Re: [PATCH net-next 2/2] net: reset transport header if it was not set before transmission

2013-03-19 Thread Daniel Borkmann
On 03/19/2013 01:13 PM, Eric Dumazet wrote: On Tue, 2013-03-19 at 17:26 +0800, Jason Wang wrote: On 03/18/2013 12:13 AM, David Miller wrote: From: Eric Dumazet Date: Fri, 15 Mar 2013 19:10:51 -0700 Any way we can avoid adding this to fast path, for people not using macvtap and ixgbe ? Likew

Re: [PATCH net-next 2/2] net: reset transport header if it was not set before transmission

2013-03-19 Thread Daniel Borkmann
On 03/19/2013 01:59 PM, Eric Dumazet wrote: On Tue, 2013-03-19 at 13:58 +0100, Daniel Borkmann wrote: Yes, will post them in a couple of minutes. Please target net tree for the first patch (adding thoff into struct flow_keys), so that Jason or me can fix DODGY providers. Sorry, I received

[PATCH] lib: memcmp_nta: add timing-attack secure memcmp

2013-02-10 Thread Daniel Borkmann
ction for (e.g.) the crypto and networking subsystems. Signed-off-by: Daniel Borkmann --- include/linux/string.h | 3 +++ lib/string.c | 22 ++ 2 files changed, 25 insertions(+) diff --git a/include/linux/string.h b/include/linux/string.h index ac889c5..cf42800 1

Re: [PATCH] lib: memcmp_nta: add timing-attack secure memcmp

2013-02-10 Thread Daniel Borkmann
On 02/11/2013 12:24 AM, Joe Perches wrote: On Sun, 2013-02-10 at 23:00 +0100, Daniel Borkmann wrote: add memcmp_nta ({n}o {t}iming {a}ttacks) Why should this be in the kernel? As the commit message already says, so that current or future (e.g.) network protocol code or modules can make use

Re: [PATCH] lib: memcmp_nta: add timing-attack secure memcmp

2013-02-11 Thread Daniel Borkmann
On 02/11/2013 12:50 AM, Greg KH wrote: On Mon, Feb 11, 2013 at 12:30:51AM +0100, Daniel Borkmann wrote: On 02/11/2013 12:24 AM, Joe Perches wrote: On Sun, 2013-02-10 at 23:00 +0100, Daniel Borkmann wrote: add memcmp_nta ({n}o {t}iming {a}ttacks) Why should this be in the kernel? As the

Re: [PATCH] lib: memcmp_nta: add timing-attack secure memcmp

2013-02-11 Thread Daniel Borkmann
On 02/11/2013 07:37 PM, Andy Lutomirski wrote: On 02/10/2013 02:00 PM, Daniel Borkmann wrote: If you need to compare a password or a hash value, the timing of the comparison function can give valuable clues to the attacker. Let's say the password is 123456 and the attacker tries abcdef. I

Re: [PATCH] lib: memcmp_nta: add timing-attack secure memcmp

2013-02-11 Thread Daniel Borkmann
On 02/11/2013 08:00 PM, Florian Weimer wrote: > * Daniel Borkmann: Thanks for your feedback, Florian! >> + * memcmp_nta - memcmp that is secure against timing attacks > > It's not providing an ordering, so it should not have "cmp" in the > name. I agree. Wha

Re: [RFC] packet: change call of synchronize_net to call_rcu

2012-09-04 Thread Daniel Borkmann
On Tue, Sep 4, 2012 at 4:16 PM, Iulius Curt wrote: > synchronize_net is called every time we close a PF_PACKET socket which is > causing performance loss when doing this on many sockets. Do you have any particular use case in mind? I can imagine if you are closing a PF_PACKET socket in a network

[PATCH net-next v2 0/2] prandom_u32_range, prandom_u32_max helpers

2013-09-04 Thread Daniel Borkmann
v1->v2: - migrated api to random.h, ccing lkml - dropped second patch for now Daniel Borkmann (2): random: add prandom_u32_range and prandom_u32_max helpers net: migrate direct users to prandom_u32_max drivers/net/team/team_mode_random.c | 8 +--- include/linux/rando

[PATCH net-next v2 1/2] random: add prandom_u32_range and prandom_u32_max helpers

2013-09-04 Thread Daniel Borkmann
prandom_u32_max() generates numbers in [0, end] interval. Signed-off-by: Daniel Borkmann Cc: Theodore Ts'o Cc: Joe Perches Cc: linux-kernel@vger.kernel.org --- include/linux/random.h | 31 ++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/include/linux/rando

[PATCH net-next v2 2/2] net: migrate direct users to prandom_u32_max

2013-09-04 Thread Daniel Borkmann
Users that directly use or reimplement what we have in prandom_u32_max() can be migrated for now to use it directly, so that we can reduce code size and avoid reimplementations. That's obvious, follow-up patches could inspect modulo use cases for possible migration as well. Signed-off-by: D

Re: [PATCH net-next v2 2/2] net: migrate direct users to prandom_u32_max

2013-09-04 Thread Daniel Borkmann
On 09/04/2013 02:52 PM, Eric Dumazet wrote: On Wed, 2013-09-04 at 14:37 +0200, Daniel Borkmann wrote: Users that directly use or reimplement what we have in prandom_u32_max() can be migrated for now to use it directly, so that we can reduce code size and avoid reimplementations. That's ob

Re: linux-next: manual merge of the net-next tree with Linus' tree

2013-09-05 Thread Daniel Borkmann
On 09/05/2013 07:19 AM, Stephen Rothwell wrote: Hi all, Today's linux-next merge of the net-next tree got a conflict in net/bridge/br_multicast.c between commit 2d98c29b6fb3 ("net: bridge: convert MLDv2 Query MRC into msecs_to_jiffies for max_delay") from Linus' tree and commit e3f5b17047de ("ne

