lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20180801050908.29970-5-me@tobin.cc>
Date:   Wed,  1 Aug 2018 15:08:59 +1000
From:   "Tobin C. Harding" <me@...in.cc>
To:     Daniel Borkmann <daniel@...earbox.net>,
        Alexei Starovoitov <ast@...nel.org>
Cc:     "Tobin C. Harding" <me@...in.cc>, Jonathan Corbet <corbet@....net>,
        "David S. Miller" <davem@...emloft.net>, linux-doc@...r.kernel.org,
        netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH bpf-next 04/13] docs: net: Use correct heading adornments

Conversion to RST format requires the use of correct RST heading
adornments.  While we are at it we can make sure spacing around headings
is uniform.  Choose to use one empty line after any heading.

Use correct levels of heading adornment.

Signed-off-by: Tobin C. Harding <me@...in.cc>
---
 Documentation/networking/filter.rst | 36 +++++++++++++++++------------
 1 file changed, 21 insertions(+), 15 deletions(-)

diff --git a/Documentation/networking/filter.rst b/Documentation/networking/filter.rst
index 14ce8901c245..19325286780b 100644
--- a/Documentation/networking/filter.rst
+++ b/Documentation/networking/filter.rst
@@ -1,10 +1,11 @@
+=======================================================
 Linux Socket Filtering aka Berkeley Packet Filter (BPF)
 =======================================================
 
 .. _bpf_filter:
 
 Introduction
-------------
+============
 
 Linux Socket Filtering (LSF) is derived from the Berkeley Packet Filter.
 Though there are some distinct differences between the BSD and Linux
@@ -58,7 +59,7 @@ Conference Proceedings (USENIX'93). USENIX Association, Berkeley,
 CA, USA, 2-2. [http://www.tcpdump.org/papers/bpf-usenix93.pdf]
 
 Structure
----------
+=========
 
 User space applications include <linux/filter.h> which contains the
 following relevant structures:
@@ -169,7 +170,7 @@ implementors may wish to manually write test cases and thus need low-level
 access to BPF code as well.
 
 BPF engine and instruction set
-------------------------------
+==============================
 
 Under tools/bpf/ there's a small helper tool called bpf_asm which can
 be used to write low-level filters for example scenarios mentioned in the
@@ -462,7 +463,7 @@ breakpoints: 0 1
   Exits bpf_dbg.
 
 JIT compiler
-------------
+============
 
 The Linux kernel has a built-in BPF JIT compiler for x86_64, SPARC, PowerPC,
 ARM, ARM64, MIPS and s390 and can be enabled through CONFIG_BPF_JIT. The JIT
@@ -569,7 +570,8 @@ For BPF JIT developers, bpf_jit_disasm, bpf_asm and bpf_dbg provides a useful
 toolchain for developing and testing the kernel's JIT compiler.
 
 BPF kernel internals
---------------------
+====================
+
 Internally, for the kernel interpreter, a different instruction set
 format with similar underlying principles from BPF described in previous
 paragraphs is being used. However, the instruction set format is modelled
@@ -843,7 +845,7 @@ descends all possible paths. It simulates execution of every insn and observes
 the state change of registers and stack.
 
 eBPF opcode encoding
---------------------
+====================
 
 eBPF is reusing most of the opcode encoding from classic to simplify conversion
 of classic BPF to eBPF. For arithmetic and jump instructions the 8-bit 'code'
@@ -1014,7 +1016,8 @@ Classic BPF has similar instruction: BPF_LD | BPF_W | BPF_IMM which loads
 32-bit immediate value into a register.
 
 eBPF verifier
--------------
+=============
+
 The safety of the eBPF program is determined in two steps.
 
 First step does DAG check to disallow loops and other CFG validation.
@@ -1107,7 +1110,8 @@ all use cases.
 See details of eBPF verifier in kernel/bpf/verifier.c
 
 Register value tracking
------------------------
+=======================
+
 In order to determine the safety of an eBPF program, the verifier must track
 the range of possible values in each register and also in each stack slot.
 This is done with 'struct bpf_reg_state', defined in include/linux/
@@ -1175,7 +1179,7 @@ bytes (NET_IP_ALIGN) gives a 4-byte alignment and so word-sized accesses through
 that pointer are safe.
 
 Direct packet access
---------------------
+====================
 In cls_bpf and act_bpf programs the verifier allows direct access to the packet
 data via skb->data and skb->data_end pointers.
 Ex:
@@ -1261,7 +1265,8 @@ which makes such programs easier to write comparing to LD_ABS insn
 and significantly faster.
 
 eBPF maps
----------
+=========
+
 'maps' is a generic storage of different types for sharing data between kernel
 and userspace.
 
@@ -1300,7 +1305,8 @@ The map is defined by:
   . value size in bytes
 
 Pruning
--------
+=======
+
 The verifier does not actually walk all possible paths through the program.  For
 each new branch to analyse, the verifier looks at all the states it's previously
 been in when at this instruction.  If any of them contain the current state as a
@@ -1316,7 +1322,7 @@ registers it may hold).  They must all be safe for the branch to be pruned.
 This is implemented in states_equal().
 
 Understanding eBPF verifier messages
-------------------------------------
+====================================
 
 The following are few examples of invalid eBPF programs and verifier error
 messages as seen in the log:
@@ -1447,7 +1453,7 @@ Error:
   R0 invalid mem access 'imm'
 
 Testing
--------
+=======
 
 Next to the BPF toolchain, the kernel also ships a test module that contains
 various test cases for classic and internal BPF that can be executed against
@@ -1461,13 +1467,13 @@ via insmod or modprobe against 'test_bpf' module. Results of the test cases
 including timings in nsec can be found in the kernel log (dmesg).
 
 Misc
-----
+====
 
 Also trinity, the Linux syscall fuzzer, has built-in support for BPF and
 SECCOMP-BPF kernel fuzzing.
 
 Written by
-----------
+==========
 
 The document was written in the hope that it is found useful and in order
 to give potential BPF hackers or security auditors a better overview of
-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