lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20240126215710.19855-1-daniel@iogearbox.net>
Date: Fri, 26 Jan 2024 22:57:10 +0100
From: Daniel Borkmann <daniel@...earbox.net>
To: davem@...emloft.net
Cc: kuba@...nel.org,
	pabeni@...hat.com,
	edumazet@...gle.com,
	daniel@...earbox.net,
	ast@...nel.org,
	andrii@...nel.org,
	martin.lau@...ux.dev,
	netdev@...r.kernel.org,
	bpf@...r.kernel.org
Subject: pull-request: bpf-next 2024-01-26

Hi David, hi Jakub, hi Paolo, hi Eric,

The following pull-request contains BPF updates for your *net-next* tree.

We've added 107 non-merge commits during the last 4 day(s) which contain
a total of 101 files changed, 6009 insertions(+), 1260 deletions(-).

The main changes are:

1) Add BPF token support to delegate a subset of BPF subsystem functionality from
   privileged system-wide daemons such as systemd through special mount options
   for userns-bound BPF fs to a trusted & unprivileged application. With addressed
   changes from Christian and Linus' reviews, from Andrii Nakryiko.

2) Support registration of struct_ops types from modules which helps projects like
   fuse-bpf that seeks to implement a new struct_ops type, from Kui-Feng Lee.

3) Add support for retrieval of cookies for perf/kprobe multi links, from Jiri Olsa.

4) Bigger batch of prep-work for the BPF verifier to eventually support preserving
   boundaries and tracking scalars on narrowing fills, from Maxim Mikityanskiy.

5) Extend the tc BPF flavor to support arbitrary TCP SYN cookies to help with
   the scenario of SYN floods, from Kuniyuki Iwashima.

6) Add code generation to inline the bpf_kptr_xchg() helper which improves
   performance when stashing/popping the allocated BPF objects, from Hou Tao.

7) Extend BPF verifier to track aligned ST stores as imprecise spilled
   registers, from Yonghong Song.

8) Several fixes to BPF selftests around inline asm constraints and unsupported
   VLA code generation, from Jose E. Marchesi.

9) Various updates to the BPF IETF instruction set draft document such as the
   introduction of conformance groups for instructions, from Dave Thaler.

10) Fix BPF verifier to make infinite loop detection in is_state_visited()
    exact to catch some too lax spill/fill corner cases, from Eduard Zingerman.

11) Refactor the BPF verifier pointer ALU check to allow ALU explicitly instead
    of implicitly for various register types, from Hao Sun.

12) Fix the flaky tc_redirect_dtime BPF selftest due to slowness in neighbor
    advertisement at setup time, from Martin KaFai Lau.

13) Change BPF selftests to skip callback tests for the case when the JIT is
    disabled, from Tiezhu Yang.

14) Add a small extension to libbpf which allows to auto create a map-in-map's
    inner map, from Andrey Grafin.

Please consider pulling these changes from:

  git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git tags/for-netdev

Thanks a lot!

Also thanks to reporters, reviewers and testers of commits in this pull-request:

Andrii Nakryiko, Christian Brauner, David Vernet, Eduard Zingerman, Eric 
Dumazet, Hou Tao, Jiri Olsa, John Fastabend, kernel test robot, Kuniyuki 
Iwashima, Paul Moore, Quentin Monnet, Simon Horman, Song Liu, Yafang 
Shao, Yonghong Song

----------------------------------------------------------------

The following changes since commit 2121c43f88f593eea51d483bedd638cb0623c7e2:

  Merge branch 'inet_diag-remove-three-mutexes-in-diag-dumps' (2024-01-23 15:18:43 +0100)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git tags/for-netdev

for you to fetch changes up to fa7178b0f12e55a4f2d4906df3f25d6d4f88d962:

  selftests/bpf: Add missing line break in test_verifier (2024-01-26 11:09:32 -0800)

----------------------------------------------------------------
bpf-next-for-netdev

----------------------------------------------------------------
Alexei Starovoitov (4):
      Merge branch 'bpf-inline-bpf_kptr_xchg'
      bpf: Minor improvements for bpf_cmp.
      Merge branch 'enable-the-inline-of-kptr_xchg-for-arm64'
      Merge branch 'bpf-add-cookies-retrieval-for-perf-kprobe-multi-links'

