pied from iproute2, where the feature is
> available with "tc exec bpf dbg". Changes include dumping pipe content
> to stdout instead of stderr and adding JSON support (content is dumped
> as an array of strings, one per line read from the pipe). This version
> is dual-licensed, wit
On 12/04/2018 07:46 AM, Alexei Starovoitov wrote:
> Three patches to improve verifier ability to handle pathological bpf programs
> with a lot of branches:
> - make sure prog_load syscall can be aborted
> - improve branch taken analysis
> - introduce per-insn complexity limit for unprivileged
On 12/03/2018 11:39 AM, Daniel T. Lee wrote:
> When NULL pointer accidentally passed to write_kprobe_events,
> due to strlen(NULL), segmentation fault happens.
> Changed code returns -1 to deal with this situation.
>
> Bug issued with Smatch, static analysis.
>
> Signed-off-by: Daniel T. Lee
On 12/03/2018 01:13 PM, Quentin Monnet wrote:
> The missing indentation on the "Return" sections for bpf_map_pop_elem()
> and bpf_map_peek_elem() helpers break RST and man pages generation. This
> patch fixes them, and moves the description of those two helpers towards
> the end of the list (even
On 12/03/2018 02:18 AM, Willem de Bruijn wrote:
> From: Petar Penkov
>
> The pkt_len field in qdisc_skb_cb stores the skb length as it will
> appear on the wire after segmentation. For byte accounting, this value
> is more accurate than skb->len. It is computed on entry to the TC
> layer, so
On 12/03/2018 08:48 AM, Song Liu wrote:
> On Sun, Dec 2, 2018 at 1:04 PM Andrey Ignatov wrote:
>>
>> The whole libbpf is licensed as (LGPL-2.1 OR BSD-2-Clause). I missed it
>> while adding README.rst. Fix it and use same license as all other files
>> in libbpf do. Since I'm the only author of
On 12/01/2018 12:42 AM, Willem de Bruijn wrote:
> On Fri, Nov 30, 2018 at 5:48 PM Song Liu wrote:
>>
>> On Fri, Nov 30, 2018 at 12:09 PM Willem de Bruijn
>> wrote:
>>>
>>> From: Petar Penkov
>>>
>>> The pkt_len field in qdisc_skb_cb stores the skb length as it will
>>> appear on the wire after
: 2dbb9b9e6df6 ("bpf: Introduce BPF_PROG_TYPE_SK_REUSEPORT")
Reported-by: David S. Miller
Signed-off-by: Daniel Borkmann
Acked-by: David S. Miller
---
include/linux/filter.h | 7 +++
include/uapi/linux/bpf.h | 17 -
net/core/filter.c
On 12/01/2018 12:33 AM, Alexei Starovoitov wrote:
> On Wed, Nov 28, 2018 at 11:02:00AM -0800, David Miller wrote:
>> From: Daniel Borkmann
>> Date: Wed, 28 Nov 2018 11:34:55 +0100
>>
>>> Yeah fully agree. Thinking diff below should address it, do you
>>
API and ABI conventions
Daniel Borkmann (1):
Merge branch 'bpf-sk-msg-pop-data'
David Miller (2):
bpf: Avoid unnecessary instruction in convert_bpf_ld_abs()
bpf: Fix various lib and testsuite build failures on 32-bit.
John Fastabend (3):
bpf: helper to pop data from messages
On 11/30/2018 12:47 AM, Jakub Kicinski wrote:
> On Thu, 29 Nov 2018 15:31:45 -0800, Yonghong Song wrote:
>> During porting libbpf to bcc, I got some warnings like below:
>> ...
>> [ 2%] Building C object
>> src/cc/CMakeFiles/bpf-shared.dir/libbpf/src/libbpf.c.o
>>
On 11/27/2018 04:24 PM, Naresh Kamboju wrote:
> CONFIG_FTRACE_SYSCALLS=y is required for get_cgroup_id_user test case
> this test reads a file from debug trace path
> /sys/kernel/debug/tracing/events/syscalls/sys_enter_nanosleep/id
>
> Signed-off-by: Naresh Kamboju
> ---
>
On 11/26/2018 11:16 PM, John Fastabend wrote:
> After being able to add metadata to messages with sk_msg_push_data we
> have also found it useful to be able to "pop" this metadata off before
> sending it to applications in some cases. This series adds a new helper
> sk_msg_pop_data() and the
On 11/27/2018 11:25 PM, David Miller wrote:
>
> In the linux/bpf.h UAPI header, we must absolutely avoid any
> non-fixed-sized types.
