On 11/8/19 9:32 AM, Song Liu wrote:
>
>
>> On Nov 8, 2019, at 9:28 AM, Song Liu <songliubraving@xxxxxx> wrote:
>>
>>
>>
>>> On Nov 7, 2019, at 10:40 PM, Alexei Starovoitov <ast@xxxxxxxxxx> wrote:
>>>
>>> Make the verifier check that BTF types of function arguments match actual types
>>> passed into top-level BPF program and into BPF-to-BPF calls. If types match
>>> such BPF programs and sub-programs will have full support of BPF trampoline. If
>>> types mismatch the trampoline has to be conservative. It has to save/restore
>>> all 5 program arguments and assume 64-bit scalars. If FENTRY/FEXIT program is
>>> attached to this program in the future such FENTRY/FEXIT program will be able
>>> to follow pointers only via bpf_probe_read_kernel().
>>>
>>> Signed-off-by: Alexei Starovoitov <ast@xxxxxxxxxx>
>>
>> Acked-by: Song Liu <songliubraving@xxxxxx>
>
> One nit though: maybe use "reliable" instead of "unreliable"
>
> +struct bpf_func_info_aux {
> + bool reliable;
> +};
> +
>
> + bool func_proto_reliable;
>
> So the default value 0, is not reliable.
I don't see how this can work.
Once particular func proto was found unreliable the verifier won't keep
checking. If we start with 'bool reliable = false'
how do you see the whole mechanism working ?
Say the first time the verifier analyzed the subroutine and everything
matches. Can it do reliable = true ? No. It has to check all other
callsites. Then it would need another variable and extra pass ?