Re: [PATCH net-next 1/2] net: remove NET_LL_RX_POLL config menue

2013-06-13 Thread Daniel Borkmann
On 06/13/2013 04:13 AM, Eliezer Tamir wrote: On 13/06/2013 05:01, Stephen Hemminger wrote: On Wed, 12 Jun 2013 15:12:05 -0700 (PDT) David Miller wrote: From: Eliezer Tamir Date: Tue, 11 Jun 2013 17:24:28 +0300 depends on X86_TSC Wait a second, I didn't notice this before. There ne

Re: Scaling problem with a lot of AF_PACKET sockets on different interfaces

2013-06-07 Thread Daniel Borkmann
On 06/07/2013 02:41 PM, Mike Galbraith wrote: (CC's net-fu dojo) On Fri, 2013-06-07 at 14:56 +0300, Vitaly V. Bursov wrote: Hello, I have a Linux router with a lot of interfaces (hundreds or thousands of VLANs) and an application that creates AF_PACKET socket per interface and bind()s sockets

Re: Scaling problem with a lot of AF_PACKET sockets on different interfaces

2013-06-07 Thread Daniel Borkmann
On 06/07/2013 04:17 PM, Vitaly V. Bursov wrote: 07.06.2013 16:05, Daniel Borkmann пишет: [...] Ideas are welcome :) Probably, that depends on _your scenario_ and/or BPF filter, but would it be an alternative if you have only a few packet sockets (maybe one pinned to each cpu) and cluster

Re: [RFC Patch net-next 1/5] net: introduce generic union inet_addr

2013-06-27 Thread Daniel Borkmann
On 06/27/2013 09:42 AM, Andy Shevchenko wrote: On Thu, 2013-06-27 at 14:43 +0800, Cong Wang wrote: Cc: Daniel Borkmann Signed-off-by: Cong Wang I was about to answer for the Daniel's patch about %pig. Daniel, could you resend your patch series to the LKML, since it touches lib/vspri

[PATCH net-next v2 1/2] lib: vsprintf: add IPv4/v6 generic %piS/%pIS format specifier

2013-06-27 Thread Daniel Borkmann
lly. Likely, there are many other areas than just SCTP in the kernel to make use of this extension as well. Signed-off-by: Daniel Borkmann CC: linux-kernel@vger.kernel.org --- v1->v2: - Added documentation into printk-formats.txt, thanks Vlad Yasevich - Changed %pig/%pIg into %piS/%pIS, th

[PATCH net-next v3 1/2] lib: vsprintf: add IPv4/v6 generic %p[Ii]S[pfs] format specifier

2013-06-28 Thread Daniel Borkmann
essed format specified by 'c' and various other IPv4 extensions as stated in the documentation part. Likely, there are many other areas than just SCTP in the kernel to make use of this extension as well. [1] http://patchwork.ozlabs.org/patch/31480/ Signed-off-by: Daniel Borkmann CC:

[PATCH trivial] doc: printk-formats: fix format specifier to %p[Ii]4[hnbl]

2013-06-28 Thread Daniel Borkmann
This might have been an oversight, as '4' is needed as %pI4/%pi4 are format specifiers and [hnbl] are extensions of it. Signed-off-by: Daniel Borkmann CC: Joe Perches --- Documentation/printk-formats.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Documentat

Re: [PATCH net-next v3 1/2] lib: vsprintf: add IPv4/v6 generic %p[Ii]S[pfs] format specifier

2013-06-28 Thread Daniel Borkmann
On 06/28/2013 05:44 PM, Joe Perches wrote: On Fri, 2013-06-28 at 14:05 +0200, Daniel Borkmann wrote: In order to avoid making code that deals with printing both, IPv4 and IPv6 addresses, unnecessary complicated as for example ... Thanks Daniel, seems sensible. Just trivial comments... Ok

Re: [PATCH net-next v3 1/2] lib: vsprintf: add IPv4/v6 generic %p[Ii]S[pfs] format specifier

2013-06-28 Thread Daniel Borkmann
On 06/28/2013 05:53 PM, Daniel Borkmann wrote: On 06/28/2013 05:44 PM, Joe Perches wrote: On Fri, 2013-06-28 at 14:05 +0200, Daniel Borkmann wrote: In order to avoid making code that deals with printing both, IPv4 and IPv6 addresses, unnecessary complicated as for example ... Thanks Daniel

Re: [PATCH net-next v3 1/2] lib: vsprintf: add IPv4/v6 generic %p[Ii]S[pfs] format specifier

2013-06-28 Thread Daniel Borkmann
On 06/28/2013 06:04 PM, Joe Perches wrote: On Fri, 2013-06-28 at 17:53 +0200, Daniel Borkmann wrote: On 06/28/2013 05:44 PM, Joe Perches wrote: On Fri, 2013-06-28 at 14:05 +0200, Daniel Borkmann wrote: In order to avoid making code that deals with printing both, IPv4 and IPv6 addresses

[PATCH net-next v4 1/2] lib: vsprintf: add IPv4/v6 generic %p[Ii]S[pfs] format specifier

2013-06-28 Thread Daniel Borkmann
essed format specified by 'c' and various other IPv4 extensions as stated in the documentation part. Likely, there are many other areas than just SCTP in the kernel to make use of this extension as well. [1] http://patchwork.ozlabs.org/patch/31480/ Signed-off-by: Daniel Borkmann CC:

[PATCH] ktime: minor: ktime_to_timespec_cond: add __must_check prefix

2013-05-16 Thread Daniel Borkmann
: Daniel Borkmann --- include/linux/ktime.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/linux/ktime.h b/include/linux/ktime.h index bbca128..cededfd 100644 --- a/include/linux/ktime.h +++ b/include/linux/ktime.h @@ -338,7 +338,8 @@ extern ktime_t ktime_add_safe(const

