nft/bpf interpreters and spectre2. Was: [PATCH RFC 0/4] net: add bpfilter

On Wed, Feb 21, 2018 at 01:13:03PM +0100, Florian Westphal wrote: > > Obvious candidates are: meta, numgen, limit, objref, quota, reject. > > We should probably also consider removing > CONFIG_NFT_SET_RBTREE and CONFIG_NFT_SET_HASH and just always > build both too (at least rbtree since that

Re: [PATCH RFC PoC 0/3] nftables meets bpf

On Wed, 21 Feb 2018 16:30:07 -0800, Florian Fainelli wrote: > On 02/21/2018 03:46 PM, Jakub Kicinski wrote: > > On Tue, 20 Feb 2018 11:58:22 +0100, Pablo Neira Ayuso wrote: > >> We also have a large range of TCAM based hardware offload outthere > >> that will _not_ work with your BPF HW offload

Re: [PATCH RFC PoC 0/3] nftables meets bpf

On 02/21/2018 03:46 PM, Jakub Kicinski wrote: > On Tue, 20 Feb 2018 11:58:22 +0100, Pablo Neira Ayuso wrote: >> We also have a large range of TCAM based hardware offload outthere >> that will _not_ work with your BPF HW offload infrastructure. What >> this bpf infrastructure pushes into the kernel

Re: [PATCH RFC PoC 0/3] nftables meets bpf

On Tue, 20 Feb 2018 11:58:22 +0100, Pablo Neira Ayuso wrote: > We also have a large range of TCAM based hardware offload outthere > that will _not_ work with your BPF HW offload infrastructure. What > this bpf infrastructure pushes into the kernel is just a blob > expressing things in a very

Re: [PATCH 00/19] Netfilter fixes for net

From: Pablo Neira Ayuso Date: Tue, 20 Feb 2018 17:38:47 +0100 > The following patchset contains large batch with Netfilter fixes for > your net tree, mostly due to syzbot report fixups and pr_err() > ratelimiting, more specifically, they are: ... > You can pull these

spende

Hallo, Sie haben eine Spende von 2.800.000,00 Euro, ich habe die Amerika-Lotterie in Amerika im Wert von 40 Millionen Dollar gewonnen, und ich gebe einen Teil davon an fünf glückliche Menschen und Wohltätigkeitseinrichtungen zum Gedenken an meine verstorbene Frau, die an Krebs gestorben ist.

Re: [PATCH RFC 0/4] net: add bpfilter

Pablo Neira Ayuso wrote: > On Tue, Feb 20, 2018 at 05:52:54PM -0800, Alexei Starovoitov wrote: > > On Tue, Feb 20, 2018 at 11:44:31AM +0100, Pablo Neira Ayuso wrote: > > > > > > Don't get me wrong, no software is safe from security issues, but if you > > > don't abstract

Re: [PATCH RFC 0/4] net: add bpfilter

On Tue, Feb 20, 2018 at 05:52:54PM -0800, Alexei Starovoitov wrote: > On Tue, Feb 20, 2018 at 11:44:31AM +0100, Pablo Neira Ayuso wrote: > > > > Don't get me wrong, no software is safe from security issues, but if you > > don't abstract your resources in the right way, you have more chance to

Re: [PATCH RFC 3/3] netfilter: nf_tables: add BPF-based jit infrastructure

Hi Alexei, On Tue, Feb 20, 2018 at 06:01:39PM -0800, Alexei Starovoitov wrote: > On Tue, Feb 20, 2018 at 11:53:55AM +0100, Pablo Neira Ayuso wrote: > > > > I'll explore how to generate eBPF code in the next patchset version. > > from the user space please... OK, let's do that, from user space

Re: WARNING: ODEBUG bug in __queue_work

On Wed, Feb 21, 2018 at 1:59 AM, syzbot wrote: > Hello, > > syzbot hit the following crash on upstream commit > 1a2a7d3ee659e477e0768ac3fc7579794f89071b (Fri Feb 16 17:11:30 2018 +) > Merge tag 'sound-4.16-rc2' of >