Andrey Grafin (2):
      libbpf: Apply map_set_def_max_entries() for inner_maps on creation
      selftest/bpf: Add map_in_maps with BPF_MAP_TYPE_PERF_EVENT_ARRAY values

Andrii Nakryiko (38):
      selftests/bpf: fix test_loader check message
      bpf: make sure scalar args don't accept __arg_nonnull tag
      bpf: prepare btf_prepare_func_args() for multiple tags per argument
      bpf: support multiple tags per argument
      selftests/bpf: detect testing prog flags support
      libbpf: call dup2() syscall directly
      Merge branch 'skip-callback-tests-if-jit-is-disabled-in-test_verifier'
      bpf: Align CAP_NET_ADMIN checks with bpf_capable() approach
      bpf: Add BPF token delegation mount options to BPF FS
      bpf: Introduce BPF token object
      bpf: Add BPF token support to BPF_MAP_CREATE command
      bpf: Add BPF token support to BPF_BTF_LOAD command
      bpf: Add BPF token support to BPF_PROG_LOAD command
      bpf: Take into account BPF token when fetching helper protos
      bpf: Consistently use BPF token throughout BPF verifier logic
      bpf,lsm: Refactor bpf_prog_alloc/bpf_prog_free LSM hooks
      bpf,lsm: Refactor bpf_map_alloc/bpf_map_free LSM hooks
      bpf,lsm: Add BPF token LSM hooks
      libbpf: Add bpf_token_create() API
      libbpf: Add BPF token support to bpf_map_create() API
      libbpf: Add BPF token support to bpf_btf_load() API
      libbpf: Add BPF token support to bpf_prog_load() API
      selftests/bpf: Add BPF token-enabled tests
      bpf,selinux: Allocate bpf_security_struct per BPF token
      bpf: Fail BPF_TOKEN_CREATE if no delegation option was set on BPF FS
      bpf: Support symbolic BPF FS delegation mount options
      selftests/bpf: Utilize string values for delegate_xxx mount options
      libbpf: Split feature detectors definitions from cached results
      libbpf: Further decouple feature checking logic from bpf_object
      libbpf: Move feature detection code into its own file
      libbpf: Wire up token_fd into feature probing logic
      libbpf: Wire up BPF token support at BPF object level
      selftests/bpf: Add BPF object loading tests with explicit token passing
      selftests/bpf: Add tests for BPF object load with implicit token
      libbpf: Support BPF token path setting through LIBBPF_BPF_TOKEN_PATH envvar
      selftests/bpf: Add tests for LIBBPF_BPF_TOKEN_PATH envvar
      selftests/bpf: Incorporate LSM policy to token-based tests
      Merge branch 'bpf-token'

Artem Savkov (1):
      selftests/bpf: Fix potential premature unload in bpf_testmod

Daniel Borkmann (1):
      bpf: Sync uapi bpf.h header for the tooling infra

Dave Thaler (3):
      Introduce concept of conformance groups
      bpf, docs: Clarify that MOVSX is only for BPF_X not BPF_K
      bpf, docs: Clarify definitions of various instructions

Dima Tisnek (1):
      libbpf: Correct bpf_core_read.h comment wrt bpf_core_relo struct

Eduard Zingerman (3):
      bpf: make infinite loop detection in is_state_visited() exact
      selftests/bpf: check if imprecise stack spills confuse infinite loop detection
      bpf: One more maintainer for libbpf and BPF selftests

Hao Sun (1):
      bpf: Refactor ptr alu checking rules to allow alu explicitly

Hou Tao (5):
      bpf: Support inlining bpf_kptr_xchg() helper
      selftests/bpf: Factor out get_xlated_program() helper
      selftests/bpf: Test the inlining of bpf_kptr_xchg()
      bpf, arm64: Enable the inline of bpf_kptr_xchg()
      selftests/bpf: Enable kptr_xchg_inline test for arm64