>
> Otherwise we have serious problems on 32-bit.
>
> Unfortunately I discovered today that we have take on two such cases,
> sk_msg_md and sk_reuseport_md, both
On 11/28/2018 08:51 AM, Prashant Bhole wrote:
> This patch adds tests to check whether bpf verifier prevents lookup
> on queue/stack maps
>
> Signed-off-by: Prashant Bhole
> ---
> tools/testing/selftests/bpf/test_verifier.c | 52 +
> 1 file changed, 52 insertions(+)
>
>
On 11/27/2018 04:06 AM, Alexei Starovoitov wrote:
> On Fri, Nov 23, 2018 at 04:44:31PM -0800, Andrey Ignatov wrote:
>> This patch set adds ABI versioning and documentation to libbpf.
>>
>> Patch 1 renames btf_get_from_id to btf__get_from_id to follow naming
>> convention.
>> Patch 2 adds version
to 2b9034b5eaddc09c0e9529b93446eb975f97f814:
sparc: Adjust bpf JIT prologue for PSEUDO calls. (2018-11-27 09:46:52 +0100)
Alexei Starovoitov (1):
Merge branch 'arm64-jit-fixes'
Daniel Borkmann (3):
bpf, ppc64: generalize fetching subprog
On 11/27/2018 06:55 AM, David Miller wrote:
>
> Move all arguments into output registers from input registers.
>
> This path is exercised by test_verifier.c's "calls: two calls with
> args" test. Adjust BPF_TAILCALL_PROLOGUE_SKIP as needed.
>
> Let's also make the prologue length a constant
as well.
Signed-off-by: Daniel Borkmann
Acked-by: Alexei Starovoitov
Acked-by: Naveen N. Rao
Acked-by: Sandipan Das
Acked-by: Martin Schwidefsky
Acked-by: Heiko Carstens
Acked-by: David S. Miller
Acked-by: Zi Shen Lim
Acked-by: Paul Burton
Acked-by: Jakub Kicinski
Acked-by: Wang YanQing
On 11/26/2018 10:42 PM, David Miller wrote:
>
> 'offset' is constant and if it is zero, no need to subtract it
> from BPF_REG_TMP.
>
> Signed-off-by: David S. Miller
Applied to bpf-next, thanks!
On 11/26/2018 01:45 PM, Lorenz Bauer wrote:
> On Sat, 24 Nov 2018 at 22:20, Alexei Starovoitov
> wrote:
>> On Fri, Nov 23, 2018 at 11:25:11PM +0100, Daniel Borkmann wrote:
>>> On 11/22/2018 03:09 PM, Lorenz Bauer wrote:
[...]
>>>> LIBBPF_API int bpf_prog_test_
oad
tools/bpf: fix spelling mistake "memeory" -> "memory"
bpf: btf: fix spelling mistake "Memmber" -> "Member"
Daniel Borkmann (3):
Merge branch 'bpf-max-pkt-offset'
Merge branch 'bpf-zero-hash-seed'
Merge branch 'bpf-libbpf
g through JIT passes, or a dynamic one. For
the former, JITs can optimize their imm emission because this doesn't
change jump offsets throughout JIT process.
Signed-off-by: Daniel Borkmann
Reviewed-by: Sandipan Das
Tested-by: Sandipan Das
---
arch/powerpc/net/bpf_jit_comp
eir address can use the optimized emission. Tested on Cavium ThunderX
CN8890.
