| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20181221004642.2201-1-daniel@iogearbox.net>
Date: Fri, 21 Dec 2018 01:46:42 +0100
From: Daniel Borkmann <daniel@...earbox.net>
To: davem@...emloft.net
Cc: daniel@...earbox.net, ast@...nel.org, netdev@...r.kernel.org
Subject: pull-request: bpf-next 2018-12-21
Hi David,
The following pull-request contains BPF updates for your *net-next* tree.
There is a merge conflict in test_verifier.c. Result looks as follows:
[...]
},
{
"calls: cross frame pruning",
.insns = {
[...]
.prog_type = BPF_PROG_TYPE_SOCKET_FILTER,
.errstr_unpriv = "function calls to other bpf functions are allowed for root only",
.result_unpriv = REJECT,
.errstr = "!read_ok",
.result = REJECT,
},
{
"jset: functional",
.insns = {
[...]
{
"jset: unknown const compare not taken",
.insns = {
BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0,
BPF_FUNC_get_prandom_u32),
BPF_JMP_IMM(BPF_JSET, BPF_REG_0, 1, 1),
BPF_LDX_MEM(BPF_B, BPF_REG_8, BPF_REG_9, 0),
BPF_EXIT_INSN(),
},
.prog_type = BPF_PROG_TYPE_SOCKET_FILTER,
.errstr_unpriv = "!read_ok",
.result_unpriv = REJECT,
.errstr = "!read_ok",
.result = REJECT,
},
[...]
{
"jset: range",
.insns = {
[...]
},
.prog_type = BPF_PROG_TYPE_SOCKET_FILTER,
.result_unpriv = ACCEPT,
.result = ACCEPT,
},
The main changes are:
1) Various BTF related improvements in order to get line info
working. Meaning, verifier will now annotate the corresponding
BPF C code to the error log, from Martin and Yonghong.
2) Implement support for raw BPF tracepoints in modules, from Matt.
3) Add several improvements to verifier state logic, namely speeding
up stacksafe check, optimizations for stack state equivalence
test and safety checks for liveness analysis, from Alexei.
4) Teach verifier to make use of BPF_JSET instruction, add several
test cases to kselftests and remove nfp specific JSET optimization
now that verifier has awareness, from Jakub.
5) Improve BPF verifier's slot_type marking logic in order to
allow more stack slot sharing, from Jiong.
6) Add sk_msg->size member for context access and add set of fixes
and improvements to make sock_map with kTLS usable with openssl
based applications, from John.
7) Several cleanups and documentation updates in bpftool as well as
auto-mount of tracefs for "bpftool prog tracelog" command,
from Quentin.
8) Include sub-program tags from now on in bpf_prog_info in order to
have a reliable way for user space to get all tags of the program
e.g. needed for kallsyms correlation, from Song.
9) Add BTF annotations for cgroup_local_storage BPF maps and
implement bpf fs pretty print support, from Roman.
10) Fix bpftool in order to allow for cross-compilation, from Ivan.
11) Update of bpftool license to GPLv2-only + BSD-2-Clause in order
to be compatible with libbfd and allow for Debian packaging,
from Jakub.
12) Remove an obsolete prog->aux sanitation in dump and get rid of
version check for prog load, from Daniel.
13) Fix a memory leak in libbpf's line info handling, from Prashant.
14) Fix cpumap's frame alignment for build_skb() so that skb_shared_info
does not get unaligned, from Jesper.
15) Fix test_progs kselftest to work with older compilers which are less
smart in optimizing (and thus throwing build error), from Stanislav.
16) Cleanup and simplify AF_XDP socket teardown, from Björn.
17) Fix sk lookup in BPF kselftest's test_sock_addr with regards
to netns_id argument, from Andrey.
Please consider pulling these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git
Thanks a lot & happy holidays!