Re: [PATCH 1/1] ktime: Use macro NSEC_PER_USEC instead of a magic number

2013-05-07 Thread Daniel Borkmann
roseconds and one in nanoseconds with the macro NSEC_PER_USEC. Signed-off-by: Liu Ying Cc: David S. Miller Cc: Daniel Borkmann Cc: Thomas Gleixner Cc: John Stultz --- include/linux/ktime.h |7 --- 1 files changed, 4 insertions(+), 3 deletions(-) diff --git a/include/linux/ktime.h b/i

Re: [PATCH 1/1] ktime: Use macro NSEC_PER_USEC instead of a magic number

2013-05-07 Thread Daniel Borkmann
On 05/07/2013 11:08 AM, Liu Ying wrote: 2013/5/7 Liu Ying 2013/5/7 Daniel Borkmann On 05/06/2013 02:42 PM, y...@shlinux1.ap.freescale.net wrote: From: Liu Ying If you only have 1 patch, then you don't need "1/1" in the subject. The term magic number here might be a lit

Re: [PATCH V3 2/3] ARM: net: bpf_jit: make code generation less dependent on struct sk_filter.

2013-04-24 Thread Daniel Borkmann
On 04/24/2013 07:27 PM, Nicolas Schichan wrote: This is in preparation of bpf_jit support for seccomp filters. Please also CC the netdev list for BPF related patches. Just to give you a heads-up, this might likely lead to a merge conflict with the net-next tree (commit 79617801ea0c0e66, "filte

Re: [PATCH 0/3 RFC v2] selftests: Basic framework for tests

2013-04-25 Thread Daniel Borkmann
On 04/25/2013 01:04 PM, Alexandru Copot wrote: This series adds a generic test abstraction that can make writing testcases easier. A generic_test structure is used to define a test and its methods: prepare, run, cleanup. This is a generic implementation so it was placed in selftests/lib. The se

Re: [PATCH 1/3 RFC v2] selftests: introduce testing abstractions

2013-04-25 Thread Daniel Borkmann
On 04/25/2013 01:04 PM, Alexandru Copot wrote: Signed-of-by Alexandru Copot Cc: Daniel Baluta --- tools/testing/selftests/Makefile| 3 +- tools/testing/selftests/lib/Makefile| 14 +++ tools/testing/selftests/lib/selftests.c | 57 tools/testing/

Re: [RFC PATCH net-next 0/6] seccomp filter JIT

2013-04-26 Thread Daniel Borkmann
On 04/26/2013 01:25 PM, Heiko Carstens wrote: On Fri, Apr 26, 2013 at 03:51:40AM -0400, Xi Wang wrote: This patchset brings JIT support to seccomp filters for x86_64 and ARM. It is against the net-next tree. The current BPF JIT interface only accepts sk_filter, not seccomp_filter. Patch 1/6 ref

Re: [RFC PATCH net-next 0/6] seccomp filter JIT

2013-04-26 Thread Daniel Borkmann
On 04/26/2013 02:31 PM, Xi Wang wrote: On Fri, Apr 26, 2013 at 7:46 AM, Daniel Borkmann wrote: I think BPF JIT for seccomp on ARM recently got applied to -mm tree if I'm not mistaken. It was from Nicolas Schichan (cc): http://thread.gmane.org/gmane.linux.ports.arm.kernel/233416/ Thank

Re: [PATCH V3 2/3] ARM: net: bpf_jit: make code generation less dependent on struct sk_filter.

2013-04-26 Thread Daniel Borkmann
On 04/26/2013 09:26 PM, Andrew Morton wrote: On Fri, 26 Apr 2013 16:04:44 +0200 Arnd Bergmann wrote: On Wednesday 24 April 2013 19:27:08 Nicolas Schichan wrote: @@ -858,7 +858,7 @@ b_epilogue: } -void bpf_jit_compile(struct sk_filter *fp) +static void __bpf_jit_compile(struct jit_ctx *out_

Re: [PATCH V3 2/3] ARM: net: bpf_jit: make code generation less dependent on struct sk_filter.

2013-04-26 Thread Daniel Borkmann
On 04/26/2013 10:09 PM, Andrew Morton wrote: On Fri, 26 Apr 2013 21:47:46 +0200 Daniel Borkmann wrote: On 04/26/2013 09:26 PM, Andrew Morton wrote: On Fri, 26 Apr 2013 16:04:44 +0200 Arnd Bergmann wrote: On Wednesday 24 April 2013 19:27:08 Nicolas Schichan wrote: @@ -858,7 +858,7

Re: [PATCH V3 2/3] ARM: net: bpf_jit: make code generation less dependent on struct sk_filter.

2013-04-26 Thread Daniel Borkmann
On 04/27/2013 12:18 AM, Xi Wang wrote: Thanks for CCing. One way to clean up this would be to refactor the bpf jit interface as: bpf_func_t bpf_jit_compile(struct sock_filter *filter, unsigned int flen); void bpf_jit_free(bpf_func_t bpf_func); Then both packet and seccomp filters can sha

Re: [PATCH v2 net-next 3/3] ARM: net: bpf_jit_32: support BPF_S_ANC_SECCOMP_LD_W instruction

2013-04-26 Thread Daniel Borkmann
On 04/27/2013 04:17 AM, Xi Wang wrote: This patch implements the seccomp BPF_S_ANC_SECCOMP_LD_W instruction in ARM JIT. Signed-off-by: Xi Wang Cc: Daniel Borkmann Cc: Heiko Carstens Cc: Will Drewry Cc: Eric Dumazet Cc: Russell King Cc: David Laight Cc: "David S. Miller"