Fixes: db496944fdaa ("bpf: arm64: add JIT support for multi-function programs")
Signed-off-by: Daniel Borkmann
---
arch/arm64/net/bpf_jit_comp.c | 26 +-
1 file changed, 17 insertions(+
This set contains a fix for arm64 BPF JIT. First patch generalizes
ppc64 way of retrieving subprog into bpf_jit_get_func_addr() as core
code and uses the same on arm64 in second patch. Tested on both arm64
and ppc64.
Thanks!
Daniel Borkmann (2):
bpf, ppc64: generalize fetching subprog
On 11/23/2018 02:38 AM, John Fastabend wrote:
> This adds a BPF SK_MSG program helper so that we can pop data from a
> msg. We use this to pop metadata from a previous push data call.
>
> Signed-off-by: John Fastabend
> ---
> include/uapi/linux/bpf.h | 13 +++-
> net/core/filter.c| 169
On 11/23/2018 02:38 AM, John Fastabend wrote:
> After being able to add metadata to messages with sk_msg_push_data we
> have also found it useful to be able to "pop" this metadata off before
> sending it to applications in some cases. This series adds a new helper
> sk_msg_pop_data() and the
On 11/24/2018 12:58 AM, David Calavera wrote:
> Make the formatting for map_type_name array consistent.
>
> Signed-off-by: David Calavera
Applied, thanks!
On 11/24/2018 12:48 AM, Rustam Kovhaev wrote:
> Building tags produces warning:
> ctags: Warning: kernel/bpf/local_storage.c:10: null expansion of name
> pattern "\1"
>
> Let's use the same fix as in commit <25528213fe9f75f4>, even though it
> violates the usual code style.
>
> Signed-off-by:
Hi David,
The following pull-request contains BPF updates for your *net* tree.
The main changes are:
1) Fix an off-by-one bug when adjusting subprog start offsets after
patching, from Edward.
2) Fix several bugs such as overflow in size allocation in queue /
stack map creation, from
On 11/22/2018 03:09 PM, Lorenz Bauer wrote:
> Add a new function, which encourages safe usage of the test interface.
> bpf_prog_test_run continues to work as before, but should be considered
> unsafe.
>
> Signed-off-by: Lorenz Bauer
Set looks good to me, thanks! Three small things below:
> ---
On 11/23/2018 09:58 PM, Nikita V. Shirokov wrote:
> currently by default libbpf's bpf_object__open requires
> bpf's program to specify version in a code because of two things:
> 1) default prog type is set to KPROBE
> 2) KPROBE requires (in kernel/bpf/syscall.c) version to be specified
>
> in
On 11/22/2018 11:14 PM, Daniel T. Lee wrote:
> Currently, kprobe_events failure won't be handled properly.
> Due to calling system() indirectly to write to kprobe_events,
> it can't be identified whether an error is derived from kprobe or system.
>
> // buf = "echo '%c:%s %s' >>
On 11/23/2018 06:48 PM, David Calavera wrote:
> Hi,
>
> Sorry for the mistake, I'll send a new patch. Before doing that, I've
> noticed that the array of map names in tools/bpf/bpftool/map.c is very
> inconsistent in formatting, some lines use tabs to align the names, others
> use spaces, and
On 11/23/2018 05:43 PM, Martynas Pumputis wrote:
> A format string consisting of "%p" or "%s" followed by an invalid
> specifier (e.g. "%p%\n" or "%s%") could pass the check which
> would make format_decode (lib/vsprintf.c) to warn.
>
> Reported-by:
[ +Wang ]
On 11/22/2018 07:03 AM, Nikita V. Shirokov wrote:
> currently by default libbpf's bpf_object__open requires
> bpf's program to specify version in a code because of two things:
> 1) default prog type is set to KPROBE
> 2) KPROBE requires (in kernel/bpf/syscall.c) version to be specified
Hi Martynas,
On 11/22/2018 05:00 PM, Martynas Pumputis wrote:
> A format string consisting of "%p" or "%s" followed by an invalid
> specifier (e.g. "%p%\n" or "%s%") could pass the check which
> would make format_decode (lib/vsprintf.c) to warn.