----------------------------------------------------------------
The following changes since commit 0bd72117fba2dd51a65eaa7b480adc0eea9a4409:
bpf: fix up uapi helper description and sync bpf header with tools (2018-12-11 11:06:43 -0800)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git
for you to fetch changes up to 1cf4a0ccc506b5c027afc5eaf3fddc83f96f31e7:
Merge branch 'bpf-sockmap-fixes-and-improvements' (2018-12-20 23:47:11 +0100)
----------------------------------------------------------------
Alexei Starovoitov (6):
Merge branch 'bpf_line_info-in-verifier'
bpf: speed up stacksafe check
selftests/bpf: check insn processed in test_verifier
bpf: improve stacksafe state comparison
bpf: add self-check logic to liveness analysis
Merge branch 'line_info-check-for-ld_imm64'
Andrey Ignatov (1):
selftests/bpf: Fix sk lookup usage in test_sock_addr
Björn Töpel (1):
xsk: simplify AF_XDP socket teardown
Daniel Borkmann (11):
Merge branch 'bpf-bpftool-license-update'
Merge branch 'bpf-fix-kptr-checks'
bpf: remove obsolete prog->aux sanitation in bpf_insn_prepare_dump
Merge branch 'bpf-improve-verifier-state-analysis'
Merge branch 'bpf-bpftool-cleanups'
bpf: remove useless version check for prog load
Merge branch 'bpf-btf-type-fixes'
Merge branch 'bpf-bpftool-mount-tracefs'
Merge branch 'bpf-sk-msg-size-member'
Merge branch 'bpf-jset-verifier'
Merge branch 'bpf-sockmap-fixes-and-improvements'
Ivan Babrou (1):
tools: bpftool: do not force gcc as CC
Jakub Kicinski (10):
tools: bpftool: fix SPDX format in headers
tools: bpftool: replace Netronome boilerplate with SPDX license headers
tools: bpftool: dual license all files
selftests: bpf: add trivial JSET tests
bpf: verifier: teach the verifier to reason about the BPF_JSET instruction
selftests: bpf: verifier: add tests for JSET interpretation
bpf: verifier: reorder stack size check with dead code sanitization
nfp: bpf: remove the trivial JSET optimization
nfp: bpf: optimize codegen for JSET with a constant
selftests: bpf: add missing executables to .gitignore
Jesper Dangaard Brouer (1):
bpf/cpumap: make sure frame_size for build_skb is aligned if headroom isn't
Jiong Wang (1):
bpf: correct slot_type marking logic to allow more stack slot sharing
John Fastabend (11):
bpf: sockmap, metadata support for reporting size of msg
bpf: add tools lib/include support sk_msg_md size field
bpf: sk_msg, add tests for size field
bpf: sk_msg, fix sk_msg_md access past end test
bpf: sk_msg, improve offset chk in _is_valid_access
bpf: skmsg, replace comments with BUILD bug
bpf: skb_verdict, support SK_PASS on RX BPF path
bpf: sk_msg, fix socket data_ready events
bpf: sk_msg, zap ingress queue on psock down
bpf: sk_msg, sock{map|hash} redirect through ULP
bpf: tls_sw, init TLS ULP removes BPF proto hooks
Martin KaFai Lau (8):
bpf: arm64: Enable arm64 jit to provide bpf_line_info
bpf: Remove bpf_dump_raw_ok() check for func_info and line_info
bpf: Remove !func_info and !line_info check from test_btf and bpftool
bpf: Create a new btf_name_by_offset() for non type name use case
bpf: verbose log bpf_line_info in verifier
bpf: Ensure line_info.insn_off cannot point to insn with zero code
bpf: Add BPF_LD_IMM64 to the line_info test
bpf: sparc64: Enable sparc64 jit to provide bpf_line_info
Matt Mullins (1):
bpf: support raw tracepoints in modules
Prashant Bhole (1):
bpf: libbpf: fix memleak by freeing line_info
Quentin Monnet (7):
tools: bpftool: add doc for -m option to bpftool-prog.rst
tools: bpftool: fix examples in documentation for bpftool prog
tools: bpftool: add a prog array map update example to documentation
