lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 6 Jan 2020 23:55:26 +0100
From:   Daniel Borkmann <daniel@...earbox.net>
To:     Michal Rostecki <mrostecki@...e.de>, bpf@...r.kernel.org
Cc:     Alexei Starovoitov <ast@...nel.org>,
        Martin KaFai Lau <kafai@...com>,
        Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
        Andrii Nakryiko <andriin@...com>, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH bpf-next 2/2] bpftool: Add misc secion and probe for large
 INSN limit

On 12/27/19 12:06 PM, Michal Rostecki wrote:
> Introduce a new probe section (misc) for probes not related to concrete
> map types, program types, functions or kernel configuration. Introduce a
> probe for large INSN limit as the first one in that section.
> 
> Signed-off-by: Michal Rostecki <mrostecki@...e.de>
> ---
>   tools/bpf/bpftool/feature.c | 18 ++++++++++++++++++
>   1 file changed, 18 insertions(+)
> 
> diff --git a/tools/bpf/bpftool/feature.c b/tools/bpf/bpftool/feature.c
> index 03bdc5b3ac49..4a7359b9a427 100644
> --- a/tools/bpf/bpftool/feature.c
> +++ b/tools/bpf/bpftool/feature.c
> @@ -572,6 +572,18 @@ probe_helpers_for_progtype(enum bpf_prog_type prog_type, bool supported_type,
>   		printf("\n");
>   }
>   
> +static void
> +probe_large_insn_limit(const char *define_prefix, __u32 ifindex)
> +{
> +	bool res;
> +
> +	res = bpf_probe_large_insn_limit(ifindex);
> +	print_bool_feature("have_large_insn_limit",
> +			   "Large complexity limit and maximum program size (1M)",
> +			   "HAVE_LARGE_INSN_LIMIT",

HAVE_LARGE_INSN_LIMIT is good, but official description should not explicitly
state the 1M limit since this could be subject to change. Perhaps just stating
"Large complexity and program size limit" is better suited here.

> +			   res, define_prefix);
> +}
> +
>   static int do_probe(int argc, char **argv)
>   {
>   	enum probe_component target = COMPONENT_UNSPEC;
> @@ -724,6 +736,12 @@ static int do_probe(int argc, char **argv)
>   		probe_helpers_for_progtype(i, supported_types[i],
>   					   define_prefix, ifindex);
>   
> +	print_end_then_start_section("misc",
> +				     "Scanning miscellaneous eBPF features...",
> +				     "/*** eBPF misc features ***/",
> +				     define_prefix);
> +	probe_large_insn_limit(define_prefix, ifindex);
> +
>   exit_close_json:
>   	if (json_output) {
>   		/* End current "section" of probes */
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