Jiri Olsa (8):
      bpf: Add cookie to perf_event bpf_link_info records
      bpf: Store cookies in kprobe_multi bpf_link_info data
      bpftool: Fix wrong free call in do_show_link
      selftests/bpf: Add cookies check for kprobe_multi fill_link_info test
      selftests/bpf: Add cookies check for perf_event fill_link_info test
      selftests/bpf: Add fill_link_info test for perf event
      bpftool: Display cookie for perf event link probes
      bpftool: Display cookie for kprobe multi link

Jose E. Marchesi (3):
      bpf: avoid VLAs in progs/test_xdp_dynptr.c
      bpf: fix constraint in test_tcpbpf_kern.c
      bpf: Use r constraint instead of p constraint in selftests

Kui-Feng Lee (15):
      bpf: refactory struct_ops type initialization to a function.
      bpf: get type information with BTF_ID_LIST
      bpf, net: introduce bpf_struct_ops_desc.
      bpf: add struct_ops_tab to btf.
      bpf: make struct_ops_map support btfs other than btf_vmlinux.
      bpf: pass btf object id in bpf_map_info.
      bpf: lookup struct_ops types from a given module BTF.
      bpf: pass attached BTF to the bpf_struct_ops subsystem
      bpf: hold module refcnt in bpf_struct_ops map creation and prog verification.
      bpf: validate value_type
      bpf, net: switch to dynamic registration
      libbpf: Find correct module BTFs for struct_ops maps and progs.
      bpf: export btf_ctx_access to modules.
      selftests/bpf: test case for register_bpf_struct_ops().
      bpf: Fix error checks against bpf_get_btf_vmlinux().

Kuniyuki Iwashima (7):
      tcp: Move tcp_ns_to_ts() to tcp.h
      tcp: Move skb_steal_sock() to request_sock.h
      bpf: tcp: Handle BPF SYN Cookie in skb_steal_sock().
      bpf: tcp: Handle BPF SYN Cookie in cookie_v[46]_check().
      bpf: tcp: Support arbitrary SYN Cookie.
      selftest: bpf: Test bpf_sk_assign_tcp_reqsk().
      bpf: Define struct bpf_tcp_req_attrs when CONFIG_SYN_COOKIES=n.

Martin KaFai Lau (5):
      Merge branch 'bpf: tcp: Support arbitrary SYN Cookie at TC.'
      Merge branch 'Registrating struct_ops types from modules'
      selftests/bpf: Fix the flaky tc_redirect_dtime test
      selftests/bpf: Wait for the netstamp_needed_key static key to be turned on
      libbpf: Ensure undefined bpf_attr field stays 0

Maxim Mikityanskiy (7):
      selftests/bpf: Fix the u64_offset_to_skb_data test
      bpf: Make bpf_for_each_spilled_reg consider narrow spills
      selftests/bpf: Add a test case for 32-bit spill tracking
      bpf: Add the assign_scalar_id_before_mov function
      bpf: Add the get_reg_width function
      bpf: Assign ID to scalars on spill
      selftests/bpf: Test assigning ID to scalars on spill

Nathan Chancellor (1):
      selftests/bpf: Update LLVM Phabricator links

Randy Dunlap (1):
      net: filter: fix spelling mistakes

Tiezhu Yang (4):
      bpftool: Silence build warning about calloc()
      selftests/bpf: Move is_jit_enabled() into testing_helpers
      selftests/bpf: Skip callback tests if jit is disabled in test_verifier
      selftests/bpf: Add missing line break in test_verifier

Victor Stewart (1):
      bpf, docs: Fix bpf_redirect_peer header doc

Yonghong Song (3):
      bpf: Track aligned st store as imprecise spilled registers
      selftests/bpf: Add a selftest with not-8-byte aligned BPF_ST
      docs/bpf: Fix an incorrect statement in verifier.rst

