Re: [PATCH RFC net-next 08/14] bpf: add eBPF verifier

[PATCH RFC net-next 00/14] BPF syscall, maps, verifier, samples · Alexei Starovoitov <hidden> · 2014-06-28
[PATCH RFC net-next 01/14] net: filter: split filter.c into two files · Alexei Starovoitov <hidden> · 2014-06-28
[PATCH RFC net-next 05/14] bpf: add lookup/update/delete/iterate methods to BPF maps · Alexei Starovoitov <hidden> · 2014-06-28
[PATCH RFC net-next 06/14] bpf: add hashtable type of BPF maps · Alexei Starovoitov <hidden> · 2014-06-28
[PATCH RFC net-next 08/14] bpf: add eBPF verifier · Alexei Starovoitov <hidden> · 2014-06-28
Re: [PATCH RFC net-next 08/14] bpf: add eBPF verifier · Andy Lutomirski <luto@amacapital.net> · 2014-06-28
Re: [PATCH RFC net-next 08/14] bpf: add eBPF verifier · Alexei Starovoitov <hidden> · 2014-06-28
Re: [PATCH RFC net-next 08/14] bpf: add eBPF verifier · Andy Lutomirski <luto@amacapital.net> · 2014-06-29
Re: [PATCH RFC net-next 08/14] bpf: add eBPF verifier · Alexei Starovoitov <hidden> · 2014-06-29
Re: [PATCH RFC net-next 08/14] bpf: add eBPF verifier · Daniel Borkmann <hidden> · 2014-07-01
Re: [PATCH RFC net-next 08/14] bpf: add eBPF verifier · Alexei Starovoitov <hidden> · 2014-07-01
RE: [PATCH RFC net-next 08/14] bpf: add eBPF verifier · David Laight <hidden> · 2014-07-02
Re: [PATCH RFC net-next 08/14] bpf: add eBPF verifier · Alexei Starovoitov <hidden> · 2014-07-02
Re: [PATCH RFC net-next 08/14] bpf: add eBPF verifier · Chema Gonzalez <hidden> · 2014-07-02
Re: [PATCH RFC net-next 08/14] bpf: add eBPF verifier · Alexei Starovoitov <hidden> · 2014-07-02
Re: [PATCH RFC net-next 08/14] bpf: add eBPF verifier · Chema Gonzalez <hidden> · 2014-07-02
Re: [PATCH RFC net-next 08/14] bpf: add eBPF verifier · Alexei Starovoitov <hidden> · 2014-07-03
RE: [PATCH RFC net-next 08/14] bpf: add eBPF verifier · David Laight <hidden> · 2014-07-03
Re: [PATCH RFC net-next 08/14] bpf: add eBPF verifier · Alexei Starovoitov <hidden> · 2014-07-03
[PATCH RFC net-next 10/14] net: sock: allow eBPF programs to be attached to sockets · Alexei Starovoitov <hidden> · 2014-06-28
[PATCH RFC net-next 14/14] samples: bpf: example of tracing filters with eBPF · Alexei Starovoitov <hidden> · 2014-06-28
[PATCH RFC net-next 13/14] samples: bpf: example of stateful socket filtering · Alexei Starovoitov <hidden> · 2014-06-28
Re: [PATCH RFC net-next 13/14] samples: bpf: example of stateful socket filtering · Andy Lutomirski <luto@amacapital.net> · 2014-06-28
Re: [PATCH RFC net-next 13/14] samples: bpf: example of stateful socket filtering · Alexei Starovoitov <hidden> · 2014-06-28
[PATCH RFC net-next 12/14] samples: bpf: add mini eBPF library to manipulate maps and programs · Alexei Starovoitov <hidden> · 2014-06-28
[PATCH RFC net-next 11/14] tracing: allow eBPF programs to be attached to events · Alexei Starovoitov <hidden> · 2014-06-28
Re: [PATCH RFC net-next 11/14] tracing: allow eBPF programs to be attached to events · Daniel Borkmann <hidden> · 2014-07-01
Re: [PATCH RFC net-next 11/14] tracing: allow eBPF programs to be attached to events · Alexei Starovoitov <hidden> · 2014-07-01
[PATCH RFC net-next 09/14] bpf: allow eBPF programs to use maps · Alexei Starovoitov <hidden> · 2014-06-28
[PATCH RFC net-next 07/14] bpf: expand BPF syscall with program load/unload · Alexei Starovoitov <hidden> · 2014-06-28
Re: [PATCH RFC net-next 07/14] bpf: expand BPF syscall with program load/unload · Andy Lutomirski <luto@amacapital.net> · 2014-06-28
Re: [PATCH RFC net-next 07/14] bpf: expand BPF syscall with program load/unload · Alexei Starovoitov <hidden> · 2014-06-28
Re: [PATCH RFC net-next 07/14] bpf: expand BPF syscall with program load/unload · Andy Lutomirski <luto@amacapital.net> · 2014-06-28
Re: [PATCH RFC net-next 07/14] bpf: expand BPF syscall with program load/unload · Alexei Starovoitov <hidden> · 2014-06-28
Re: [PATCH RFC net-next 07/14] bpf: expand BPF syscall with program load/unload · Greg KH <gregkh@linuxfoundation.org> · 2014-06-28
Re: [PATCH RFC net-next 07/14] bpf: expand BPF syscall with program load/unload · Andy Lutomirski <luto@amacapital.net> · 2014-06-28