>
> Reported-by:
On 11/22/2018 07:49 PM, Alexei Starovoitov wrote:
> fix the following issues:
> - allow queue_stack_map for root only
> - fix u32 max_entries overflow
> - disallow value_size == 0
>
> Reported-by: Wei Wu
> Fixes: f1a2e44a3aec ("bpf: add queue and stack maps")
> Signed-off-by: Alexei Starovoitov
Hi Naresh,
On 11/21/2018 06:53 PM, Y Song wrote:
> On Wed, Nov 21, 2018 at 3:44 AM Naresh Kamboju
> wrote:
>>
>> Kselftest bpf get_cgroup_id_user is failed on all devices.
>>
>> selftests: bpf: get_cgroup_id_user
>> main:PASS:setup_cgroup_environment
>> main:PASS:create_and_get_cgroup
>>
On 11/21/2018 05:07 PM, Daniel T. Lee wrote:
> Currently, kprobe_events failure won't be handled properly.
> Due to calling system() indirectly to write to kprobe_events,
> it can't be identified whether an error is derived from kprobe or system.
>
> // buf = "echo '%c:%s %s' >>
On 11/21/2018 11:22 PM, Alexei Starovoitov wrote:
> On 11/21/18 12:18 PM, Yonghong Song wrote:
>> On 11/21/18 9:40 AM, Andrey Ignatov wrote:
>>> More and more projects use libbpf and one day it'll likely be packaged
>>> and distributed as DSO and that requires ABI versioning so that both
>>>
ugh attention is paid
> to endianness.
>
> I was able to remove ~55 % of longest_prefix_match() cpu costs.
>
> [1]
> https://linuxplumbersconf.org/event/2/contributions/88/attachments/76/87/lpc-bpf-2018-shaping.pdf
>
> Signed-off-by: Eric Dumazet
> Cc: Vlad Dumitrescu
> Cc
On 11/21/2018 10:53 PM, Jakub Kicinski wrote:
> This patch fixes a possible null pointer dereference in
> do_load, detected by the semantic patch deref_null.cocci,
> with the following warning:
>
> ./tools/bpf/bpftool/prog.c:1021:23-25: ERROR: map_replace is NULL but
> dereferenced.
>
> The
On 11/21/2018 07:48 PM, Vlad Dumitrescu wrote:
> On Wed, Nov 21, 2018 at 5:08 AM Eric Dumazet wrote:
>> On 11/20/2018 06:40 PM, Alexei Starovoitov wrote:
>>>
>>> looks good to me.
>>>
>>> Any particular reason you decided to disable it for cg_skb ?
>>> It seems to me the same EDT approach will
On 11/21/2018 05:55 AM, Nikita V. Shirokov wrote:
> in this patch series i'm adding a helper for libbpf which would allow
> it to load map-in-map(BPF_MAP_TYPE_ARRAY_OF_MAPS and
> BPF_MAP_TYPE_HASH_OF_MAPS).
> first patch contains new helper + explains proposed workflow
> second patch contains
On 11/21/2018 02:11 AM, Stanislav Fomichev wrote:
> It currently only checks whether kernel supports map/prog names.
> This capability check will be used in the next two commits to skip setting
> prog/map names.
>
> Suggested-by: Daniel Borkmann
> Signed-off-by: Stanislav Fomi
On 11/21/2018 06:29 PM, Stanislav Fomichev wrote:
> Wrap headers in extern "C", to turn off C++ mangling.
> This simplifies including libbpf in c++ and linking against it.
>
> v2 changes:
> * do the same for btf.h
>
> v3 changes:
> * test_libbpf.cpp to test for possible future c++ breakages
>
>
On 11/21/2018 08:22 PM, Yonghong Song wrote:
> Commit 2993e0515bb4 ("tools/bpf: add support to read .BTF.ext sections")
> added support to read .BTF.ext sections from an object file, create
> and pass prog_btf_fd and func_info to the kernel.
