lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <2d5d1f2d-d4ab-2449-37c6-e5b319a778d6@iogearbox.net> Date: Mon, 9 Dec 2019 22:27:27 +0100 From: Daniel Borkmann <daniel@...earbox.net> To: Luke Nelson <lukenels@...washington.edu>, Björn Töpel <bjorn.topel@...il.com> Cc: Alexei Starovoitov <ast@...nel.org>, Netdev <netdev@...r.kernel.org>, linux-riscv@...ts.infradead.org, bpf <bpf@...r.kernel.org>, Xi Wang <xi.wang@...il.com> Subject: Re: [PATCH bpf-next 2/8] riscv, bpf: add support for far branching On 12/9/19 10:08 PM, Luke Nelson wrote: [...] > We have been developing a formal verification tool for BPF JIT > compilers, which we have used in the past to find bugs in the RV64 > and x32 BPF JITs: > > https://unsat.cs.washington.edu/projects/serval/ > > Recently I added support for verifying the JIT for branch and jump > instructions, and thought it a good opportunity to verify these > patches that add support for far jumps and branching. > > I ported these patches to our tool and ran verification, which > didn't find any bugs according to our specification of BPF and > RISC-V. > > The tool and code are publicly available, and you can read a more > detailed writeup of the results here: > > https://github.com/uw-unsat/bpf-jit-verif/tree/far-jump-review > > Currently the tool works on a manually translated version of the > JIT from C to Rosette, but we are experimenting with ways of making > this process more automated. This is awesome work! Did you also check for other architectures aside from riscv and x86-32, e.g. x86-64 or arm64? It would be great if we could add such verification tool under tools/bpf/ which would then take the in-tree JIT-code as-is for its analysis and potentially even trigger a run out of BPF selftests. Any thoughts whether such path would be feasible wrt serval? > Reviewed-by: Luke Nelson <lukenels@...washington.edu> > Cc: Xi Wang <xi.wang@...il.com> Thanks, Daniel
Powered by blists - more mailing lists