Re: [PATCH v2 net-next 3/3] ARM: net: bpf_jit_32: support BPF_S_ANC_SECCOMP_LD_W instruction

2013-04-29 Thread Daniel Borkmann
On 04/27/2013 08:32 PM, Xi Wang wrote: On Sat, Apr 27, 2013 at 2:27 AM, Daniel Borkmann wrote: Besides all that, I think I also pointed you to a patch that already made it in for ARM, not sure why you keep posting the ARM JIT implementation? That's why I asked in the other post i

Re: [PATCH net-next] x86: bpf_jit_comp: secure bpf jit against spraying attacks

2013-05-19 Thread Daniel Borkmann
Dumazet Great work ! Probably other archs could later on follow-up with setting to read-only, too. Reviewed-by: Daniel Borkmann -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo inf

Re: [PATCH net-next] x86: bpf_jit_comp: secure bpf jit against spraying attacks

2013-05-20 Thread Daniel Borkmann
On 05/20/2013 10:51 AM, David Laight wrote: hpa bringed into my attention some security related issues with BPF JIT on x86. This patch makes sure the bpf generated code is marked read only, as other kernel text sections. It also splits the unused space (we vmalloc() and only use a fraction of t

Re: linux-next: manual merge of the akpm tree with the net-next tree

2013-05-21 Thread Daniel Borkmann
Hi Stephen, On 05/21/2013 06:25 AM, Stephen Rothwell wrote: Hi Andrew, Today's linux-next merge of the akpm tree got a conflict in arch/arm/net/bpf_jit_32.c between commit aafc787e41fd ("arm: bpf_jit: can call module_free() from any context") from the net-next tree and commit "ARM: net: bpf_jit

Re: linux-next: manual merge of the akpm tree with the net-next tree

2013-05-22 Thread Daniel Borkmann
On 05/22/2013 09:19 AM, David Miller wrote: From: Andrew Morton Date: Wed, 22 May 2013 00:14:58 -0700 On Wed, 22 May 2013 00:07:48 -0700 (PDT) David Miller wrote: From: Andrew Morton Date: Tue, 21 May 2013 13:04:38 -0700 Nicolas, I think the patches need a re-check so I'll drop the vers

Re: linux-next: manual merge of the akpm tree with the net-next tree

2013-05-22 Thread Daniel Borkmann
On 05/22/2013 01:54 AM, Stephen Rothwell wrote: Hi Daniel, On Tue, 21 May 2013 09:44:13 +0200 Daniel Borkmann wrote: Also seccomp_jit_free() needs a change otherwise the kernel won't build with CONFIG_SECCOMP_FILTER_JIT enabled since the work_struct is initialized wit

Re: [PATCH net-next v3 1/2] bpf: Add bpf_copy_to_user BPF helper to be called in tracers (kprobes)

2016-07-19 Thread Daniel Borkmann
On 07/19/2016 06:34 PM, Alexei Starovoitov wrote: On Tue, Jul 19, 2016 at 01:17:53PM +0200, Daniel Borkmann wrote: + return -EINVAL; + + /* Is this a user address, or a kernel address? */ + if (!access_ok(VERIFY_WRITE, to, size)) + return -EINVAL

Re: [PATCH net-next v3 1/2] bpf: Add bpf_copy_to_user BPF helper to be called in tracers (kprobes)

2016-07-20 Thread Daniel Borkmann
On 07/20/2016 05:02 AM, Alexei Starovoitov wrote: On Wed, Jul 20, 2016 at 01:19:51AM +0200, Daniel Borkmann wrote: On 07/19/2016 06:34 PM, Alexei Starovoitov wrote: On Tue, Jul 19, 2016 at 01:17:53PM +0200, Daniel Borkmann wrote: + return -EINVAL; + + /* Is this a user

Re: [PATCH net-next v3 1/2] bpf: Add bpf_copy_to_user BPF helper to be called in tracers (kprobes)

2016-07-20 Thread Daniel Borkmann
On 07/20/2016 11:58 AM, Sargun Dhillon wrote: [...] So, with that, what about the following: It includes -Desupporting no MMU platforms as we've deemed them incapable of being safe -Checking that we're not in a kthread -Checking that the active mm is the thread's mm -A log message indicating th

Re: [PATCH net-next v3 1/2] bpf: Add bpf_copy_to_user BPF helper to be called in tracers (kprobes)

2016-07-21 Thread Daniel Borkmann
On 07/21/2016 12:47 PM, Sargun Dhillon wrote: On Thu, Jul 21, 2016 at 01:00:51AM +0200, Daniel Borkmann wrote: [...] I don't really like couple of things, your ifdef CONFIG_MMU might not be needed I think, couple of these checks seem redundant, (I'm not yet sure about the task-&

[PATCH net-next] bpf, events: fix offset in skb copy handler

2016-07-21 Thread Daniel Borkmann
: 555c8a8623a3 ("bpf: avoid stack copy and use skb ctx for event output") Fixes: 7e3f977edd0b ("perf, events: add non-linear data support for raw records") Signed-off-by: Daniel Borkmann Acked-by: Alexei Starovoitov --- include/linux/bpf.h| 2 +- include/linux/perf_eve

Re: [PATCH v4 1/2] bpf: Add bpf_probe_write BPF helper to be called in tracers (kprobes)

2016-07-22 Thread Daniel Borkmann
f crashing the system, we print a warning on invocation. It was tested with the tracex7 program on x86-64. Signed-off-by: Sargun Dhillon Cc: Alexei Starovoitov Cc: Daniel Borkmann --- include/uapi/linux/bpf.h | 12 kernel/bpf/verifier.c | 9 + kernel/trace/bpf_tra

