Comments (6)
The model we are taking with Ebpf-on-Windows is to define all the inputs to types of eBPF programs and the signature of helper functions and have that provided to the verifier at verification time. See: eBpfExtensions
Unfortunately, the bounds_check code as it exists today is of limited usefulness.
from ubpf.
Note:
This also misses cases where we access memory retrieved from a map.
from ubpf.
These are the sorts of things that we really need a verifier for (and I imagine that's what PREVAIL does for Windows eBPF). With that, we'd also need some way to tell the verifier about input structures; a BTF parser would probably make sense to accomplish that.
from ubpf.
Yeah, the current bounds check is very simplistic. Does the PREVAIL verifier enforce that the code does its own bounds checking?
from ubpf.
Yep, Prevail tracks each BPF register and evaluates the control flow graph to determine safety. Not an expert on this myself, but based on my understanding a formal verification.
from ubpf.
This was fixed with the addition of the ubpf_register_data_bounds_check function.
from ubpf.
Related Issues (20)
- Missing support for atomic instructions
- ubpf_load fails to validate immediate offset when computing jump targets
- Memory out-of-bound access in the ubpf_fetch_instruction when executing unterminated eBPF program HOT 1
- Incorrect boundary check leading to the out-of-bound memory access HOT 1
- Missing boundary check for load/store in JIT compiler HOT 1
- Incorrect exit implementation in JIT compiler HOT 1
- Incorrect CALL code generation (emit_local_call) in JIT compiler HOT 1
- uBPF interpreter has incorrect behavior for jump with immediate values > 0x7fffffff HOT 2
- uBPF emits wrong instructions for register to register multiplication/division/modulo operations if immediate != 0
- x64 JIT emit wrong jump target when target is at start of byte code
- 32bit ALU operations fail to truncate target register
- Recursive local call causes uBPF JIT to crash HOT 1
- Jump target for PC 0 is wrong
- Crash if call target is not start of a function HOT 1
- Crash on computing required stack size for inner most nested local-call
- Fix code scanning alert - Wrong type of arguments to formatting function
- Fix code scanning alert - Multiplication result converted to larger type
- LE16 fails to truncate register value HOT 2
- Potential dereference of `nullptr` in libfuzzer harness?
- Wrong offset check of relocated function?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ubpf.