>
> The program btf_fd (prog->btf_fd) is initialized to
Hi Eric,
On 11/20/2018 02:49 PM, Eric Dumazet wrote:
> On 11/20/2018 02:17 AM, Paolo Abeni wrote:
>> Eric noted that with UDP GRO and napi timeout, we could keep a single
>> UDP packet inside the GRO hash forever, if the related NAPI instance
>> calls napi_gro_complete() at an higher frequency
On 11/21/2018 12:04 AM, Alexei Starovoitov wrote:
> On Tue, Nov 20, 2018 at 01:19:05PM -0800, Stanislav Fomichev wrote:
>> On 11/20, Alexei Starovoitov wrote:
>>> On Mon, Nov 19, 2018 at 04:46:25PM -0800, Stanislav Fomichev wrote:
[Recent commit 23499442c319 ("bpf: libbpf: retry map creation
On 11/13/2018 05:35 PM, Nicolas Dichtel wrote:
> This new mode enables to add or remove an l2 header in a programmatic way
> with cls_bpf.
> For example, it enables to play with mpls headers.
>
> Signed-off-by: Nicolas Dichtel
> Acked-by: Martin KaFai Lau
(Sorry for late reply, swamped due to
On 11/19/2018 03:30 PM, Lorenz Bauer wrote:
> On Sun, 18 Nov 2018 at 06:13, Y Song wrote:
>>
>> There is a slight change of user space behavior for this patch.
>> Without this patch, the value bpf_attr.test.data_size_out is output only.
>> For example,
>>output buffer : out_buf (user
about unexpected non-zero data. Retry sys_bpf without a map
> name to cover older kernels.
>
> v2 changes:
> * check for errno == EINVAL as suggested by Daniel Borkmann
>
> Signed-off-by: Stanislav Fomichev
Applied to bpf-next, thanks!
On 11/16/2018 12:41 PM, Lorenz Bauer wrote:
> Allow forcing the seed of a hash table to zero, for deterministic
> execution during benchmarking and testing.
>
> Changes from v2:
> * Change ordering of BPF_F_ZERO_SEED in linux/bpf.h
>
> Comments adressed from v1:
> * Add comment to discourage
On 11/19/2018 10:35 PM, Stanislav Fomichev wrote:
> Since commit 88cda1c9da02 ("bpf: libbpf: Provide basic API support
> to specify BPF obj name"), libbpf unconditionally sets bpf_attr->name
> for maps. Pre v4.14 kernels don't know about map names and return an
> error about unexpected non-zero
On 11/10/2018 07:58 PM, Michał Mirosław wrote:
> Signed-off-by: Michał Mirosław
Why you have empty commit messages for non-trivial changes like this in
4 out of 6 of your patches ...
How was it tested on the JITs you were changing? Did you test on both,
big and little endian machines?
> ---
>
On 11/10/2018 10:47 PM, David Miller wrote:
> From: Michał Mirosław
> Date: Sat, 10 Nov 2018 19:58:29 +0100
>
>> Fix BPF code/JITs to allow for separate VLAN_PRESENT flag
>> storage and finally move the flag to separate storage in skbuff.
>>
>> This is final step to make CLAN.CFI transparent to
On 11/17/2018 07:57 PM, Ard Biesheuvel wrote:
> Commit ede95a63b5e84 ("bpf: add bpf_jit_limit knob to restrict unpriv
> allocations") added a call to bpf_jit_uncharge_modmem() to the routine
> bpf_jit_binary_free() which is called from the __weak bpf_jit_free().
> This function is overridden by
On 10/29/2018 05:02 AM, Nitin Hande wrote:
>
> This patch proposes to extend the sk_lookup() BPF API to the
> XDP hookpoint. The sk_lookup() helper supports a lookup
> on incoming packet to find the corresponding socket that will
> receive this packet. Current support for this BPF API is
> at the
On 11/08/2018 10:25 PM, Jakub Kicinski wrote:
> On Thu, 8 Nov 2018 13:00:07 -0800, David Ahern wrote:
>> From: David Ahern
>>
>> bpftool output is not user friendly when dumping a map with only a few
>> populated entries:
>>
>> $ bpftool map
>> 1: devmap name tx_devmap flags 0x0
>>
On 11/08/2018 10:08 AM, Jiong Wang wrote:
> The maximum packet offset accessed by one BPF program is useful
> information.
