Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752742AbdGFVWB (ORCPT ); Thu, 6 Jul 2017 17:22:01 -0400 Received: from mail-pg0-f67.google.com ([74.125.83.67]:35935 "EHLO mail-pg0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751936AbdGFVV7 (ORCPT ); Thu, 6 Jul 2017 17:21:59 -0400 Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Subject: Re: [iovisor-dev] [PATCH v3 net-next 02/12] bpf/verifier: rework value tracking From: Nadav Amit In-Reply-To: <2244b48b-f415-3239-6912-cb09f0abc546@solarflare.com> Date: Thu, 6 Jul 2017 14:21:46 -0700 Cc: davem@davemloft.net, Alexei Starovoitov , Alexei Starovoitov , Daniel Borkmann , netdev@vger.kernel.org, iovisor-dev , linux-kernel@vger.kernel.org Message-Id: References: <2244b48b-f415-3239-6912-cb09f0abc546@solarflare.com> To: Edward Cree X-Mailer: Apple Mail (2.3273) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by nfs id v66LM9Jx032274 Content-Length: 1374 Lines: 31 Edward Cree via iovisor-dev wrote: > Tracks value alignment by means of tracking known & unknown bits. > Tightens some min/max value checks and fixes a couple of bugs therein. > If pointer leaks are allowed, and adjust_ptr_min_max_vals returns -EACCES, > treat the pointer as an unknown scalar and try again, because we might be > able to conclude something about the result (e.g. pointer & 0x40 is either > 0 or 0x40). > > Signed-off-by: Edward Cree > --- > include/linux/bpf.h | 34 +- > include/linux/bpf_verifier.h | 40 +- > include/linux/tnum.h | 79 ++ > kernel/bpf/Makefile | 2 +- > kernel/bpf/tnum.c | 163 ++++ > kernel/bpf/verifier.c | 1692 ++++++++++++++++++++++++------------------ > 6 files changed, 1235 insertions(+), 775 deletions(-) (RESEND) I find it a bit surprising that such huge changes that can affect security and robustness are performed in one patch. Personally, I cannot comprehend all of these changes. In addition, I think that it is valuable to describe in detail the bugs that the patch solves and when they were introduced. I can bring up some concerns regarding inconsistencies in offset checks and size, not spilling SCALAR and my wish not to limit packet size. However, when the patch is that big, I think it is useless. Nadav