eBPF can't count?!
A bug was discovered in the extended Berkeley Packet Filter (eBPF) that caused it to lose its ability to count when run as an unprivileged user. The issue arose due to a security fix in the eBPF verifier, which rewrote arithmetic operations on pointer values to ensure they remained within bounds. This unexpectedly affected scalar value subtraction, causing incorrect results. A workaround was found by using 32-bit ALU operations instead of 64-bit ones, and another solution involved tweaking the LLVM Intermediate Representation (IR) manually. The bug has since been fixed in newer kernel versions.
Company
Cloudflare
Date published
May 3, 2019
Author(s)
Jakub Sitnicki
Word count
2366
Language
English
Hacker News points
154