 .../bpf/standardization/instruction-set.rst        |   80 +-
 Documentation/bpf/verifier.rst                     |    2 +-
 MAINTAINERS                                        |    3 +
 arch/arm64/net/bpf_jit_comp.c                      |    5 +
 arch/x86/net/bpf_jit_comp.c                        |    5 +
 drivers/media/rc/bpf-lirc.c                        |    2 +-
 include/linux/bpf.h                                |  142 ++-
 include/linux/bpf_verifier.h                       |    3 +-
 include/linux/btf.h                                |   13 +
 include/linux/filter.h                             |    3 +-
 include/linux/lsm_hook_defs.h                      |   15 +-
 include/linux/security.h                           |   43 +-
 include/net/request_sock.h                         |   39 +
 include/net/sock.h                                 |   25 -
 include/net/tcp.h                                  |   45 +
 include/uapi/linux/bpf.h                           |   78 +-
 kernel/bpf/Makefile                                |    2 +-
 kernel/bpf/arraymap.c                              |    2 +-
 kernel/bpf/bpf_lsm.c                               |   15 +-
 kernel/bpf/bpf_struct_ops.c                        |  433 ++++----
 kernel/bpf/bpf_struct_ops_types.h                  |   12 -
 kernel/bpf/btf.c                                   |  268 ++++-
 kernel/bpf/cgroup.c                                |    6 +-
 kernel/bpf/core.c                                  |   13 +-
 kernel/bpf/helpers.c                               |    7 +-
 kernel/bpf/inode.c                                 |  276 ++++-
 kernel/bpf/syscall.c                               |  234 +++--
 kernel/bpf/token.c                                 |  278 ++++++
 kernel/bpf/verifier.c                              |  148 ++-
 kernel/trace/bpf_trace.c                           |   17 +-
 net/bpf/bpf_dummy_struct_ops.c                     |   22 +-
 net/core/filter.c                                  |  155 ++-
 net/core/sock.c                                    |   14 +-
 net/ipv4/bpf_tcp_ca.c                              |   22 +-
 net/ipv4/syncookies.c                              |   40 +-
 net/ipv6/syncookies.c                              |   13 +-
 net/netfilter/nf_bpf_link.c                        |    2 +-
 security/security.c                                |  101 +-
 security/selinux/hooks.c                           |   47 +-
 tools/bpf/bpftool/link.c                           |   94 +-
 tools/bpf/bpftool/prog.c                           |    2 +-
 tools/include/uapi/linux/bpf.h                     |   79 +-
 tools/lib/bpf/Build                                |    2 +-
 tools/lib/bpf/bpf.c                                |   42 +-
 tools/lib/bpf/bpf.h                                |   38 +-
 tools/lib/bpf/bpf_core_read.h                      |    2 +-
 tools/lib/bpf/btf.c                                |   10 +-
 tools/lib/bpf/elf.c                                |    2 -
 tools/lib/bpf/features.c                           |  503 ++++++++++
 tools/lib/bpf/libbpf.c                             |  604 +++--------
 tools/lib/bpf/libbpf.h                             |   21 +-
 tools/lib/bpf/libbpf.map                           |    1 +
 tools/lib/bpf/libbpf_internal.h                    |   50 +-
 tools/lib/bpf/libbpf_probes.c                      |   12 +-
 tools/lib/bpf/str_error.h                          |    3 +
 tools/testing/selftests/bpf/README.rst             |   32 +-
 tools/testing/selftests/bpf/bpf_experimental.h     |   21 +-
 tools/testing/selftests/bpf/bpf_kfuncs.h           |   10 +
 .../selftests/bpf/bpf_testmod/bpf_testmod.c        |   75 ++
 .../selftests/bpf/bpf_testmod/bpf_testmod.h        |    5 +