tools: bpftool: fix warning on struct bpf_prog_linfo definition
tools: bpftool: fix -Wmissing declaration warnings
tools: bpftool: attempt to mount tracefs if required for tracelog cmd
tools: bpftool: add an option to prevent auto-mount of bpffs, tracefs
Roman Gushchin (3):
bpf: pass struct btf pointer to the map_check_btf() callback
bpf: add bpffs pretty print for cgroup local storage maps
selftests/bpf: add btf annotations for cgroup_local_storage maps
Song Liu (2):
bpf: include sub program tags in bpf_prog_info
bpf: sync tools/include/uapi/linux/bpf.h
Stanislav Fomichev (1):
selftests/bpf: use __bpf_constant_htons in test_prog.c
Yonghong Song (10):
bpf: btf: refactor btf_int_bits_seq_show()
bpf: btf: fix struct/union/fwd types with kind_flag
bpf: enable cgroup local storage map pretty print with kind_flag
tools/bpf: sync btf.h header from kernel to tools
tools/bpf: add test_btf unit tests for kind_flag
tools/bpf: test kernel bpffs map pretty print with struct kind_flag
tools: bpftool: refactor btf_dumper_int_bits()
tools: bpftool: support pretty print with kind_flag set
tools/bpf: check precise {func, line, jited_line}_info_rec_size in test_btf
bpf: log struct/union attribute for forward type
arch/arm64/net/bpf_jit_comp.c | 1 +
arch/sparc/net/bpf_jit_comp_64.c | 1 +
drivers/net/ethernet/netronome/nfp/bpf/jit.c | 27 +-
include/linux/bpf.h | 3 +
include/linux/bpf_verifier.h | 2 +
include/linux/btf.h | 5 +-
include/linux/module.h | 4 +
include/linux/skmsg.h | 9 +
include/linux/socket.h | 1 +
include/linux/trace_events.h | 8 +-
include/net/tls.h | 9 +
include/uapi/linux/bpf.h | 13 +-
include/uapi/linux/btf.h | 20 +-
kernel/bpf/arraymap.c | 1 +
kernel/bpf/btf.c | 393 +++++++++++--
kernel/bpf/cpumap.c | 2 +-
kernel/bpf/local_storage.c | 84 ++-
kernel/bpf/lpm_trie.c | 1 +
kernel/bpf/syscall.c | 80 +--
kernel/bpf/verifier.c | 241 +++++++-
kernel/module.c | 5 +
kernel/trace/bpf_trace.c | 99 +++-
net/core/filter.c | 30 +-
net/core/skmsg.c | 23 +-
net/ipv4/tcp_bpf.c | 15 +-
net/tls/tls_main.c | 14 +-
net/tls/tls_sw.c | 43 +-
net/xdp/xsk.c | 16 +-
tools/bpf/bpftool/Documentation/bpftool-map.rst | 59 ++
tools/bpf/bpftool/Documentation/bpftool-prog.rst | 105 ++--
tools/bpf/bpftool/Documentation/bpftool.rst | 4 +
tools/bpf/bpftool/Makefile | 2 -
tools/bpf/bpftool/bash-completion/bpftool | 31 +-
tools/bpf/bpftool/btf_dumper.c | 63 +-
tools/bpf/bpftool/cfg.c | 36 +-
tools/bpf/bpftool/cfg.h | 38 +-
tools/bpf/bpftool/cgroup.c | 2 +-
tools/bpf/bpftool/common.c | 69 +--
tools/bpf/bpftool/jit_disasm.c | 1 +
tools/bpf/bpftool/json_writer.c | 7 +-
tools/bpf/bpftool/json_writer.h | 1 +
tools/bpf/bpftool/main.c | 42 +-
tools/bpf/bpftool/main.h | 42 +-
tools/bpf/bpftool/map.c | 34 +-
tools/bpf/bpftool/map_perf_ring.c | 2 +-
tools/bpf/bpftool/net.c | 2 +-
tools/bpf/bpftool/netlink_dumper.c | 2 +-
tools/bpf/bpftool/netlink_dumper.h | 2 +-
tools/bpf/bpftool/perf.c | 2 +-
tools/bpf/bpftool/prog.c | 45 +-
tools/bpf/bpftool/tracelog.c | 23 +-
tools/bpf/bpftool/xlated_dumper.c | 43 +-
tools/bpf/bpftool/xlated_dumper.h | 38 +-
tools/include/uapi/linux/bpf.h | 13 +-
tools/include/uapi/linux/btf.h | 20 +-
tools/lib/bpf/bpf_prog_linfo.c | 6 +-
tools/lib/bpf/libbpf.c | 1 +
tools/testing/selftests/bpf/.gitignore | 1 +
tools/testing/selftests/bpf/connect4_prog.c | 6 +-
tools/testing/selftests/bpf/connect6_prog.c | 6 +-
tools/testing/selftests/bpf/netcnt_prog.c | 6 +
tools/testing/selftests/bpf/test_btf.c | 708 ++++++++++++++++++++++-
tools/testing/selftests/bpf/test_progs.c | 8 +-
tools/testing/selftests/bpf/test_verifier.c | 392 +++++++++++--
64 files changed, 2332 insertions(+), 680 deletions(-)
Powered by blists - more mailing lists