/test_lirc_mode2_user.c | 149 +++
tools/testing/selftests/bpf/test_sock_addr.c | 1155 ++++++++++++++++----
tools/testing/selftests/bpf/test_sockmap.c | 87 +-
tools/testing/selftests/bpf/test_verifier.c | 185 +++-
76 files changed, 3841 insertions(+), 730 deletions(-)
create mode 100644 drivers/media/rc/bpf-lirc.c
create mode 100644 include/linux/bpf_lirc.h
create mode 100644 tools/include/uapi/linux/lirc.h
create mode 100644 tools/include/uapi/linux/seg6.h
create mode 100644 tools/include/uapi/linux/seg6_local.h
create mode 100644 tools/testing/selftests/bpf/get_cgroup_id_kern.c
create mode 100644 tools/testing/selftests/bpf/get_cgroup_id_user.c
create mode 100644 tools/testing/selftests/bpf/sendmsg4_prog.c
create mode 100644 tools/testing/selftests/bpf/sendmsg6_prog.c
create mode 100755 tools/testing/selftests/bpf/test_lirc_mode2.sh
create mode 100644 tools/testing/selftests/bpf/test_lirc_mode2_kern.c
create mode 100644 tools/testing/selftests/bpf/test_lirc_mode2_user.c
Powered by blists - more mailing lists