 tools/testing/selftests/bpf/config                 |    1 +
 .../selftests/bpf/prog_tests/bpf_verif_scale.c     |    2 +-
 .../testing/selftests/bpf/prog_tests/ctx_rewrite.c |   44 -
 .../selftests/bpf/prog_tests/fill_link_info.c      |  114 ++-
 .../selftests/bpf/prog_tests/kptr_xchg_inline.c    |   51 +
 .../selftests/bpf/prog_tests/libbpf_probes.c       |    4 +
 .../testing/selftests/bpf/prog_tests/libbpf_str.c  |    6 +
 .../testing/selftests/bpf/prog_tests/reg_bounds.c  |    2 +-
 .../testing/selftests/bpf/prog_tests/tc_redirect.c |   90 +-
 .../bpf/prog_tests/tcp_custom_syncookie.c          |  150 +++
 .../bpf/prog_tests/test_struct_ops_module.c        |   75 ++
 tools/testing/selftests/bpf/prog_tests/token.c     | 1052 ++++++++++++++++++++
 tools/testing/selftests/bpf/prog_tests/xdpwall.c   |    2 +-
 tools/testing/selftests/bpf/progs/bpf_misc.h       |    2 +-
 .../testing/selftests/bpf/progs/bpf_tracing_net.h  |   16 +
 tools/testing/selftests/bpf/progs/iters.c          |    4 +-
 .../testing/selftests/bpf/progs/kptr_xchg_inline.c |   48 +
 tools/testing/selftests/bpf/progs/priv_map.c       |   13 +
 tools/testing/selftests/bpf/progs/priv_prog.c      |   13 +
 .../selftests/bpf/progs/struct_ops_module.c        |   30 +
 .../selftests/bpf/progs/test_core_reloc_type_id.c  |    2 +-
 .../selftests/bpf/progs/test_fill_link_info.c      |    6 +
 .../testing/selftests/bpf/progs/test_map_in_map.c  |   26 +
 tools/testing/selftests/bpf/progs/test_siphash.h   |   64 ++
 .../bpf/progs/test_tcp_custom_syncookie.c          |  572 +++++++++++
 .../bpf/progs/test_tcp_custom_syncookie.h          |  140 +++
 .../testing/selftests/bpf/progs/test_tcpbpf_kern.c |    2 +-
 .../testing/selftests/bpf/progs/test_xdp_dynptr.c  |   10 +-
 tools/testing/selftests/bpf/progs/token_lsm.c      |   32 +
 .../bpf/progs/verifier_direct_packet_access.c      |    2 +-
 .../testing/selftests/bpf/progs/verifier_loops1.c  |   24 +
 .../selftests/bpf/progs/verifier_spill_fill.c      |  229 ++++-
 tools/testing/selftests/bpf/test_loader.c          |    4 +-
 tools/testing/selftests/bpf/test_maps.c            |    6 +-
 tools/testing/selftests/bpf/test_progs.c           |   18 -
 tools/testing/selftests/bpf/test_sock_addr.c       |    3 +-
 tools/testing/selftests/bpf/test_verifier.c        |   60 +-
 tools/testing/selftests/bpf/testing_helpers.c      |   92 +-
 tools/testing/selftests/bpf/testing_helpers.h      |    8 +
 .../selftests/bpf/verifier/bpf_loop_inline.c       |    6 +
 tools/testing/selftests/bpf/verifier/precise.c     |    6 +-
 101 files changed, 6009 insertions(+), 1260 deletions(-)
 delete mode 100644 kernel/bpf/bpf_struct_ops_types.h
 create mode 100644 kernel/bpf/token.c
 create mode 100644 tools/lib/bpf/features.c
 create mode 100644 tools/testing/selftests/bpf/prog_tests/kptr_xchg_inline.c
 create mode 100644 tools/testing/selftests/bpf/prog_tests/tcp_custom_syncookie.c
 create mode 100644 tools/testing/selftests/bpf/prog_tests/test_struct_ops_module.c
 create mode 100644 tools/testing/selftests/bpf/prog_tests/token.c
 create mode 100644 tools/testing/selftests/bpf/progs/kptr_xchg_inline.c
 create mode 100644 tools/testing/selftests/bpf/progs/priv_map.c
 create mode 100644 tools/testing/selftests/bpf/progs/priv_prog.c
 create mode 100644 tools/testing/selftests/bpf/progs/struct_ops_module.c
 create mode 100644 tools/testing/selftests/bpf/progs/test_siphash.h
 create mode 100644 tools/testing/selftests/bpf/progs/test_tcp_custom_syncookie.c
 create mode 100644 tools/testing/selftests/bpf/progs/test_tcp_custom_syncookie.h
 create mode 100644 tools/testing/selftests/bpf/progs/token_lsm.c

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