Explore an automated tool called Agni designed to verify the correctness of range analysis in the Linux kernel's eBPF verifier. Dive into the process of extracting verifier semantics from kernel source code, learn about the formal specification for range analysis soundness, and discover how Agni synthesizes eBPF programs to expose potential verifier bugs. Examine results from testing 16 kernel versions, understand the non-standard range analysis implementation in the eBPF verifier, and witness a live demonstration of the entire toolchain. Gain insights into future directions for checking other eBPF verifier analyses and access resources including the Agni GitHub repository, a collection of synthesized eBPF programs, and relevant kernel mailing list discussions.
Overview
Syllabus
Verifying the Verifier eBPF Range Analysis Verification - Harishankar Vishwanathan
Taught by
Linux Plumbers Conference