linux/include
Alexei Starovoitov 17a5267067 bpf: verifier (add verifier core)
This patch adds verifier core which simulates execution of every insn and
records the state of registers and program stack. Every branch instruction seen
during simulation is pushed into state stack. When verifier reaches BPF_EXIT,
it pops the state from the stack and continues until it reaches BPF_EXIT again.
For program:
1: bpf_mov r1, xxx
2: if (r1 == 0) goto 5
3: bpf_mov r0, 1
4: goto 6
5: bpf_mov r0, 2
6: bpf_exit
The verifier will walk insns: 1, 2, 3, 4, 6
then it will pop the state recorded at insn#2 and will continue: 5, 6

This way it walks all possible paths through the program and checks all
possible values of registers. While doing so, it checks for:
- invalid instructions
- uninitialized register access
- uninitialized stack access
- misaligned stack access
- out of range stack access
- invalid calling convention
- instruction encoding is not using reserved fields

Kernel subsystem configures the verifier with two callbacks:

- bool (*is_valid_access)(int off, int size, enum bpf_access_type type);
  that provides information to the verifer which fields of 'ctx'
  are accessible (remember 'ctx' is the first argument to eBPF program)

- const struct bpf_func_proto *(*get_func_proto)(enum bpf_func_id func_id);
  returns argument constraints of kernel helper functions that eBPF program
  may call, so that verifier can checks that R1-R5 types match the prototype

More details in Documentation/networking/filter.txt and in kernel/bpf/verifier.c

Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-09-26 15:05:15 -04:00
..
acpi PCI updates for v3.17: 2014-09-19 10:50:30 -07:00
asm-generic This is the bulk of GPIO changes for the v3.17 development 2014-08-08 18:00:35 -07:00
clocksource
crypto crypto: drbg - backport "fix maximum value checks on 32 bit systems" 2014-09-05 15:52:28 +08:00
drm drm/radeon: add additional SI pci ids 2014-08-22 10:47:59 -04:00
dt-bindings Merge branch 'for-linus' of git://git.infradead.org/users/vkoul/slave-dma 2014-08-11 07:14:01 -07:00
keys
kvm
linux bpf: verifier (add verifier core) 2014-09-26 15:05:15 -04:00
math-emu
media [media] vb2: fix VBI/poll regression 2014-09-21 20:57:30 -03:00
memory
misc
net icmp: add a global rate limitation 2014-09-23 12:47:38 -04:00
pcmcia
ras
rdma IB: ib_umem_release() should decrement mm->pinned_vm from ib_umem_get 2014-09-19 09:55:42 -07:00
rxrpc include/rxrpc/types.h: Remove unused header 2014-08-29 20:33:39 -07:00
scsi [SCSI] fix regression that accidentally disabled block-based tcq 2014-09-19 13:23:32 +01:00
soc/tegra
sound ASoC: core: fix .info for SND_SOC_BYTES_TLV 2014-08-18 08:59:12 -05:00
target
trace net: treewide: Fix typo found in DocBook/networking.xml 2014-09-05 17:35:28 -07:00
uapi bpf: verifier (add ability to receive verification log) 2014-09-26 15:05:15 -04:00
video fbdev changes for 3.17 2014-08-08 18:09:33 -07:00
xen xen/arm: introduce XENFEAT_grant_map_identity 2014-09-11 18:11:52 +00:00
Kbuild