Re: [PATCH v1] bpf: Set register type according to is_valid_access()

2016-09-22 Thread Daniel Borkmann
. However, this fix is important for future unprivileged eBPF program types which could use pointers in their context. Signed-off-by: Mickaël Salaün Fixes: 969bf05eb3ce ("bpf: direct packet access") Cc: Alexei Starovoitov Cc: Andy Lutomirski Cc: Daniel Borkmann Cc: Kees Cook Acked-by: Sarg

Re: [PATCH] softirq: let ksoftirqd do its job

2016-09-23 Thread Daniel Borkmann
On 09/02/2016 08:39 AM, David Miller wrote: From: Eric Dumazet Date: Wed, 31 Aug 2016 10:42:29 -0700 From: Eric Dumazet A while back, Paolo and Hannes sent an RFC patch adding threaded-able napi poll loop support : (https://patchwork.ozlabs.org/patch/620657/) The problem seems to be that so

Re: [PATCH 3/3] bpf powerpc: add support for bpf constant blinding

2016-09-23 Thread Daniel Borkmann
On 09/23/2016 10:35 PM, Naveen N. Rao wrote: In line with similar support for other architectures by Daniel Borkmann. 'MOD Default X' from test_bpf without constant blinding: 84 bytes emitted from JIT compiler (pass:3, flen:7) d58a4688 + : 0: nop 4: nop 8: std

Re: [PATCH 2/3] bpf powerpc: implement support for tail calls

2016-09-23 Thread Daniel Borkmann
On 09/23/2016 10:35 PM, Naveen N. Rao wrote: Tail calls allow JIT'ed eBPF programs to call into other JIT'ed eBPF programs. This can be achieved either by: (1) retaining the stack setup by the first eBPF program and having all subsequent eBPF programs re-using it, or, (2) by unwinding/tearing dow

Re: [PATCH 2/3] bpf powerpc: implement support for tail calls

2016-09-26 Thread Daniel Borkmann
On 09/26/2016 10:56 AM, Naveen N. Rao wrote: On 2016/09/24 03:30AM, Alexei Starovoitov wrote: On Sat, Sep 24, 2016 at 12:33:54AM +0200, Daniel Borkmann wrote: On 09/23/2016 10:35 PM, Naveen N. Rao wrote: Tail calls allow JIT'ed eBPF programs to call into other JIT'ed eBPF programs

Re: [PATCH v3] bpf: Set register type according to is_valid_access()

2016-09-26 Thread Daniel Borkmann
Starovoitov Cc: Daniel Borkmann Seems okay to me: Acked-by: Daniel Borkmann

Re: [PATCH trival 1/2] bpf: clean up put_cpu_var usage

2016-09-27 Thread Daniel Borkmann
Shaohua, On 09/27/2016 01:51 AM, Alexei Starovoitov wrote: On Mon, Sep 26, 2016 at 11:14:50AM -0700, Shaohua Li wrote: put_cpu_var takes the percpu data, not the data returned from get_cpu_var. This doesn't change the behavior. Cc: Tejun Heo Cc: Alexei Starovoitov Signed-off-by: Shaohua Li

Re: mm: GPF in __insert_vmap_area

2016-09-06 Thread Daniel Borkmann
On 09/06/2016 11:03 PM, Kees Cook wrote: On Sat, Sep 3, 2016 at 8:15 AM, Dmitry Vyukov wrote: Hello, While running syzkaller fuzzer I've got the following GPF: general protection fault: [#1] SMP DEBUG_PAGEALLOC KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU

Re: [PATCH, net-next] perf, bpf: fix conditional call to bpf_overflow_handler

2016-09-08 Thread Daniel Borkmann
On 09/08/2016 09:01 AM, Ingo Molnar wrote: * Peter Zijlstra wrote: On Thu, Sep 08, 2016 at 08:30:52AM +0200, Ingo Molnar wrote: Thanks for the fix. Just saw build bot complaining last night and by the morning your fix is already here. Thanks! Guys, this is the first time I saw this patch (an

Re: [PATCH v2 net-next 2/6] bpf: introduce BPF_PROG_TYPE_PERF_EVENT program type

2016-09-01 Thread Daniel Borkmann
On 09/01/2016 09:44 AM, Peter Zijlstra wrote: On Wed, Aug 31, 2016 at 02:50:39PM -0700, Alexei Starovoitov wrote: +static u32 pe_prog_convert_ctx_access(enum bpf_access_type type, int dst_reg, + int src_reg, int ctx_off, + s

Re: [RFC V2 PATCH 17/25] net/netpolicy: introduce netpolicy_pick_queue

2016-08-04 Thread Daniel Borkmann
On 08/04/2016 10:21 PM, John Fastabend wrote: On 16-08-04 12:36 PM, kan.li...@intel.com wrote: From: Kan Liang To achieve better network performance, the key step is to distribute the packets to dedicated queues according to policy and system run time status. This patch provides an interface

Re: [RFC V2 PATCH 17/25] net/netpolicy: introduce netpolicy_pick_queue

2016-08-04 Thread Daniel Borkmann
On 08/05/2016 12:54 AM, Andi Kleen wrote: +1, I tried to bring this up here [1] in the last spin. I think only very few changes would be needed, f.e. on eBPF side to add a queue setting helper function which is probably straight forward ~10loc patch; and with regards to actually picking it up aft

Re: [PATCH] bpf: Update sysctl documentation to list all supported architectures

2017-08-16 Thread Daniel Borkmann
Hi Michael, On 08/16/2017 07:15 AM, Michael Ellerman wrote: The sysctl documentation states that the JIT is only available on x86_64, which is no longer correct. Update the list to include all architectures that enable HAVE_CBPF_JIT or HAVE_EBPF_JIT under some configuration. Signed-off-by: Mic

