Edward Cree via iovisor-dev <iovisor-...@lists.iovisor.org> wrote: > Tracks value alignment by means of tracking known & unknown bits. > Tightens some min/max value checks and fixes a couple of bugs therein. > If pointer leaks are allowed, and adjust_ptr_min_max_vals returns -EACCES, > treat the pointer as an unknown scalar and try again, because we might be > able to conclude something about the result (e.g. pointer & 0x40 is either > 0 or 0x40). > > Signed-off-by: Edward Cree <ec...@solarflare.com> > --- > include/linux/bpf.h | 34 +- > include/linux/bpf_verifier.h | 40 +- > include/linux/tnum.h | 79 ++ > kernel/bpf/Makefile | 2 +- > kernel/bpf/tnum.c | 163 ++++ > kernel/bpf/verifier.c | 1692 ++++++++++++++++++++++++------------------ > 6 files changed, 1235 insertions(+), 775 deletions(-)
(RESEND) I find it a bit surprising that such huge changes that can affect security and robustness are performed in one patch. Personally, I cannot comprehend all of these changes. In addition, I think that it is valuable to describe in detail the bugs that the patch solves and when they were introduced. I can bring up some concerns regarding inconsistencies in offset checks and size, not spilling SCALAR and my wish not to limit packet size. However, when the patch is that big, I think it is useless. Nadav