>
> Because sometimes there could be packet split and it is possible for some
> reasons (for example performance) we want to reject the BPF program if the
> maximum packet
On 11/07/2018 10:36 PM, Andrey Ignatov wrote:
> Lookup functions in sk_lookup have different expectations about byte
> order of provided arguments.
>
> Specifically __inet_lookup, __udp4_lib_lookup and __udp6_lib_lookup
> expect dport to be in network byte order and do ntohs(dport) internally.
>
On 11/08/2018 04:55 AM, Yonghong Song wrote:
> Commit f6f3bac08ff9 ("tools/bpf: bpftool: add net support")
> added certain networking support to bpftool.
> The implementation relies on a relatively recent uapi header file
> linux/tc_act/tc_bpf.h on the host which contains the marco
> definition of
On 11/08/2018 12:52 PM, Quentin Monnet wrote:
> Hi,
> This set contains minor fixes for bpftool code and documentation.
> Please refer to individual patches for details.
>
> Quentin Monnet (4):
> tools: bpftool: prevent infinite loop in get_fdinfo()
> tools: bpftool: fix plain output and doc
On 10/29/2018 11:11 PM, John Fastabend wrote:
> On 10/29/2018 02:19 PM, Shannon Nelson wrote:
>> This is an example of using XDP to redirect the processing of
>> particular vlan packets to specific CPUs. This is in response
>> to comments received on a kernel patch put forth previously
>> to do
On 11/07/2018 01:26 AM, Song Liu wrote:
> On Mon, Oct 29, 2018 at 3:12 PM John Fastabend
> wrote:
>>
>> On 10/29/2018 02:14 PM, Shannon Nelson wrote:
>>> To help when debugging bpf/xdp load issues, have the load_map()
>>> error message include the number and name of the map that
>>> failed.
>>>
On 11/06/2018 09:28 PM, Sowmini Varadhan wrote:
> This patch provides a tcp_bpf based eBPF sample. The test
> - ncat(1) as the TCP client program to connect() to a port
> with the intention of triggerring SYN retransmissions: we
> first install an iptables DROP rule to make sure ncat SYNs are
On 11/07/2018 01:28 PM, Quentin Monnet wrote:
> libbpf is now able to load successfully test_l4lb_noinline.o and
> samples/bpf/tracex3_kern.o.
>
> For the test_l4lb_noinline, uncomment related tests from test_libbpf.c
> and remove the associated "TODO".
>
> For tracex3_kern.o, instead of loading
On 11/07/2018 01:29 PM, Quentin Monnet wrote:
> The limit for memory locked in the kernel by a process is usually set to
> 64 bytes by default. This can be an issue when creating large BPF maps
> and/or loading many programs. A workaround is to raise this limit for
> the current process before
Merge window is over so bpf-next is open again!
Thanks,
Daniel
)
Daniel Borkmann (2):
Merge branch 'bpf-accurate-prog-addr'
bpf: fix bpf_prog_get_info_by_fd to return 0 func_lens for unpriv
Song Liu (3):
bpf: show real jited prog address in /proc/kallsyms
bpf: show real jited address in bpf_prog_info
On 11/02/2018 06:16 PM, Song Liu wrote:
> Changes v1 -> v2:
> 1. Added main program length to bpf_prog_info->jited_fun_lens (3/3).
> 2. Updated commit message of 1/3 and 2/3 with more background about the
>address masking, and why it is still save after the changes.
> 3. Replace "ulong" with
e
returns the #elems of the user set up buffer which is incorrect. It
also needs to indicate a info.nr_jited_func_lens of zero.
Fixes: 815581c11cc2 ("bpf: get JITed image lengths of functions via syscall")
Signed-off-by: Daniel Borkmann
Cc: Sandipan Das
Cc: Song Liu
---
kernel/bpf/sysc
On 11/02/2018 11:09 AM, Daniel Borkmann wrote:
> On 11/01/2018 08:00 AM, Song Liu wrote:
>> Currently, jited_ksyms in bpf_prog_info shows page addresses of jited
>> bpf program. This is not ideal for detailed profiling (find hot
>> instructions from stack traces). This pa
On 11/01/2018 08:00 AM, Song Liu wrote:
> Currently, jited_ksyms in bpf_prog_info shows page addresses of jited
> bpf program. This is not ideal for detailed profiling (find hot
> instructions from stack traces). This patch replaces the page address
> with real prog start address.