Re: [PATCH RFC net-next 07/14] bpf: expand BPF syscall with program load/unload · Alexei Starovoitov <hidden> · 2014-06-30
RE: [PATCH RFC net-next 07/14] bpf: expand BPF syscall with program load/unload · David Laight <hidden> · 2014-06-30
[PATCH RFC net-next 04/14] bpf: update MAINTAINERS entry · Alexei Starovoitov <hidden> · 2014-06-28
Re: [PATCH RFC net-next 04/14] bpf: update MAINTAINERS entry · Joe Perches <joe@perches.com> · 2014-06-28
Re: [PATCH RFC net-next 04/14] bpf: update MAINTAINERS entry · Alexei Starovoitov <hidden> · 2014-06-28
[PATCH RFC net-next 03/14] bpf: introduce syscall(BPF, ...) and BPF maps · Alexei Starovoitov <hidden> · 2014-06-28
Re: [PATCH RFC net-next 03/14] bpf: introduce syscall(BPF, ...) and BPF maps · Andy Lutomirski <luto@amacapital.net> · 2014-06-28
Re: [PATCH RFC net-next 03/14] bpf: introduce syscall(BPF, ...) and BPF maps · Alexei Starovoitov <hidden> · 2014-06-28
Re: [PATCH RFC net-next 03/14] bpf: introduce syscall(BPF, ...) and BPF maps · Andy Lutomirski <luto@amacapital.net> · 2014-06-28
Re: [PATCH RFC net-next 03/14] bpf: introduce syscall(BPF, ...) and BPF maps · Alexei Starovoitov <hidden> · 2014-06-28
Re: [PATCH RFC net-next 03/14] bpf: introduce syscall(BPF, ...) and BPF maps · Andy Lutomirski <luto@amacapital.net> · 2014-06-28
Re: [PATCH RFC net-next 03/14] bpf: introduce syscall(BPF, ...) and BPF maps · Alexei Starovoitov <hidden> · 2014-06-28
Re: [PATCH RFC net-next 03/14] bpf: introduce syscall(BPF, ...) and BPF maps · Andy Lutomirski <luto@amacapital.net> · 2014-06-29
Re: [PATCH RFC net-next 03/14] bpf: introduce syscall(BPF, ...) and BPF maps · Alexei Starovoitov <hidden> · 2014-06-29
Re: [PATCH RFC net-next 03/14] bpf: introduce syscall(BPF, ...) and BPF maps · Andy Lutomirski <luto@amacapital.net> · 2014-06-30
Re: [PATCH RFC net-next 03/14] bpf: introduce syscall(BPF, ...) and BPF maps · Alexei Starovoitov <hidden> · 2014-07-01
Re: [PATCH RFC net-next 03/14] bpf: introduce syscall(BPF, ...) and BPF maps · Andy Lutomirski <luto@amacapital.net> · 2014-07-01
Re: [PATCH RFC net-next 03/14] bpf: introduce syscall(BPF, ...) and BPF maps · Alexei Starovoitov <hidden> · 2014-07-02
Re: [PATCH RFC net-next 03/14] bpf: introduce syscall(BPF, ...) and BPF maps · Andy Lutomirski <luto@amacapital.net> · 2014-07-03
Re: [PATCH RFC net-next 03/14] bpf: introduce syscall(BPF, ...) and BPF maps · Alexei Starovoitov <hidden> · 2014-07-03
Re: [PATCH RFC net-next 03/14] bpf: introduce syscall(BPF, ...) and BPF maps · Andy Lutomirski <luto@amacapital.net> · 2014-07-04
Re: [PATCH RFC net-next 03/14] bpf: introduce syscall(BPF, ...) and BPF maps · Alexei Starovoitov <hidden> · 2014-07-05
[PATCH RFC net-next 02/14] net: filter: split filter.h and expose eBPF to user space · Alexei Starovoitov <hidden> · 2014-06-28
Re: [PATCH RFC net-next 00/14] BPF syscall, maps, verifier, samples · Kees Cook <hidden> · 2014-06-30
Re: [PATCH RFC net-next 00/14] BPF syscall, maps, verifier, samples · Daniel Borkmann <hidden> · 2014-07-01
Re: [PATCH RFC net-next 00/14] BPF syscall, maps, verifier, samples · Kees Cook <hidden> · 2014-07-02

From: Andy Lutomirski <luto@amacapital.net>
Date: 2014-06-29 01:59:13
Also in: linux-api, lkml

On Sat, Jun 28, 2014 at 1:25 PM, Alexei Starovoitov [off-list ref] wrote:

On Sat, Jun 28, 2014 at 9:01 AM, Andy Lutomirski [off-list ref] wrote:

quoted

On Fri, Jun 27, 2014 at 5:06 PM, Alexei Starovoitov [off-list ref] wrote:

quoted

Safety of eBPF programs is statically determined by the verifier, which detects:

This is a very high-level review.  I haven't tried to read all the
code yet, and this is mostly questions rather than real comments.

These were great questions! I hope I answered them. If not, please
continue asking.

I have plenty more questions, but here's one right now: does anything
prevent programs from using pointers in comparisons, returning
pointers, or otherwise figuring out the value of a pointer?  If so, I
think it would be worthwhile to prevent that so that eBPF programs
can't learn kernel addresses.

--Andy

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help