Document the following new features and fixes: * Added BPF validation debugger API (rte_bpf_validate_debug_*). * Hardened BPF validator with numerous bug fixes and UB preventions.
Signed-off-by: Marat Khalili <[email protected]> --- doc/guides/rel_notes/release_26_07.rst | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/doc/guides/rel_notes/release_26_07.rst b/doc/guides/rel_notes/release_26_07.rst index 18810ab81d93..4ef2d354635b 100644 --- a/doc/guides/rel_notes/release_26_07.rst +++ b/doc/guides/rel_notes/release_26_07.rst @@ -83,6 +83,22 @@ New Features ``rte_bpf_eth_tx_install`` for installing already loaded BPF programs as port callbacks (as opposed to loading them directly from ELF files). +* **Hardened BPF validator.** + + Fixed numerous bugs in the BPF validator's abstract interpretation logic, + including incorrect bounds tracking for jumps and arithmetic operations, as + well as fixing several instances of undefined behavior (UB) when verifying + malicious or corrupt programs. + +* **Added BPF validation debugger API.** + + Introduced a new set of APIs (prefixed with ``rte_bpf_validate_debug_``) to + introspect the BPF validator. This provides a mechanism to set breakpoints or + catchpoints during validation and inspect the verifier's internal state + (such as tracked register bounds). This API is crucial primarily for writing + comprehensive tests for the validator, but also serves as a foundation for a + future interactive eBPF validation debugger. + Removed Items ------------- -- 2.43.0
