Re: [PATCH RFC net-next 08/14] bpf: add eBPF verifier

[Andy Lutomirski]

On Sat, Jun 28, 2014 at 1:25 PM, Alexei Starovoitov <ast@xxxxxxxxxxxx> wrote:
> On Sat, Jun 28, 2014 at 9:01 AM, Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote:
>> On Fri, Jun 27, 2014 at 5:06 PM, Alexei Starovoitov <ast@xxxxxxxxxxxx> wrote:
>>> Safety of eBPF programs is statically determined by the verifier, which detects:
>>
>> This is a very high-level review.  I haven't tried to read all the
>> code yet, and this is mostly questions rather than real comments.
>

> These were great questions! I hope I answered them. If not, please
> continue asking.

I have plenty more questions, but here's one right now: does anything
prevent programs from using pointers in comparisons, returning
pointers, or otherwise figuring out the value of a pointer?  If so, I
think it would be worthwhile to prevent that so that eBPF programs
can't learn kernel addresses.

--Andy
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/