Re: [PATCH] bpf: Update sysctl documentation to list all supported architectures

2017-08-16 Thread Daniel Borkmann
On 08/16/2017 01:10 PM, Michael Ellerman wrote: Daniel Borkmann writes: On 08/16/2017 07:15 AM, Michael Ellerman wrote: The sysctl documentation states that the JIT is only available on x86_64, which is no longer correct. Update the list to include all architectures that enable HAVE_CBPF_JIT

Re: [PATCH v2] bpf: Update sysctl documentation to list all supported architectures

2017-08-17 Thread Daniel Borkmann
). Signed-off-by: Michael Ellerman The last paragraph speaking about tcpdump, I can take care of later, also given the patch is about updating list of archs, so lgtm, thanks! Acked-by: Daniel Borkmann

Re: [PATCH v2] arm: eBPF JIT compiler

2017-06-20 Thread Daniel Borkmann
On 06/20/2017 03:34 AM, Shubham Bansal wrote: Hi Daniel, Sorry, had a travel over the weekend, so didn't read it in time. What is the issue with imitating in JIT what the interpreter is doing as a starting point? That should be generic enough to handle any case. Why not proceeding this way f

Re: [PATCH v2] arm: eBPF JIT compiler

2017-06-21 Thread Daniel Borkmann
On 06/21/2017 04:26 PM, Shubham Bansal wrote: [...] So ultimately, we call helper_function which takes u64 as arguments only. I know its asking a lot, but can you please confirm this asap? I would like to start implementing it. Yes, that is correct. I think it would be the better, more generic

Re: [PATCH v2] arm: eBPF JIT compiler

2017-06-21 Thread Daniel Borkmann
On 06/21/2017 09:37 PM, Shubham Bansal wrote: Hi Daniel, Good news. Got the CALL to work. [ 145.670882] test_bpf: Summary: 316 PASSED, 0 FAILED, [287/308 JIT'ed] Awesome. Do you think with this implementation, the patch could get accepted? If you think so, then I will send the patch in couple

Re: [PATCH] Add -target to clang switch while cross compiling.

2017-10-14 Thread Daniel Borkmann
get switch includes appropriate target specific files while cross compiling Tested on x86 and arm64. Signed-off-by: Abhijit Ayarekar Acked-by: Daniel Borkmann

Re: [PATCH] bpf: devmap: Check attr->max_entries more carefully

2017-10-16 Thread Daniel Borkmann
[ +Tejun, Mark, John ] On 10/16/2017 12:00 AM, Richard Weinberger wrote: max_entries is user controlled and used as input for __alloc_percpu(). This function expects that the allocation size is a power of two and less than PCPU_MIN_UNIT_SIZE. Otherwise a WARN() is triggered. Fixes: 11393cc9b9be

Re: [PATCH 2/3] bpf: Remove dead variable

2017-10-16 Thread Daniel Borkmann
On 10/16/2017 08:18 PM, Richard Weinberger wrote: task is never used in bpf_get_current_uid_gid(), kill it. Signed-off-by: Richard Weinberger --- kernel/bpf/helpers.c | 1 - 1 file changed, 1 deletion(-) diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c index e8845adcd15e..511c9d522c

Re: [PATCH 2/3] bpf: Remove dead variable

2017-10-16 Thread Daniel Borkmann
On 10/16/2017 08:59 PM, Richard Weinberger wrote: Am Montag, 16. Oktober 2017, 20:54:36 CEST schrieb Daniel Borkmann: On 10/16/2017 08:18 PM, Richard Weinberger wrote: task is never used in bpf_get_current_uid_gid(), kill it. Signed-off-by: Richard Weinberger --- kernel/bpf/helpers.c | 1

Re: [PATCH 2/3] bpf: Remove dead variable

2017-10-16 Thread Daniel Borkmann
On 10/16/2017 09:22 PM, Richard Weinberger wrote: [...] So, I can happily squash 2/3 into 1/3 and resent. Yeah, please just squash them. Thanks, Daniel

Re: [PATCH 3/3] bpf: Make sure that ->comm does not change under us.

2017-10-16 Thread Daniel Borkmann
On 10/16/2017 08:18 PM, Richard Weinberger wrote: Sadly we cannot use get_task_comm() since bpf_get_current_comm() allows truncation. Signed-off-by: Richard Weinberger --- kernel/bpf/helpers.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c

Re: [PATCH 3/3] bpf: Make sure that ->comm does not change under us.

2017-10-16 Thread Daniel Borkmann
On 10/16/2017 10:55 PM, Richard Weinberger wrote: Am Montag, 16. Oktober 2017, 22:50:43 CEST schrieb Daniel Borkmann: struct task_struct *task = current; + task_lock(task); strncpy(buf, task->comm, size); + task_unlock(task); Wouldn't this potentially l

Re: [PATCH 3/3] bpf: Make sure that ->comm does not change under us.

