pull-request: bpf 2017-11-23

* pull-request: bpf 2017-11-23
@ 2017-11-23 12:01 Daniel Borkmann
  2017-11-23 17:40 ` David Miller
  0 siblings, 1 reply; 2+ messages in thread
From: Daniel Borkmann @ 2017-11-23 12:01 UTC (permalink / raw)
  To: davem; +Cc: daniel, ast, netdev

Hi David,

The following pull-request contains BPF updates for your *net* tree.

The main changes are:

1) Several BPF offloading fixes, from Jakub. Among others:

    - Limit offload to cls_bpf and XDP program types only.
    - Move device validation into the driver and don't make
      any assumptions about the device in the classifier due
      to shared blocks semantics.
    - Don't pass offloaded XDP program into the driver when
      it should be run in native XDP instead. Offloaded ones
      are not JITed for the host in such cases.
    - Don't destroy device offload state when moved to
      another namespace.
    - Revert dumping offload info into user space for now,
      since ifindex alone is not sufficient. This will be
      redone properly for bpf-next tree.

2) Fix test_verifier to avoid using bpf_probe_write_user()
   helper in test cases, since it's dumping a warning into
   kernel log which may confuse users when only running tests.
   Switch to use bpf_trace_printk() instead, from Yonghong.

3) Several fixes for correcting ARG_CONST_SIZE_OR_ZERO semantics
   before it becomes uabi, from Gianluca. More specifically:

    - Add a type ARG_PTR_TO_MEM_OR_NULL that is used only
      by bpf_csum_diff(), where the argument is either a
      valid pointer or NULL. The subsequent ARG_CONST_SIZE_OR_ZERO
      then enforces a valid pointer in case of non-0 size
      or a valid pointer or NULL in case of size 0. Given
      that, the semantics for ARG_PTR_TO_MEM in combination
      with ARG_CONST_SIZE_OR_ZERO are now such that in case
      of size 0, the pointer must always be valid and cannot
      be NULL. This fix in semantics allows for bpf_probe_read()
      to drop the recently added size == 0 check in the helper
      that would become part of uabi otherwise once released.
      At the same time we can then fix bpf_probe_read_str() and
      bpf_perf_event_output() to use ARG_CONST_SIZE_OR_ZERO
      instead of ARG_CONST_SIZE in order to fix recently
      reported issues by Arnaldo et al, where LLVM optimizes
      two boundary checks into a single one for unknown
      variables where the verifier looses track of the variable
      bounds and thus rejects valid programs otherwise.

4) A fix for the verifier for the case when it detects
   comparison of two constants where the branch is guaranteed
   to not be taken at runtime. Verifier will rightfully prune
   the exploration of such paths, but we still pass the program
   to JITs, where they would complain about using reserved
   fields, etc. Track such dead instructions and sanitize
   them with mov r0,r0. Rejection is not possible since LLVM
   may generate them for valid C code and doesn't do as much
   data flow analysis as verifier. For bpf-next we might
   implement removal of such dead code and adjust branches
   instead. Fix from Alexei.

Please consider pulling these changes from:

  git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git

Thanks a lot!

----------------------------------------------------------------

The following changes since commit 32a72bbd5da2411eab591bf9bc2e39349106193a:

  net: vxge: Fix some indentation issues (2017-11-20 11:36:30 +0900)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git master

for you to fetch changes up to c131187db2d3fa2f8bf32fdf4e9a4ef805168467:

  bpf: fix branch pruning logic (2017-11-23 10:56:35 +0100)

----------------------------------------------------------------
Alexei Starovoitov (1):
      bpf: fix branch pruning logic

Daniel Borkmann (2):
      Merge branch 'bpf-offload-fixes'
      Merge branch 'bpf-fix-null-arg-semantics'

Gianluca Borello (4):
      bpf: introduce ARG_PTR_TO_MEM_OR_NULL
      bpf: remove explicit handling of 0 for arg2 in bpf_probe_read
      bpf: change bpf_probe_read_str arg2 type to ARG_CONST_SIZE_OR_ZERO
      bpf: change bpf_perf_event_output arg5 type to ARG_CONST_SIZE_OR_ZERO

Jakub Kicinski (10):
      bpf: offload: add comment warning developers about double destroy
      bpf: offload: limit offload to cls_bpf and xdp programs only
      bpf: offload: rename the ifindex field
      bpf: offload: move offload device validation out to the drivers
      net: xdp: don't allow device-bound programs in driver mode
      bpf: turn bpf_prog_get_type() into a wrapper
      bpf: offload: ignore namespace moves
      bpftool: revert printing program device bound info
      bpf: revert report offload info to user space
      bpf: make bpf_prog_offload_verifier_prep() static inline

Yonghong Song (1):
      bpf: change bpf_probe_write_user to bpf_trace_printk in test_verifier

 drivers/net/ethernet/netronome/nfp/bpf/offload.c |  10 +-
 include/linux/bpf.h                              |  19 ++-
 include/linux/bpf_verifier.h                     |   4 +-
 include/uapi/linux/bpf.h                         |   8 +-
 kernel/bpf/offload.c                             |  27 ++--
 kernel/bpf/syscall.c                             |  40 ++----
 kernel/bpf/verifier.c                            |  31 ++++-
 kernel/trace/bpf_trace.c                         |  12 +-
 net/core/dev.c                                   |  14 ++-
 net/core/filter.c                                |   4 +-
 net/sched/cls_bpf.c                              |   8 +-
 tools/bpf/bpftool/prog.c                         |  31 -----
 tools/include/uapi/linux/bpf.h                   |   8 +-
 tools/testing/selftests/bpf/test_verifier.c      | 152 ++++++++++++++++++-----
 14 files changed, 216 insertions(+), 152 deletions(-)

^ permalink raw reply	[flat|nested] 2+ messages in thread