>
>
On 11/01/2018 08:00 AM, Song Liu wrote:
> Currently, when there is not subprog (prog->aux->func_cnt == 0),
> bpf_prog_info does not return any jited_ksyms. This patch adds
> main program address (prog->bpf_func) to jited_ksyms.
>
> Signed-off-by: Song Liu
> ---
> kernel/bpf/syscall.c | 16
On 11/01/2018 06:18 PM, Quentin Monnet wrote:
> 2018-10-30 15:23 UTC+ ~ Quentin Monnet
>> The limit for memory locked in the kernel by a process is usually set to
>> 64 bytes by default. This can be an issue when creating large BPF maps.
>> A workaround is to raise this limit for the current
:
Merge branch 'verifier-fixes' (2018-10-31 16:53:18 -0700)
Alexei Starovoitov (1):
Merge branch 'verifier-fixes'
Andrey Ignatov (1):
libbpf: Fix compile error in libbpf_attach_type_by_name
Daniel Borkmann (4):
The series contains two fixes in BPF core and test cases. For details
please see individual patches. Thanks!
Daniel Borkmann (4):
bpf: fix partial copy of map_ptr when dst is scalar
bpf: don't set id on after map lookup with ptr_to_map_val return
bpf: add various test cases to test_verifier
st_reg is then truncated (or null) for subsequent
checks. Fix this by adding a raw member and use it for copying state
over to dst_reg.
Fixes: f1174f77b50c ("bpf/verifier: rework value tracking")
Signed-off-by: Daniel Borkmann
Cc: Edward Cree
Acked-by: Alexei Starovoitov
---
include/linu
: 3e6a4b3e0289 ("bpf/verifier: introduce BPF_PTR_TO_MAP_VALUE")
Signed-off-by: Daniel Borkmann
Cc: Roman Gushchin
Acked-by: Alexei Starovoitov
---
kernel/bpf/verifier.c | 11 ++-
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
ind
Right now unprivileged tests are never executed as a BPF test run,
only loaded. Allow for running them as well so that we can check
the outcome and probe for regressions.
Signed-off-by: Daniel Borkmann
Acked-by: Alexei Starovoitov
---
tools/testing/selftests/bpf/test_verifier.c | 71
Add some more map related test cases to test_verifier kselftest
to improve test coverage. Summary: 1012 PASSED, 0 SKIPPED, 0 FAILED
Signed-off-by: Daniel Borkmann
Acked-by: Alexei Starovoitov
---
tools/testing/selftests/bpf/test_verifier.c | 250
1 file changed
On 10/31/2018 09:49 PM, Arnaldo Carvalho de Melo wrote:
> Em Wed, Oct 31, 2018 at 12:57:18PM -0700, Andrey Ignatov escreveu:
>> Arnaldo Carvalho de Melo reported build error in libbpf when clang
>> version 3.8.1-24 (tags/RELEASE_381/final) is used:
>>
>> libbpf.c:2201:36: error: comparison of
On 10/29/2018 08:31 PM, John Fastabend wrote:
> We return 0 in the case of a nonblocking socket that has no data
> available. However, this is incorrect and may confuse applications.
> After this patch we do the correct thing and return the error
> EAGAIN.
>
> Quoting return codes from recvmsg
On 10/29/2018 10:56 PM, Yonghong Song wrote:
> On our test machine, bpf selftest test_flow_dissector.sh failed
> with the following error:
> # ./test_flow_dissector.sh
> bpffs not mounted. Mounting...
> libbpf: failed to create map (name: 'jmp_table'): Operation not permitted
> libbpf:
AL DEFAULT3 g
> -bash-4.4$
>
> This patch makes sure bpf library accepts both NOTYPE and OBJECT types
> of global map symbols.
>
> Signed-off-by: Yonghong Song
Thanks!