2017-10-16 Thread Daniel Borkmann
On 10/17/2017 12:10 AM, Alexei Starovoitov wrote: On Mon, Oct 16, 2017 at 2:10 PM, Richard Weinberger wrote: Am Montag, 16. Oktober 2017, 23:02:06 CEST schrieb Daniel Borkmann: On 10/16/2017 10:55 PM, Richard Weinberger wrote: Am Montag, 16. Oktober 2017, 22:50:43 CEST schrieb Daniel

Re: [PATCH] bpf: devmap: Check attr->max_entries more carefully

2017-10-17 Thread Daniel Borkmann
On 10/17/2017 12:29 PM, Mark Rutland wrote: On Mon, Oct 16, 2017 at 08:52:13PM +0200, Daniel Borkmann wrote: [ +Tejun, Mark, John ] On 10/16/2017 12:00 AM, Richard Weinberger wrote: max_entries is user controlled and used as input for __alloc_percpu(). This function expects that the

[PATCH net 2/3] bpf: fix splat for illegal devmap percpu allocation

2017-10-17 Thread Daniel Borkmann
pass __GFP_NOWARN instead. Fixes: 11393cc9b9be ("xdp: Add batching support to redirect map") Reported-by: Mark Rutland Reported-by: Shankara Pailoor Reported-by: Richard Weinberger Signed-off-by: Daniel Borkmann Cc: John Fastabend --- kernel/bpf/devmap.c | 5 +++-- 1 file change

[PATCH net 1/3] mm, percpu: add support for __GFP_NOWARN flag

2017-10-17 Thread Daniel Borkmann
generically by supporting the __GFP_NOWARN flag that users can then use with calling the __alloc_percpu_gfp() helper instead. Signed-off-by: Daniel Borkmann Cc: Tejun Heo Cc: Mark Rutland --- mm/percpu.c | 15 ++- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/mm/percpu.c b

[PATCH net 0/3] Fix for BPF devmap percpu allocation splat

2017-10-17 Thread Daniel Borkmann
_SIZE checks, which are percpu allocator internals and should not be used. Thanks! Daniel Borkmann (3): mm, percpu: add support for __GFP_NOWARN flag bpf: fix splat for illegal devmap percpu allocation bpf: do not test for PCPU_MIN_UNIT_SIZE before percpu allocations kernel/bpf/arraymap.c

[PATCH net 3/3] bpf: do not test for PCPU_MIN_UNIT_SIZE before percpu allocations

2017-10-17 Thread Daniel Borkmann
() calls which use the flag already. Signed-off-by: Daniel Borkmann --- kernel/bpf/arraymap.c | 2 +- kernel/bpf/hashtab.c | 4 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/kernel/bpf/arraymap.c b/kernel/bpf/arraymap.c index 98c0f00..e263673 100644 --- a/kernel/bpf/arraymap.c

Re: [PATCH net 0/3] Fix for BPF devmap percpu allocation splat

2017-10-17 Thread Daniel Borkmann
On 10/17/2017 05:03 PM, David Laight wrote: From: Daniel Borkmann Sent: 17 October 2017 15:56 The set fixes a splat in devmap percpu allocation when we alloc the flush bitmap. Patch 1 is a prerequisite for the fix in patch 2, patch 1 is rather small, so if this could be routed via -net, for

Re: [PATCH 5/5] MIPS: Add support for eBPF JIT.

2017-05-26 Thread Daniel Borkmann
On 05/26/2017 02:38 AM, David Daney wrote: Since the eBPF machine has 64-bit registers, we only support this in 64-bit kernels. As of the writing of this commit log test-bpf is showing: test_bpf: Summary: 316 PASSED, 0 FAILED, [308/308 JIT'ed] All current test cases are successfully compile

Re: [PATCH 5/5] MIPS: Add support for eBPF JIT.

2017-05-26 Thread Daniel Borkmann
On 05/26/2017 05:14 PM, Daniel Borkmann wrote: On 05/26/2017 02:38 AM, David Daney wrote: Since the eBPF machine has 64-bit registers, we only support this in 64-bit kernels. As of the writing of this commit log test-bpf is showing: test_bpf: Summary: 316 PASSED, 0 FAILED, [308/308 JIT&#x

Re: [PATCH 5/5] MIPS: Add support for eBPF JIT.

2017-05-26 Thread Daniel Borkmann
On 05/26/2017 05:39 PM, David Daney wrote: On 05/26/2017 08:14 AM, Daniel Borkmann wrote: On 05/26/2017 02:38 AM, David Daney wrote: Since the eBPF machine has 64-bit registers, we only support this in 64-bit kernels. As of the writing of this commit log test-bpf is showing: test_bpf

Re: [PATCH 5/5] MIPS: Add support for eBPF JIT.

2017-05-26 Thread Daniel Borkmann
On 05/26/2017 09:20 PM, David Daney wrote: On 05/26/2017 12:09 PM, Daniel Borkmann wrote: On 05/26/2017 05:39 PM, David Daney wrote: On 05/26/2017 08:14 AM, Daniel Borkmann wrote: On 05/26/2017 02:38 AM, David Daney wrote: Since the eBPF machine has 64-bit registers, we only support this in

Re: [PATCH 1/2] bpf: add a bpf_override_function helper

2017-11-01 Thread Daniel Borkmann
On 11/01/2017 06:00 PM, Josef Bacik wrote: From: Josef Bacik Error injection is sloppy and very ad-hoc. BPF could fill this niche perfectly with it's kprobe functionality. We could make sure errors are only triggered in specific call chains that we care about with very specific situations. A

Re: [PATCH][net-next] net: sched: cls_bpf: use bitwise & rather than logical && on gen_flags

2017-11-02 Thread Daniel Borkmann
gical vs. bitwise operator") Fixes: 3f7889c4c79b ("net: sched: cls_bpf: call block callbacks for offload) Signed-off-by: Colin Ian King Acked-by: Daniel Borkmann

Re: [PATCH 1/2] [net-next] bpf: fix link error without CONFIG_NET

2017-11-02 Thread Daniel Borkmann
, and I've verified this with many randconfig builds Fixes: 4f9218aaf8a4 ("bpf: move knowledge about post-translation offsets out of verifier") Signed-off-by: Arnd Bergmann Acked-by: Daniel Borkmann

Re: [PATCH 2/2] [net-next] bpf: fix out-of-bounds access warning in bpf_check

2017-11-02 Thread Daniel Borkmann
re") Signed-off-by: Arnd Bergmann Acked-by: Daniel Borkmann LGTM, and bpf_analyzer() already has proper logic to bail out for such cases (although only used by nfp right now, which is there when NET is configured anyway).

