lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 8 Jan 2020 13:41:48 +0000
From:   Michal Rostecki <mrostecki@...nsuse.org>
To:     Quentin Monnet <quentin.monnet@...ronome.com>
Cc:     Michal Rostecki <mrostecki@...nsuse.org>, bpf@...r.kernel.org,
        Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        Martin KaFai Lau <kafai@...com>,
        Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
        Andrii Nakryiko <andriin@...com>,
        Jakub Kicinski <jakub.kicinski@...ronome.com>,
        Stanislav Fomichev <sdf@...gle.com>,
        Peter Wu <peter@...ensteyn.nl>,
        Prashant Bhole <bhole_prashant_q7@....ntt.co.jp>,
        netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH bpf-next v2 2/2] bpftool: Add misc secion and probe for
 large INSN limit

On Tue, Jan 07, 2020 at 02:36:15PM +0000, Quentin Monnet wrote:
> Nit: typo in subject ("secion").
> 
> 2020-01-07 14:03 UTC+0100 ~ Michal Rostecki <mrostecki@...nsuse.org>
> > Introduce a new probe section (misc) for probes not related to concrete
> > map types, program types, functions or kernel configuration. Introduce a
> > probe for large INSN limit as the first one in that section.
> > 
> > Signed-off-by: Michal Rostecki <mrostecki@...nsuse.org>
> > ---
> >  tools/bpf/bpftool/feature.c | 18 ++++++++++++++++++
> >  1 file changed, 18 insertions(+)
> > 
> > diff --git a/tools/bpf/bpftool/feature.c b/tools/bpf/bpftool/feature.c
> > index 03bdc5b3ac49..d8ce93092c45 100644
> > --- a/tools/bpf/bpftool/feature.c
> > +++ b/tools/bpf/bpftool/feature.c
> > @@ -572,6 +572,18 @@ probe_helpers_for_progtype(enum bpf_prog_type prog_type, bool supported_type,
> >  		printf("\n");
> >  }
> >  
> > +static void
> > +probe_large_insn_limit(const char *define_prefix, __u32 ifindex)
> > +{
> > +	bool res;
> > +
> > +	res = bpf_probe_large_insn_limit(ifindex);
> > +	print_bool_feature("have_large_insn_limit",
> > +			   "Large complexity and program size limit",
> 
> I am not sure we should mention "complexity" here. Although it is
> related to program size in the kernel commit you describe, the probe
> that is run is only on instruction number. This can make a difference
> for offloaded programs: When you probe a device, if kernel has commit
> c04c0d2b968a and supports up to 1M instructions, but hardware supports
> no more than 4k instructions, you may still benefit from the new value
> for BPF_COMPLEXITY_LIMIT_INSNS for complexity, but not for the total
> number of available instructions. In that case the probe will fail, and
> the message on complexity would not be accurate.
> 
> Looks good otherwise, thanks Michal!
> 
> Quentin

Thanks for review! Should I change the description just to "Large
program size limit" or "Large instruction limit"?

Michal

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