Acked-by: Daniel Borkmann
branch 'pkt-access-fixes'
Daniel Borkmann (9):
bpf: fix test suite to enable all unpriv program types
bpf: disallow direct packet access for unpriv in cg_skb
bpf: fix direct packet access for flow dissector progs
bpf: fix cg_skb types to hint access type
ones where it was mistakenly allowed.
Fixes: cd3394317653 ("bpf: introduce the bpf_get_local_storage() helper
function")
Signed-off-by: Daniel Borkmann
Cc: Roman Gushchin
Acked-by: John Fastabend
---
net/core/filter.c | 4
1 file changed, 4 deletions(-)
diff --git a/net/core
t; Hence netdev pointer comparison code is added.
>
> v2: compare netdev pointer instead of using net_eq() (Daniel Borkmann)
> v1: Initial patch
>
> Fixes: 2ddf71e23cc2 ("net: add notifier hooks for devmap bpf map")
> Signed-off-by: Taehee Yoo
Applied to bpf, thanks Taehee!
On 10/25/2018 04:47 PM, Naresh Kamboju wrote:
> BPF sockmap and hashmap are dependent on CONFIG_BPF_STREAM_PARSER and
> xskmap is dependent on CONFIG_XDP_SOCKETS
>
> Signed-off-by: Naresh Kamboju
Applied to bpf, thanks Naresh!
On 10/24/2018 11:42 PM, Song Liu wrote:
> On Wed, Oct 24, 2018 at 1:06 PM Daniel Borkmann wrote:
>>
>> Given this seems to be quite fragile and can easily slip through the
>> cracks, lets make direct packet write more robust by requiring that
>> future program types
Given BPF_PROG_TYPE_CGROUP_SKB program types are also valid in an
unprivileged setting, lets not omit these tests and potentially
have issues fall through the cracks. Make this more obvious by
adding a small test_as_unpriv() helper.
Signed-off-by: Daniel Borkmann
Acked-by: Alexei Starovoitov
3aec ("bpf: add queue and stack maps")
Signed-off-by: Daniel Borkmann
Acked-by: Alexei Starovoitov
Cc: Mauricio Vasquez B
---
kernel/bpf/helpers.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c
index ab0d5e3..a74972b 100644
--- a/kernel
t_pkt_data().
Fixes: b39b5f411dcf ("bpf: add cg_skb_is_valid_access for
BPF_PROG_TYPE_CGROUP_SKB")
Signed-off-by: Daniel Borkmann
Acked-by: Alexei Starovoitov
Cc: Song Liu
---
kernel/bpf/verifier.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/veri
mpty stack/queue.
Fixes: f1a2e44a3aec ("bpf: add queue and stack maps")
Signed-off-by: Daniel Borkmann
Acked-by: Alexei Starovoitov
Cc: Mauricio Vasquez B
---
kernel/bpf/queue_stack_maps.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/kernel/bpf/queue_stack_maps.c b/kernel/bp
there. The latter starts out with NULL data/data_end unconditionally
when sg pages are shared.
Signed-off-by: Daniel Borkmann
Acked-by: Alexei Starovoitov
---
kernel/bpf/verifier.c | 6 +-
net/core/filter.c | 11 +++
2 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/kernel
-only.
Fixes: d58e468b1112 ("flow_dissector: implements flow dissector BPF hook")
Signed-off-by: Daniel Borkmann
Acked-by: Alexei Starovoitov
Cc: Petar Penkov
---
kernel/bpf/verifier.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/kernel/bpf/verifier.c b/kern
des others one reason would be to avoid any
potential speculation on the packet test itself, thus guard this for
root only.
Fixes: b39b5f411dcf ("bpf: add cg_skb_is_valid_access for
BPF_PROG_TYPE_CGROUP_SKB")
Signed-off-by: Daniel Borkmann
Acked-by: Alexei Starovoitov
Cc: Song Liu
--
Several fixes to get direct packet access in order from verifier
side. Also test suite fix to run cg_skb as unpriv and an improvement
to make direct packet write less error prone in future.
Thanks!
Daniel Borkmann (7):
bpf: fix test suite to enable all unpriv program types
bpf: disallow
1 - 100 of 3158 matches
Mail list logo