Re: [PATCH 1/2] bpf: add a bpf_override_function helper

2017-11-02 Thread Daniel Borkmann
Hi Josef, one more issue I just noticed, see comment below: On 11/02/2017 03:37 PM, Josef Bacik wrote: [...] diff --git a/include/linux/filter.h b/include/linux/filter.h index cdd78a7beaae..dfa44fd74bae 100644 --- a/include/linux/filter.h +++ b/include/linux/filter.h @@ -458,7 +458,8 @@ struct

Re: [PATCH] EXPERT Kconfig menu: fix broken EXPERT menu

2017-11-02 Thread Daniel Borkmann
/lkml/2017/11/2/907). Signed-off-by: Randy Dunlap Cc: Andrea Arcangeli Cc: Alexei Starovoitov Cc: Daniel Borkmann For BPF bits: Acked-by: Daniel Borkmann

Re: [PATCH 1/2] bpf: add a bpf_override_function helper

2017-11-03 Thread Daniel Borkmann
On 11/03/2017 03:31 PM, Josef Bacik wrote: On Fri, Nov 03, 2017 at 12:12:13AM +0100, Daniel Borkmann wrote: Hi Josef, one more issue I just noticed, see comment below: On 11/02/2017 03:37 PM, Josef Bacik wrote: [...] diff --git a/include/linux/filter.h b/include/linux/filter.h index

Re: [PATCH net 0/3] Fix for BPF devmap percpu allocation splat

2017-10-18 Thread Daniel Borkmann
On 10/18/2017 03:25 PM, Tejun Heo wrote: Hello, Daniel. (cc'ing Dennis) On Tue, Oct 17, 2017 at 04:55:51PM +0200, Daniel Borkmann wrote: The set fixes a splat in devmap percpu allocation when we alloc the flush bitmap. Patch 1 is a prerequisite for the fix in patch 2, patch 1 is rather

Re: [PATCH net 0/3] Fix for BPF devmap percpu allocation splat

2017-10-18 Thread Daniel Borkmann
On 10/18/2017 04:03 PM, Daniel Borkmann wrote: On 10/18/2017 03:25 PM, Tejun Heo wrote: Hello, Daniel. (cc'ing Dennis) On Tue, Oct 17, 2017 at 04:55:51PM +0200, Daniel Borkmann wrote: The set fixes a splat in devmap percpu allocation when we alloc the flush bitmap. Patch 1 is a prerequ

Re: [PATCH net 0/3] Fix for BPF devmap percpu allocation splat

2017-10-18 Thread Daniel Borkmann
On 10/18/2017 05:28 PM, Alexei Starovoitov wrote: On Wed, Oct 18, 2017 at 7:22 AM, Daniel Borkmann wrote: Higher prio imo would be to make the allocation itself faster though, I remember we talked about this back in May wrt hashtable, but I kind of lost track whether there was an update on

Re: linux-next: manual merge of the net-next tree with the net tree

2017-10-19 Thread Daniel Borkmann
On 10/19/2017 03:05 PM, Mark Brown wrote: Hi all, Today's linux-next merge of the net-next tree got a conflict in: tools/testing/selftests/bpf/test_verifier.c between commit: 28e33f9d78eef ("bpf: disallow arithmetic operations on context pointer") from the net tree and commit: 22c8

Re: linux-next: /home/broonie/tmpfs/next/kernel/bpf/verifier.c:

2017-10-19 Thread Daniel Borkmann
On 10/19/2017 03:55 PM, Mark Brown wrote: Hi all, After merging the net-next tree, today's linux-next build (x86allmodconfig) failed like this: /home/broonie/tmpfs/next/kernel/bpf/verifier.c: In function 'check_mem_access': /home/broonie/tmpfs/next/kernel/bpf/verifier.c:1010:12: error: passing

Re: [PATCH net-next 1/2] bpf: enable non-root eBPF programs

2015-10-05 Thread Daniel Borkmann
On 10/05/2015 10:48 PM, Alexei Starovoitov wrote: In order to let unprivileged users load and execute eBPF programs teach verifier to prevent pointer leaks. Verifier will prevent - any arithmetic on pointers (except R10+Imm which is used to compute stack addresses) - comparison of pointers - p

Re: [PATCH net-next 1/2] bpf: enable non-root eBPF programs

2015-10-06 Thread Daniel Borkmann
On 10/06/2015 09:13 AM, Ingo Molnar wrote: * Alexei Starovoitov wrote: On 10/5/15 3:14 PM, Daniel Borkmann wrote: One scenario that comes to mind ... what happens when there are kernel pointers stored in skb->cb[] (either from the current layer or an old one from a different layer that

Re: [PATCH net-next 1/2] bpf: enable non-root eBPF programs

2015-10-06 Thread Daniel Borkmann
On 10/06/2015 10:20 AM, Ingo Molnar wrote: * Daniel Borkmann wrote: On 10/06/2015 09:13 AM, Ingo Molnar wrote: * Alexei Starovoitov wrote: On 10/5/15 3:14 PM, Daniel Borkmann wrote: One scenario that comes to mind ... what happens when there are kernel pointers stored in skb->

Re: [PATCH net-next 1/2] bpf: enable non-root eBPF programs

2015-10-06 Thread Daniel Borkmann
On 10/06/2015 02:51 AM, Alexei Starovoitov wrote: On 10/5/15 3:14 PM, Daniel Borkmann wrote: One scenario that comes to mind ... what happens when there are kernel pointers stored in skb->cb[] (either from the current layer or an old one from a different layer that the skb went thro

  1   2   3   4   5   6   7   8   9   10   >