> On Nov 8, 2019, at 9:57 AM, Alexei Starovoitov <ast@xxxxxx> wrote:
>
> On 11/8/19 9:32 AM, Song Liu wrote:
>>
>>
>>> On Nov 8, 2019, at 9:28 AM, Song Liu <songliubraving@xxxxxx> wrote:
>>>
>>>
>>>
>>>> On Nov 7, 2019, at 10:40 PM, Alexei Starovoitov <ast@xxxxxxxxxx> wrote:
>>>>
>>>> Make the verifier check that BTF types of function arguments match actual types
>>>> passed into top-level BPF program and into BPF-to-BPF calls. If types match
>>>> such BPF programs and sub-programs will have full support of BPF trampoline. If
>>>> types mismatch the trampoline has to be conservative. It has to save/restore
>>>> all 5 program arguments and assume 64-bit scalars. If FENTRY/FEXIT program is
>>>> attached to this program in the future such FENTRY/FEXIT program will be able
>>>> to follow pointers only via bpf_probe_read_kernel().
>>>>
>>>> Signed-off-by: Alexei Starovoitov <ast@xxxxxxxxxx>
>>>
>>> Acked-by: Song Liu <songliubraving@xxxxxx>
>>
>> One nit though: maybe use "reliable" instead of "unreliable"
>>
>> +struct bpf_func_info_aux {
>> + bool reliable;
>> +};
>> +
>>
>> + bool func_proto_reliable;
>>
>> So the default value 0, is not reliable.
>
> I don't see how this can work.
> Once particular func proto was found unreliable the verifier won't keep
> checking. If we start with 'bool reliable = false'
> how do you see the whole mechanism working ?
> Say the first time the verifier analyzed the subroutine and everything
> matches. Can it do reliable = true ? No. It has to check all other
> callsites. Then it would need another variable and extra pass ?
I see. I missed the multiple call sites part.
Thanks for the explanation.
Song
